-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm updates #183
Helm updates #183
Conversation
Awsome, i'll take a look at this soon |
I was unable to run this on my minikube cluster. Were you able to test it out? I also noticed that the backend is unable to connect to the mongo db instance in the deployment anymore |
Hey @jon4hz! Have you maybe had time to look at Maidul's comment above ^ :) |
@mv-turtle Gave me an update via Slack. An update from my side @jon4hz , I did not have time to fix the issue with deployment yet. If you are free, feel free to dig back into it or let me know and I can also do it |
Sorry for the late response. What do you think about adding another block in the values like mongodbConnection:
host: xxx # defaults to the internal mongo service
port: 27017
username: xxx
password: xxx This is a breaking change but something similar will be required anyway if #182 is ever implemented. Bitnami also names the mongodb service with a named template. |
@jon4hz i will get back to this tomorrow |
I have looks around quite a bit to see if we can access the named templated in the values file but it looks like this is not possible as you mentioned. With your suggestion, it looks like the user would be responsible for making sure if there are two instances of Infisical installed that they do not have colliding host names for the mongo db service. Are there any other down sides?
|
|
GitGuardian id | Secret | Commit | Filename | |
---|---|---|---|---|
- | Generic Database Assignment | c23b291 | helm-charts/infisical/templates/_helpers.tpl | View secret |
- | Generic Database Assignment | c23b291 | helm-charts/infisical/values.yaml | View secret |
- | Generic Database Assignment | 375412b | helm-charts/infisical/templates/_helpers.tpl | View secret |
- | Generic Database Assignment | 375412b | helm-charts/infisical/values.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
Actually the user doesn't have to care about any colliding name because all services will include the helm release name which is unique by default. c23b291 changes the way how the But as I already mentioned, this change is breaking but without it, the mongodb connection will always be very static. |
Btw, what do you think about changing the backend, so it accepts env vars like |
I think the reason for putting the entire |
Let me know if you have any concerns for 375412b other wise i'll get it merged in! Thank you so much |
Hey,
I was missing some configuration options while deploying infisical with helm.
The following features were added:
I also added some default helper templates and refactored the naming, labeling and selectors in a more "helmish" way.
Your service currently uses selectors like
app=backend
which isn't very unique and could lead to troubles, e.g. if more than one infisical installation is running in the same namespace.