generate secres manually #2

raresfirebolt · 2021-03-17T15:01:24Z

Want to add the following improvements:

Secret can now be manually generated and don't need to be saved in git.
If external access is not required, the LoadBalancer can be disabled
Docker image is no longer available so I have updated it

EladDolev · 2021-03-18T14:10:17Z

charts/timescaledb-multinode/admin-guide.md

@@ -23,6 +23,8 @@ The following table lists the configurable parameters of the TimescaleDB Helm ch
 | `image.tag`                       | The version of the image to pull            | `pg12.5-ts2.0.0-p0`
 | `image.pullPolicy`                | The pull policy                             | `IfNotPresent`                                      |
 | `credentials.accessNode.superuser`| Password of the superuser for the Access Node | `tea`                                             |
+|`access.service.type`   | Setup external access using LoadBalancer or ClusterIP  | `LoadBalancer`  |
+| `credentials.fromValues`  | Load credentials from values.yaml   | `true`  |


need to make this beautiful

EladDolev · 2021-03-18T14:12:37Z

charts/timescaledb-multinode/README.md

+
+Then generate the secrets
+```console
+random_password () { < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32; }


this does not belong here

Can you give more details ?

this function is already defined above, where it is being used
you are not using it here, so why defining it again ?

EladDolev · 2021-03-18T14:17:15Z

charts/timescaledb-multinode/values.yaml

  pullPolicy: IfNotPresent

+#enable external access using LoadBalancer
+access:


accessNode is less confusing :-)

EladDolev · 2021-03-18T14:18:07Z

charts/timescaledb-multinode/README.md

@@ -38,6 +38,25 @@ Alternatively, a YAML file that specifies the values for the parameters can be p
 ```console
 helm upgrade --install my-release -f myvalues.yaml .
 ```
+### Secret override
+
+In order to not have secrets stored in git, you can manually generate secrets for timescaledb-access endpoint and timescaledb-data endpoint.


this is not necessarily related to git

EladDolev · 2021-03-18T14:18:31Z

charts/timescaledb-multinode/README.md

@@ -108,6 +127,13 @@ our [TimescaleDB > Tutorial: Scaling out TimescaleDB](https://docs.timescale.com
 to create distributed hypertables and start using multinode TimescaleDB.

 ### Connecting from another pod
+If you are connecting from another pod you can disable external access completely by changing the service typpe from LoadBalancer to ClusterIP. Edit the following in values.yaml:


service type

this should fall under ## Connecting from outside Kubernetes

I am confused here. Isn't the purpose of ClusterIP to allow access only inside the kubernetes cluster ? Why should this be moved to ## Connecting from outside Kubernetes

because there you say, in order of connecting from outside, 1.2.3, otherwise you can use type: ClusterIP
at any rate this is not related to ### Connecting from another pod since every service type will have here the same instructions

EladDolev · 2021-04-17T13:04:45Z

charts/timescaledb-multinode/README.md

@@ -38,6 +38,20 @@ Alternatively, a YAML file that specifies the values for the parameters can be p
 ```console
 helm upgrade --install my-release -f myvalues.yaml .
 ```
+### Secret override
+
+Instead of setting secrets in values.yaml, they can be manually generated.  The following  example is for  timescaledb-access endpoint and timescaledb-data endpoint.


too many spaces in some places, and I think using the word endpoint might be confusing here
need to use the right terminology, or otherwise rephrasing it differently

EladDolev · 2021-04-17T13:05:41Z

charts/timescaledb-multinode/README.md

@@ -108,6 +122,13 @@ our [TimescaleDB > Tutorial: Scaling out TimescaleDB](https://docs.timescale.com
 to create distributed hypertables and start using multinode TimescaleDB.

 ### Connecting from another pod
+If you are connecting from another pod you can disable external access completely by changing the service type from LoadBalancer to ClusterIP. Edit the following in values.yaml:


as already stated this does not belong here, and the description should also be adapted

raresfirebolt force-pushed the remove_secrets_from_git branch 2 times, most recently from 528c6e2 to 36363f3 Compare March 18, 2021 12:36

EladDolev reviewed Mar 18, 2021

View reviewed changes

EladDolev requested changes Apr 17, 2021

View reviewed changes

raresfirebolt force-pushed the remove_secrets_from_git branch 2 times, most recently from 9366ec8 to 6c16b58 Compare April 26, 2021 08:57

generate secrets manually

329d7e3

raresfirebolt force-pushed the remove_secrets_from_git branch from 4c2057d to 329d7e3 Compare April 27, 2021 13:25

raresfirebolt merged commit cac1c4f into master May 12, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

generate secres manually #2

generate secres manually #2

raresfirebolt commented Mar 17, 2021 •

edited

Loading

EladDolev Mar 18, 2021

EladDolev Mar 18, 2021

raresfirebolt Mar 18, 2021

EladDolev Mar 18, 2021

EladDolev Mar 18, 2021

EladDolev Mar 18, 2021

EladDolev Mar 18, 2021

EladDolev Mar 18, 2021

raresfirebolt Mar 18, 2021 •

edited

Loading

EladDolev Mar 18, 2021

EladDolev Apr 17, 2021

EladDolev Apr 17, 2021

generate secres manually #2

generate secres manually #2

Conversation

raresfirebolt commented Mar 17, 2021 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

raresfirebolt Mar 18, 2021 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

raresfirebolt commented Mar 17, 2021 •

edited

Loading

raresfirebolt Mar 18, 2021 •

edited

Loading