You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The charts currently mandates to leverage a k8s secret. One could argue that k8s secrets are not really secure. Ideally we would want these secrets to be set by an injector (ex: Vault - either via custom initContainer or updated entrypoint script) to place a secret file in the secrets directly being scanned by configurations.py (ex: run/config/extra/vault). The configuration.py should then read the secrets from secret file.
The proposed changes are described as under:
invoke _load_yaml() once again after loading all the secrets; thereby any secrets inject override the default secrets
enable command and arg to be overriden for housekeeping and worker pods
The text was updated successfully, but these errors were encountered:
The charts currently mandates to leverage a k8s secret. One could argue that k8s secrets are not really secure. Ideally we would want these secrets to be set by an injector (ex: Vault - either via custom initContainer or updated entrypoint script) to place a secret file in the secrets directly being scanned by
configurations.py
(ex:run/config/extra/vault
). The configuration.py should then read the secrets from secret file.The proposed changes are described as under:
_load_yaml()
once again after loading all the secrets; thereby any secrets inject override the default secretscommand
andarg
to be overriden for housekeeping and worker podsThe text was updated successfully, but these errors were encountered: