Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add optional password secret #72

Open
wants to merge 2 commits into
base: add-optional-password-secret
Choose a base branch
from
Open

Add optional password secret #72

wants to merge 2 commits into from

Conversation

derfabianpeter
Copy link

Reworked the solution as suggested in PR71.

Still WIP. With the current implementation (using HELM's built-in htpasswd function), login with configured credentials is not possible. I suspend this to be a result of HELM's htpasswd not using bycrypt.

@funkypenguin
Copy link
Contributor

I got auto-tagged as a codeowner reviewer, but the latest comment says this is still a WIP. Let me know if / when you'd like me to review ;)

@derfabianpeter
Copy link
Author

derfabianpeter commented Aug 17, 2021 via email

@Amphaal
Copy link

Amphaal commented Jun 5, 2024

Sorry to dig back this PR, but I also tried to configure default password with Helm / Ansible.

I went with something like this right after invoking the helm initial installation in my Ansible playbook:

Right before, creating my own secret using kubernetes.core.k8s:

apiVersion: v1
kind: Secret
metadata:
  name: portainer-admin
  namespace: portainer
stringData:
  portainer-pass: |
    {{ portainer_admin_password | indent(4) }}

Then, in my playbook

- name: Load facts
  ansible.builtin.set_fact:
    portainer_pod_args_replace:
      - op: replace
        path: /spec/template/spec/volumes
        value:
          - name: admin-pwd
            secret:
              secretName: portainer-admin
      - op: replace
        path: /spec/template/spec/containers/0/volumeMounts
        value:
          - name: admin-pwd
            mountPath: /run/secrets
      - op: replace
        path: /spec/template/spec/containers/0/args
        value:
          - --admin-password-file='/run/secrets/portainer-pass'

#
- name: Patch with admin password
  ansible.builtin.command: "kubectl patch deployment portainer -n portainer --type='json' -p='{{ portainer_pod_args_replace | to_json }}'"

I think that we should not create the secret manifest automatically w/ Helm. Rather, document that the user has to do it with the tools at his disposal, and just add to helm definition something like:

auth:
   admin:
      secretName: "" # defaults to portainer-admin
      secretDataKey: "" # defaults to portainer-pass

@mrnicegyu11 mrnicegyu11 mentioned this pull request Oct 22, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@funkypenguin funkypenguin Awaiting requested review from funkypenguin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@derfabianpeter @funkypenguin @Amphaal