The GoodData.CN helm chart uses several credentials which are stored in a plain text format directly in the chart. We do not recommend this setup for production environments as it is an insecure method of protecting data. Instead, proper secrets management should be used.
NoteIf you just want to evaluate GoodData.CN helm chart installation, you do not need to setup secrets. The default secrets will be used.
Provide existing secrets
It is possible to provide existing Kubernetes secrets with the required credentials. You can provide the credentials to the secrets in the following ways.
apiVersion: v1 kind: Secret metadata: name: your-postgres-secret type: Opaque data: postgresql-password: "a29rb3Q=" repmgr-password: "Q3RicU40WmVvWA=="
This secret is referenced in the GoodData.CN helm chart as shown below.
Installation with Included Postgres Helm Chart
You can reference the secret in the following ways:
deployPostgresHA: true global: postgresql: existingSecret: your-postgres-secret
deployPostgresHA: true postgresql-ha: postgresql: existingSecret: your-postgres-secret
NoteWhile you can define it both ways, the
globalsetting has priority.
Installation with external Postgres
deployPostgresHA: false service: postgres: existingSecret: your-postgres-secret
Metadata Bootstrap secret
apiVersion: v1 kind: Secret metadata: name: your-metadata-bootstrap-secret type: Opaque data: user: "a29rb3Q=" password: "Q3RicU40WmVvWA=="
You can reference the secret in following way:
metadataApi: bootstrap: existingSecret: your-metadata-bootstrap-secret
GoodData.CN is un-opinionated about how secrets are managed as long they are secure. There are many ways to do it and there’s no one-size-fits-all solution. Here are some solutions for managing secrets: