Simplify rotation of passwords

Open aledegano opened this issue 3 years ago • 0 comments

Is your feature request related to a problem? Please describe. As a Renku operator is quite labor intensive to rotate the passwords used by the various services to authenticate with each other as it is all manual. Namely the following passwords:

Gitlab root password
Keycloak admin password
Postgres main password
Gitlab database password
Keycloak database password

Describe the solution you'd like As an operator I would like to only rotate the passwords in the values file and have an automated process change those secrets wherever necessary and -possibly- without any downtime necessary.

Additional context Kubernetes operators might be helpful to achieve what described above.

https://postgres-operator.readthedocs.io/en/latest/
https://www.keycloak.org/getting-started/getting-started-operator-kubernetes
https://about.gitlab.com/blog/2021/11/16/gko-on-ocp/

Those operators might additionally remove the need of the "post-install" jobs.

May 16 '22 14:05 aledegano