Provide contrail admin password as Kubernetes secret

Bug #1782730 reported by Ignacio Dominguez Martinez-Casanueva on 2018-07-20
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Committed
Undecided
Ignacio Dominguez Martinez-Casanueva
Trunk
Fix Committed
Undecided
Ignacio Dominguez Martinez-Casanueva
OpenContrail
New
Undecided
Unassigned

Bug Description

Currently, Contrail's admin password is configured as the environment variable 'KEYSTONE_AUTH_ADMIN_PASSWORD', which is provided using a ConfigMap in the Helm charts.

In order to improve security in a Helm-based deployment, I suggest moving 'KEYSTONE_AUTH_ADMIN_PASSWORD' environment variable out of the ConfigMap to a Kubernetes Secret.

description: updated
information type: Private Security → Public Security

Review in progress for https://review.opencontrail.org/44844
Submitter: Ignacio Dominguez Martinez-Casanueva (<email address hidden>)

Reviewed: https://review.opencontrail.org/44844
Committed: http://github.com/Juniper/contrail-helm-deployer/commit/f0e33bd1c66fdfb15d1e0c57d6c0daeb55d0935b
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit f0e33bd1c66fdfb15d1e0c57d6c0daeb55d0935b
Author: Ignacio Dominguez Martinez-Casanueva <email address hidden>
Date: Mon Jul 23 11:42:30 2018 +0200

Provide contrail admin password as Kubernetes secret

Modify all Helm charts in order to consume KEYSTONE_AUTH_ADMIN_PASSWORD
as a Secret rather than a ConfigMap value.

Change-Id: I936d6a43b091d8f64724fbfc12e8d61b5dae5d41
Closes-Bug: #1782730

Review in progress for https://review.opencontrail.org/45208
Submitter: Andrey Pavlov (<email address hidden>)

Reviewed: https://review.opencontrail.org/45208
Committed: http://github.com/Juniper/contrail-helm-deployer/commit/05b72833783b275f5fa93e8640163ad9f6a4a7f9
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 05b72833783b275f5fa93e8640163ad9f6a4a7f9
Author: Ignacio Dominguez Martinez-Casanueva <email address hidden>
Date: Mon Jul 23 11:42:30 2018 +0200

Provide contrail admin password as Kubernetes secret

Modify all Helm charts in order to consume KEYSTONE_AUTH_ADMIN_PASSWORD
as a Secret rather than a ConfigMap value.

Change-Id: I936d6a43b091d8f64724fbfc12e8d61b5dae5d41
Closes-Bug: #1782730
(cherry picked from commit f0e33bd1c66fdfb15d1e0c57d6c0daeb55d0935b)

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers