Provide contrail admin password as Kubernetes secret

Bug #1782730 reported by Ignacio Dominguez Martinez-Casanueva
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Committed
Undecided
Ignacio Dominguez Martinez-Casanueva
Trunk
Fix Committed
Undecided
Ignacio Dominguez Martinez-Casanueva
OpenContrail
New
Undecided
Unassigned

Bug Description

Currently, Contrail's admin password is configured as the environment variable 'KEYSTONE_AUTH_ADMIN_PASSWORD', which is provided using a ConfigMap in the Helm charts.

In order to improve security in a Helm-based deployment, I suggest moving 'KEYSTONE_AUTH_ADMIN_PASSWORD' environment variable out of the ConfigMap to a Kubernetes Secret.

Tags: helm
description: updated
information type: Private Security → Public Security
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/44844
Submitter: Ignacio Dominguez Martinez-Casanueva (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/44844
Committed: http://github.com/Juniper/contrail-helm-deployer/commit/f0e33bd1c66fdfb15d1e0c57d6c0daeb55d0935b
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit f0e33bd1c66fdfb15d1e0c57d6c0daeb55d0935b
Author: Ignacio Dominguez Martinez-Casanueva <email address hidden>
Date: Mon Jul 23 11:42:30 2018 +0200

Provide contrail admin password as Kubernetes secret

Modify all Helm charts in order to consume KEYSTONE_AUTH_ADMIN_PASSWORD
as a Secret rather than a ConfigMap value.

Change-Id: I936d6a43b091d8f64724fbfc12e8d61b5dae5d41
Closes-Bug: #1782730

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R5.0

Review in progress for https://review.opencontrail.org/45208
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/45208
Committed: http://github.com/Juniper/contrail-helm-deployer/commit/05b72833783b275f5fa93e8640163ad9f6a4a7f9
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 05b72833783b275f5fa93e8640163ad9f6a4a7f9
Author: Ignacio Dominguez Martinez-Casanueva <email address hidden>
Date: Mon Jul 23 11:42:30 2018 +0200

Provide contrail admin password as Kubernetes secret

Modify all Helm charts in order to consume KEYSTONE_AUTH_ADMIN_PASSWORD
as a Secret rather than a ConfigMap value.

Change-Id: I936d6a43b091d8f64724fbfc12e8d61b5dae5d41
Closes-Bug: #1782730
(cherry picked from commit f0e33bd1c66fdfb15d1e0c57d6c0daeb55d0935b)

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.