Simplify rotation of passwords
aledegano opened this issue · comments
Is your feature request related to a problem? Please describe.
As a Renku operator is quite labor intensive to rotate the passwords used by the various services to authenticate with each other as it is all manual.
Namely the following passwords:
- Gitlab root password
- Keycloak admin password
- Postgres main password
- Gitlab database password
- Keycloak database password
Describe the solution you'd like
As an operator I would like to only rotate the passwords in the values file and have an automated process change those secrets wherever necessary and -possibly- without any downtime necessary.
Additional context
Kubernetes operators might be helpful to achieve what described above.
- https://postgres-operator.readthedocs.io/en/latest/
- https://www.keycloak.org/getting-started/getting-started-operator-kubernetes
- https://about.gitlab.com/blog/2021/11/16/gko-on-ocp/
Those operators might additionally remove the need of the "post-install" jobs.
Done with SwissDataScienceCenter/terraform-renku#1437