kahirokunn opened a new issue, #336:
URL: https://github.com/apache/incubator-devlake-helm-chart/issues/336
## Problem Description
Currently, when using external secret management systems such as External
Secret or Vault to inject MySQL passwords, the following issues exist:
- Non-sensitive information other than `MYSQL_PASSWORD` (such as
`MYSQL_USER`, `MYSQL_DATABASE`, `MYSQL_URL`, `DB_URL`) is all included in
Secrets
- When injecting with External Secret, configuration values other than
passwords must also be assembled externally
- Managing pre-built values like `DB_URL` or `MYSQL_URL` in external secret
management systems is particularly inappropriate
## Proposed Solution
1. **Store only sensitive information in Secrets**
- `MYSQL_PASSWORD`
- `MYSQL_ROOT_PASSWORD`
2. **Separate non-sensitive configuration into ConfigMaps**
- `MYSQL_USER`
- `MYSQL_DATABASE`
- `MYSQL_URL`
- `DB_URL_TEMPLATE`
3. **Reference both ConfigMaps and Secrets in Pod configuration**
```yaml
envFrom:
- configMapRef:
name: devlake-config
- secretRef:
name: devlake-mysql-auth
```
## Expected Benefits
- Only passwords need to be managed with External Secret
- Configuration information management becomes simplified
- Architecture aligns with Kubernetes best practices
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@devlake.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
