lhotari commented on PR #438: URL: https://github.com/apache/pulsar-helm-chart/pull/438#issuecomment-1905761634
> @lhotari Admittedly, I thought about that but decided not to do so, because I would say this simply adds "configuration overhead". Afaik, if you have either credentials (website/db) you can control the other, so I opted to keep them aligned. But if you think its better otherwise I can change that. I think it's not good to do shortcuts with security. Another part to verify is that Pulsar Manager doesn't use a default password as it does today. A random password should be the default password. Found this on Twitter: https://twitter.com/fattselimi/status/1648415859453435904 . This is not the first time I've seen such tweets. One approach would be to generate a secret at installation time if the secret doesn't exist. Helm can check existence of Kubernetes objects [with the `lookup` function](https://helm.sh/docs/chart_template_guide/function_list/#kubernetes-and-chart-functions) and add add `"helm.sh/resource-policy": "keep"` annotation. (somewhat similar ideas here, but slightly different: https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918) > I agree. Moving files around also breaks a lot of forks / pending PR's. Maybe for the next major release we can opt to do so? Yes, it would be possible in the next major release. > > I can go on as follows: > > 1. PR: rename lookup ressources > 2. PR: expose Admin Port of Manager > 3. PR: `pulsar-cluster-initialize.yaml` (maybe an additional one before that introducing the `_manager.tpl` file?) > 4. PR: move functions worker / broker service account around Yes, makes sense. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
