fresh-borzoni opened a new issue, #3686:
URL: https://github.com/apache/fluss/issues/3686

   ### Search before asking
   
   - [x] I searched in the [issues](https://github.com/apache/fluss/issues) and 
found nothing similar.
   
   
   ### Description
   
   #3658 added config providers, so a server.yaml value can be a 
${directory:...} marker instead of a literal secret. But on Kubernetes, 
actually using that with our chart is still manual: you have to wire 
extraVolumes, mount the Secret, and hand-write the config.providers lines, 
including allowed.paths, which is easy to get wrong and is the security guard.
   
   The chart should make this declarative: say which Secrets you want mounted 
(or injected as env), and get the provider config generated for you, with 
allowed.paths and the env allowlist derived from what you declared, so the 
guards are correct by construction and the rendered ConfigMap never contains 
secret material.
   
   ### Willingness to contribute
   
   - [x] I'm willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to