Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support static credentials #90

Closed
Jorres opened this issue Dec 23, 2022 · 1 comment
Closed

feat: support static credentials #90

Jorres opened this issue Dec 23, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@Jorres
Copy link
Contributor

Jorres commented Dec 23, 2022

Feature Request

Describe the Feature Request

At this point, operator is unable to connect to the database if enforce_static_user_credentials in Storage config is set to true

Relevant error:

2022-12-23T11:00:29.252Z	ERROR	controller.storage	GetSelfCheckResult error	{"reconciler group": "ydb.tech", "reconciler kind": "Storage", "name": "main", "namespace": "ydb", "error": "rpc error: code = Unauthenticated desc = unauthenticated,  Access denied without user token"}
github.com/ydb-platform/ydb-kubernetes-operator/internal/controllers/storage.(*Reconciler).Reconcile
	/workspace/internal/controllers/storage/controller.go:63

Additional Context

Internal ticket YDBOPS-6056
@Jorres Jorres added the enhancement New feature or request label Dec 23, 2022
@vduduh vduduh mentioned this issue Mar 13, 2023
Closed
7 tasks
@kobzonega
Copy link
Contributor

implemented at PRs #158 and #159

It is now possible to use field enable enforce_static_user_credentials: true in configuration YAML. YDB operator support 3 types of auth: anonymous (by default), access_token (oauth) and static credentials (username/password). Default password are using at init new cluster storage process if other not specified (just do not specify password field).

In general ydb-operator obtain a token from secretKeyRef from Storage spec.operatorConnection section and use that in following communication with YDB

operatorConnection:
  accessToken:
    secretKeyRef:
      name: "mystorage-token"
      key: "token"
  staticCredentials:
    username: "root"
    password:
      secretKeyRef:
        name: "mystorage-root-password"
        key: "password"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

allow-enforce Jorres/ydb-kubernetes-operator
2 participants
@Jorres @kobzonega