-
Type:
Improvement
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: helm-chart-3.1.0, helm-chart-3.1.1, helm-chart-3.1.2
-
Component/s: Helm Chart
-
Epic Link:
-
Tags:
-
Sprint:nxplatform #119, nxplatform #120
-
Story Points:5
Currently, the credentials for third-party services can only be configured as plain text in the chart values, enfing up in a ConfigMap mounted as a partial nuxeo.conf file volume.
See for instance the credentials for:
Let's allow configuring existingSecrets to rely on Kubernetes secrets instead.
We could have one or several secret volumes, such as in the MongoDB Bitnami chart, then mount this/these volume(s) as partial nuxeo.conf files, as we already do with the chart's ConfigMaps.
Or, use environment variables set from Kubernetes secret(s).
We'll have to rework the way we handle nuxeo.conf properties such as "nuxeo.mongodb.server", "elasticsearch.restClient.username", "elasticsearch.restClient.password", etc.
Also, it seems that we are not handling Kafka SSL authentication.
- depends on
-
NXP-32849 Upgrade Helmfile to latest version
-
- Resolved
-
