Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modular Secret Backend Epic #598

Open
adejanovski opened this issue Jul 4, 2022 · 0 comments
Open

Modular Secret Backend Epic #598

adejanovski opened this issue Jul 4, 2022 · 0 comments
Labels
blocked Issues in the state 'blocked' Epic

Comments

@adejanovski
Copy link
Contributor

adejanovski commented Jul 4, 2022

Background

K8ssandra v1.x and K8ssandra-operator only work with Kubernetes secrets as secret provider. This prevents companies using K8ssandra if their security policy doesn’t allow usage of Kubernetes secrets.
We would need to provide an API that has the following characteristics:

  • Secrets should be injectable into pods directly, without requiring access from the operators
  • Secrets providers should be pluggable without requiring implementation specific code in K8ssandra-operator or cass-operator (generic external provider)
  • It should be possible to add providers at runtime
  • Secrets should be mounted in a common way so that the operator can perform validation checks using a validation webhook
  • Management of default secrets should be disabled when using an external provider

Design

This proposal leverages dynamic admission control to allow extension at runtime, without recompiling or redeploying K8ssandra-operator.

This design is widely inspired by the Hashicorp Vault agent which uses the same technique for secrets injection at runtime.

### Tasks
- [x] #599
- [x] #600
- [x] #606
- [x] #501
- [ ] #601
- [ ] #602
- [ ] #603
- [ ] #604
- [ ] #605
- [ ] #607
- [ ] #608
- [ ] https://github.com/thelastpickle/cassandra-reaper/issues/1210
- [x] https://github.com/thelastpickle/cassandra-medusa/issues/493
- [ ] https://github.com/k8ssandra/cass-operator/issues/520
- [ ] https://github.com/k8ssandra/k8ssandra-operator/issues/964
- [ ] https://github.com/k8ssandra/k8ssandra-operator/issues/965

┆Issue is synchronized with this Jira Story by Unito
┆Issue Number: K8OP-183

@sync-by-unito sync-by-unito bot changed the title Modular Secret Backend K8SSAND-1615 ⁃ Modular Secret Backend Jul 4, 2022
@adejanovski adejanovski changed the title K8SSAND-1615 ⁃ Modular Secret Backend K8SSAND-1615 ⁃ Modular Secret Backend Epic Aug 29, 2022
@adejanovski adejanovski moved this to To Groom in K8ssandra Nov 8, 2022
@adejanovski adejanovski moved this from To Groom to In Progress in K8ssandra Mar 28, 2023
@adejanovski adejanovski added the in-progress Issues in the state 'in-progress' label Mar 28, 2023
@adejanovski adejanovski moved this from In Progress to Blocked/Stale in K8ssandra Sep 4, 2023
@adejanovski adejanovski added blocked Issues in the state 'blocked' and removed in-progress Issues in the state 'in-progress' labels Sep 4, 2023
@sync-by-unito sync-by-unito bot changed the title K8SSAND-1615 ⁃ Modular Secret Backend Epic Modular Secret Backend Epic Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked Issues in the state 'blocked' Epic
Projects
No open projects
Status: Blocked/Stale
Development

No branches or pull requests

1 participant