Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Mount ironic HTPASSWD as volume instead of environment variable #1616

Closed
wants to merge 1 commit into from
Closed

🌱 Mount ironic HTPASSWD as volume instead of environment variable #1616

wants to merge 1 commit into from

Conversation

MahnoorAsghar
Copy link
Contributor

@MahnoorAsghar MahnoorAsghar commented Mar 12, 2024
edited
Loading

Security baselines such as CIS do not recommend using secrets as environment variables, but using files instead. Therefore, the IRONIC_HTPASSWD and INSPECTOR_HTPASSWD will now be mounted as volumes instead of environment variables.

@metal3-io-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign honza for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 12, 2024
@MahnoorAsghar MahnoorAsghar changed the title 🌱 Mount ironic HTPASSWD as volume instead of environment variable WIP 🌱 Mount ironic HTPASSWD as volume instead of environment variable Mar 12, 2024
@metal3-io-bot metal3-io-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 12, 2024
tuminoid
tuminoid reviewed Mar 12, 2024
View reviewed changes
Copy link
Member

@tuminoid tuminoid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor nits early on.

WIP part is how to do it with k8s manifests, right?

tools/run_local_ironic.sh Outdated Show resolved Hide resolved
tools/run_local_ironic.sh Outdated Show resolved Hide resolved
tools/run_local_ironic.sh Outdated Show resolved Hide resolved
@MahnoorAsghar
Copy link
Contributor Author

Some minor nits early on.

WIP part is how to do it with k8s manifests, right?

Yes; also I am testing this right now and there are some errors in the httpd container, trying to figure those out as well

@MahnoorAsghar MahnoorAsghar force-pushed the remove-cis-error branch 2 times, most recently from 5095c6b to 934468d Compare March 25, 2024 16:50
dtantsur
dtantsur reviewed Mar 25, 2024
View reviewed changes
tools/run_local_ironic.sh Outdated Show resolved Hide resolved
@metal3-io-bot metal3-io-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 16, 2024
@MahnoorAsghar
Copy link
Contributor Author

/test metal3-bmo-e2e-test-pull
/test-centos-e2e-integration-main

@MahnoorAsghar
Copy link
Contributor Author

/test-centos-e2e-integration-main

@MahnoorAsghar MahnoorAsghar changed the title WIP 🌱 Mount ironic HTPASSWD as volume instead of environment variable 🌱 Mount ironic HTPASSWD as volume instead of environment variable Apr 18, 2024
@metal3-io-bot metal3-io-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 18, 2024
@MahnoorAsghar
Copy link
Contributor Author

/test-centos-e2e-integration-main

@MahnoorAsghar
Copy link
Contributor Author

Closing this and opening a new PR so that the centos integration job can hopefully be triggered successfully.

@MahnoorAsghar MahnoorAsghar mentioned this pull request Apr 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tuminoid tuminoid tuminoid left review comments

@dtantsur dtantsur dtantsur left review comments

Assignees
No one assigned
Labels
size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MahnoorAsghar @metal3-io-bot @dtantsur @tuminoid