2

I have created a secret.yaml for generating a random password or my application and it works perfect.

{{- if .Values.useSecurity -}}
apiVersion: v1
kind: Secret
metadata:
  name: {{ template "couchdb.fullname" . }}
  labels:
type: Opaque
data:
  {{ if .Values.adminPassword -}}
  couchdb-admin-password: {{ .Values.adminPassword | b64enc | quote }}
  {{ else -}}
  couchdb-admin-password: {{ randAlphaNum 10 | b64enc | quote }}
  {{ end -}}
  couchdb-admin-user: {{ .Values.adminUser | b64enc | quote }}
{{- end }}

But when the user logged in after a few days the rotation of password should take place using a cronjob. It would be great if anyone helps me to achieve this.

Abhishek
  • 21
  • 1
  • 5

2 Answers2

0

You can periodically run helm upgrade with the --set flag to change a value in your values yaml. Helm should then update your secret.

helm upgrade <release_name> --set adminPassword=$(openssl rand -hex 16)

You can use other means to generate your secret, but I like using openssl:

$ openssl rand -hex 16
0fec302c52e2d1d2185f404d33be91fb
Harrison Kiang
  • 21
  • 4
  • My need is the generated password should automatically delete after some days if the user wants to log in it should ask for the regeneration of new password. Without doing manually it should fetch from code – Abhishek Apr 16 '20 at 06:15
0

Your CronJob file should look similar like this:

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: demo-cronjob
spec:
  schedule: "0 0 */1 * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: demo-cron
            image: demo-image:latest
            envFrom:  
            - secretRef:  
              name: "{{ template "couchdb.fullname" . }}"
              # in your case pass here helm install  command - to run your script
              command: [ "/bin/sh" ]
              args: [ "/var/httpd-init/croyscript.sh" ]
          restartPolicy: OnFailure

Above CronJob named demo-cron will be created, which will run everyday at 00:00 hours (cron format "0 0 */1 * *" ). You can specify scheduling as you wish example: "0 0 * * 0 " - run once a week at midnight on Sunday morning. Once pod is created, I added reference to your secret - {{ template "couchdb.fullname" . }} . In example above there is defined command which will run bash script which will be executed in pod, in your case you will have to change these two lines with helm install ... command.

Take a look: cronjob-password.

Malgorzata
  • 6,409
  • 1
  • 10
  • 27