Comments (5)
@carltonmason this sounds like a valid use case. There is not currently a way to manage this automatically, although something along this lines might be accomplished with some external tool that deletes and re-creates the binding, forcing the operator to request new credentials from the service and re-create the secret.
from cloud-operators.
One possible approach could be to specify something like a time-to-live in the specs for the binding, so that once that time is reached the credentials are refreshed and the secret is re-generated (need to figure out if it would be better to just update or re-create the secret)
from cloud-operators.
Hi @pdettori . Yes, the current limitation may prevent us from using this cloud operator given our increasing compliance requirements.
I can see how designing such a solution will require some care and security wits given the sensitivity of the secret, who can revoke it or recreate it, etc...
What is the process for getting this considered as an official feature request?
Thanks
from cloud-operators.
Hi @carltonmason, so the feature request is to add a time-to-live in the Binding spec so that it refreshes itself after that time? Please confirm and I will implement it.
from cloud-operators.
@vazirim helped me via Slack. Seems deleting and recreating the binding will create a new secret and thus addresses both my question and requirement. Closing this issue. Thanks
from cloud-operators.
Related Issues (20)
- ReadMe changes : spec.context.resourcegroup
- Multiple credentials created when creating CloudantDB service HOT 1
- Operator should not target locally targeted resource group when using API Key HOT 1
- Add region to service definition HOT 1
- Failed to delete service instance
- Support Secrets Manager HOT 2
- Operator description points to empty Install Guide
- Invalid struct tag
- Automated OperatorHub releases HOT 5
- Operator installation script fails to apply 3 yaml files due to missing namespace HOT 2
- Enhancement Request: add IBM Power Linux Platform (ppc64le) support HOT 4
- Service binding to Event Streams service stuck in pending state HOT 3
- There should be the possibility to create Binding without ownerReference to Service. HOT 1
- Operator projects using the removed APIs in k8s 1.22 requires changes.
- OOMKilled error on ibmcloud-operator-controller-manager HOT 2
- Not able to install the ibm cloud operator by following the instructions in README.md HOT 1
- Deletion of CRs (service and binding) ends with an unstable state for the CRs and the IBM Cloud Operator HOT 3
- Memory Limit too low results in OOMKilled HOT 6
- Default configuration value keys are wrong in README
- Support fallback of ConfigMap/Secrets in management namespace mode
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloud-operators.