Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Blueprint 02-At scale] Migration to helm-openldap/openldap-stack-ha (part I) #140
[Blueprint 02-At scale] Migration to helm-openldap/openldap-stack-ha (part I) #140
Changes from 4 commits
2461d52
81d56f5
7b03742
152f194
87acb13
812eb76
2057eb3
f507f8b
a8f8311
b0ccb68
3094544
643bcfc
3c5d134
0072ba3
44d2178
8da46a7
4457a03
ea28c16
2112e4b
b3670a0
2956470
26061e0
7f54859
929d7c2
34933e0
4eb885d
59713f4
ed31b61
5f42e79
08234dd
fea0242
4c563f2
179df16
f71506a
6814aac
3397e61
fe66954
bc021d3
ff8388c
e092815
e9bbc45
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm pretty sure that these will are real email addresses. I will create an issue to offer a replacement here. Either custom domain, or potentially even a
+
address solution such asmyuser+dev1@acme.org
, etc.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps use a change trigger to allow someone to rotate the password every once in a while?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sboardwell Thanks for your review! :)
Avoid hardcoding secrets is a must and it needs to be handle since you ran this Quickstart for the very first time (day 0). See as example the first admin secret when you make a fresh installation for Jenkins CI.
Regarding rotating secrets (although is a best practice) I believe it is something you need done once you are ready to extend from this blueprint towards your custom blueprint (day 1). There are many other things to do in that list, for example: Deploying the cluster in your own existing VPC or EKS, updating the Authentication Realm, etc.