keepalived.authPassword not randomly seeded
Opened this issue · 0 comments
druesendieb commented
Situation:
If keepalived.authPassword is not specified, .Release.Name and .Release.Namespace are used as seed for the generation of the secret keepalived-ingress-vip.
Problem:
Every installation with the same .Release.Name and .Release.Namespace gets the same password autogenerated. This is not good security practice.
How to reconstruct:
Run helm install --dry-run --debug or helm template --debug multiple times with the same name and namespace. You will see that you get the same secret over and over again.
Possible solution:
Use
data:
{{- if .Values.keepalived.authPassword }}
password: {{ .Values.keepalived.authPassword | b64enc }}
{{- else }}
password: {{ randAlphaNum 8 | b64enc }}
{{- end }}
in chart/templates/secret.yaml
Pull Request #6