I have created a secret.yaml for generating a random password or my application and it works perfect.
{{- if .Values.useSecurity -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "couchdb.fullname" . }}
labels:
type: Opaque
data:
{{ if .Values.adminPassword -}}
couchdb-admin-password: {{ .Values.adminPassword | b64enc | quote }}
{{ else -}}
couchdb-admin-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end -}}
couchdb-admin-user: {{ .Values.adminUser | b64enc | quote }}
{{- end }}But when the user logged in after a few days the rotation of password should take place using a cronjob. It would be great if anyone helps me to achieve this.
Your CronJob file should look similar like this:
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: demo-cronjob
spec:
schedule: "0 0 */1 * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: demo-cron
image: demo-image:latest
envFrom:
- secretRef:
name: "{{ template "couchdb.fullname" . }}"
# in your case pass here helm install command - to run your script
command: [ "/bin/sh" ]
args: [ "/var/httpd-init/croyscript.sh" ]
restartPolicy: OnFailureAbove CronJob named demo-cron will be created, which will run everyday at 00:00 hours (cron format "0 0 */1 * *" ). You can specify scheduling as you wish example: "0 0 * * 0 " - run once a week at midnight on Sunday morning. Once pod is created, I added reference to your secret - {{ template "couchdb.fullname" . }} . In example above there is defined command which will run bash script which will be executed in pod, in your case you will have to change these two lines with helm install ... command.
Take a look: cronjob-password.
You can periodically run helm upgrade with the --set flag to change a value in your values yaml. Helm should then update your secret.
helm upgrade <release_name> --set adminPassword=$(openssl rand -hex 16)You can use other means to generate your secret, but I like using openssl:
$ openssl rand -hex 16
0fec302c52e2d1d2185f404d33be91fb