Ext KVDB with Password authentication

Portworx on Kubernetes
1

Hello Portworx team,

We (Spectro Cloud) are evaluating Portworx integration for use with our kubernetes provisioning solution and would like to get your support on this.

Use case:
Portworx with External etcd which uses Password authentication

Problem description:
While generating manifest through px-central for the use case mentioned above, the wizard provides instructions on how to create the secret manually.

kubectl -n kube-system create secret generic px-kvdb-auth \
  --from-literal=username=<etcd-username> \
  --from-literal=password=<etcd-password>

But, this secret is not used anywhere in the generated manifests. So, i wanted to check if this step to manually generate secret can be skipped safely ?

Thanks for looking into this in advance.

  • Boobalan.R
2

Hi @Boobalan_Rathinam

Thanks for reporting the issue. There seems to be a problem with our spec generator which is not adding the required fields to the DaemonSet spec when Password Auth is selected.

We will fix this ASAP and report here once it has been handled. Until then can you add the following section to the environment variables in the DaemonSet

            - name: "AUTO_NODE_RECOVERY_TIMEOUT_IN_SECS"
              value: "1500"
            - name: "PX_TEMPLATE_VERSION"
              value: "v4"
# Add the following two variables
            - name: PX_KVDB_USERNAME
              valueFrom:
                secretKeyRef:
                  name: px-kvdb-auth
                  key: username
            - name: PX_KVDB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: px-kvdb-auth
                  key: password

Thanks,
Aditya