Better default passwords?

[epinzur]

Is there any way to have the operator create or use a more secure password for the cassandra user?

Either create one at cluster launch time, and put it into a kuberentes secret, or use one from an existing kubernetes secret?

[smiklosovic]

It is just easier to create that cluster with default password and change that password afterwards. So the answer is no, there is not currently any way how to set this up automatically. If you ever implement this in a reasonable way I will gladly merge it.

[epinzur]

I'm standing up 100+ clusters... it is not easier to create with default and change afterward.

[smiklosovic]

@rltvty what network topology strategy do you use?

[smiklosovic]

@rltvty you want to change the password of "cassandra" user, right? I think the best solution here would be to create a custom implementation of IAuthorizer (I hope that is the right interface) which would reach to K8S secret for password set by you in case you are trying to log in with "cassandra" user, otherwise it would just do the auth against what is in DB. Keep in mind though that in case your k8s api is not online, cassandra user wont be able to log in.

Then you would just configure that in cassandra.yaml and should start to work transparently. Based on your setup of these secrets, you might change a password at one location (in your secret) and passwords would be "changed" for all your clusters.

Would you like to see this in action?