You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default user is responsible for the all the control plane operations, hence password rotation for this user is not well defined has some glaring holes like the following.
Scenario One
Update the password for default user
Operator will immediately start using the password
All operator calls to the master and replicas, will fail as the password does not propogate, unless there is restart.
Scenario Two
Update the password for default user
Try to initial as rolling restart of the Redis pods(manually)
Replication will fail as the master will have different password(older) than the replicas(new password). This defeats the failover.
Scenrario three
Update the password for default user
Coordinating the password propogration and the application rollout is extremely difficult
Solution
Use acl based management of the default user.
The text was updated successfully, but these errors were encountered:
The
default
user is responsible for the all the control plane operations, hence password rotation for this user is not well defined has some glaring holes like the following.Scenario One
All operator calls to the master and replicas, will fail as the password does not propogate, unless there is restart.
Scenario Two
Replication will fail as the master will have different password(older) than the replicas(new password). This defeats the failover.
Scenrario three
Coordinating the password propogration and the application rollout is extremely difficult
Solution
Use acl based management of the default user.
The text was updated successfully, but these errors were encountered: