You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2022/05/25 10:44:01 UTC

[GitHub] [couchdb-helm] colearendt opened a new issue, #77: Make clear in the docs how to customize authentication

colearendt opened a new issue, #77:
URL: https://github.com/apache/couchdb-helm/issues/77

   
   **Describe the bug**
   
   When configuring couchdb inside of the helm chart, one class of configuration involves hardening / tweaking the authentication configuration. It is possible to change this in such a way that the chart readiness probes are not able to reconcile, the cluster is not able to talk to each other, etc.
   
   **Version of Helm and Kubernetes**: 
   
   K8s 1.21, Helm 3.8.2
   
   
   **What happened**:
   
   Set `require_valid_user: true` and `couchdbConfig.chttpd.authentication_handlers` to a non-default value. Connections within the cluster replication started failing, and health checks / readiness probes were returning unhealthy
   
   **What you expected to happen**:
   
   Change configuration and things continue working.
   
   
   **How to reproduce it** (as minimally and precisely as possible):
   
   Set `require_valid_user: true` and `couchdbConfig.chttpd.authentication_handlers` to not include: `"{chttpd_auth, default_authentication_handler}"`
   
   
   **Anything else we need to know**:
   
   Some possible solutions:
   - add to documentation a note about configuring authentication and what the effects can be. Not 100% sure I would have caught this there, but it would have been helpful in hindsight at least.
   - warn in NOTES.txt if these values are changed in such a way that successful auth is unlikely
   - add more escape hatches on the `readinessProbe` so that someone can override the defaults if they would like
   - Am I right that `require_valid_user: true` essentially makes Fauxton not functional unless you already have auth taken care of on your network traffic (basic, JWT, etc.)? If so, some docs on that inside of the couchdb docs could be helpful too.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org