LDAP password plaintext in ConfigMap
Summary
The LDAP configuration is copy-pasted into the configmaps, unlike omniauth secrets. It would be nice if this could be imported from a mounted secret instead like omniauth, postgresql and other secrets.
Configuration used
global:
appConfig:
ldap:
servers:
main:
password: something
Current behavior
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-taskrunner
...
data:
gitlab.yml.erb: |
production: &base
...
ldap:
enabled: true
servers:
main:
...
password: something
Expected behavior
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-taskrunner
...
data:
gitlab.yml.erb: |
production: &base
...
ldap:
enabled: true
servers:
main:
...
password: <%= File.read("/etc/gitlab/ldap/tokens/main/password") %>
Versions
- Chart: master @ 42194556