Hardcoded credential when using AerospikeBackup CR

[mano1233]

When going over the aerospikebackup CR example. We are looking for a reference as to how we can inject the aerospike credential using a Kubernetes secret. The example has only hardcoded values -

aerospike-kubernetes-operator/config/samples/aerospikebackup.yaml

Line 17 in aa051f7

password: admin123

In addition, when viewing the AerospikeBackupService CR, the example only shows how to add static AWS credentials and not how to use a Kubernetes service account connected to the AWS IAM role, as instructed by our security team.

aerospike-kubernetes-operator/config/samples/aerospikebackupservice.yaml

Lines 29 to 34 in aa051f7

	secrets:
	- secretName: aws-secret
	volumeMount:
	name: aws-secret
	mountPath: /root/.aws/credentials
	subPath: credentials

Please advise on how to use the CR securely, In alignment with our internal requirements.

[sud82]

Hi @mano1233, We are going to document the above use case. I will let you know as soon as we have a doc.

[mano1233]

Thanks. Please let me know once the relevant documentation is available

[abhishekdwivedi3060]

Hi @mano1233, the doc is available here
It has examples for both of your use-cases.

[mano1233]

Hey, In the reference about the IRSA example there is no field where you point to the relevant service account.

[abhishekdwivedi3060]

Hi, service account is not part of the CR. It is expected to be created manually with a specific name before deploying the Backup service.
See this to create service account.
See this to configure IRSA for the service account.