Issues with Auth/Encryption Secrets in Helm Charts Deployment

user-2 · March 4, 2024, 5:28pm

I believe I’m running into issues with auth/encryption secrets deployed using the helm charts. Somehow things are getting broken upon updating helm charts.
Some of the symptoms

Access tokens which I generated and set to never expire are being rejected by GMS after a deployment. Newly generated tokens work fine
Sometimes GMS starts rejecting frontend login requests. I have to kill both the GMS and frontend pods for this to resolve
Looking at the deployed secrets it doesn’t appear like they’re being changed, but is it recommended to just set them manually to avoid them accidentally changing? Anyone have similar issues?

user-2 · March 4, 2024, 5:28pm

Another similar error when trying to generate signup links as an admin. Login worked attachment

user-2 · March 4, 2024, 5:28pm

Just ran a deployment on our staging cluster and saw that the secrets changed before/after for datahub-auth-secrets

user-1 · March 4, 2024, 5:28pm

Hi Drew, can you share more on what updates you’re making to the helm charts?

user-2 · March 4, 2024, 5:28pm

Typically just configmap updates with new ingestion recipes. I think I mostly solved this issue by moving most of the secrets into our external secrets manager.

Topic		Replies	Views
Analysis of Security Vulnerabilities in GMS Releases ingestion	3	43	March 4, 2024
Troubleshooting Activation of Personal Access Tokens in GMS Authentication ui	1	49	March 4, 2024
Discussing Disabling vs. Hiding Access Management Tab in New UI ui	8	38	March 4, 2024
Handling GMS Restart and System Upgrade Jobs troubleshoot	2	45	April 15, 2024
Finding Stale Assets by Last Synchronization Timestamp all-things-deployment	4	47	March 4, 2024

Issues with Auth/Encryption Secrets in Helm Charts Deployment

Related Topics