edu-8: tweak self-managed installs for resource delays + security men…#35216
Conversation
|
Thanks for opening this PR! Here are a few tips to help make the review process smooth for everyone. PR title guidelines
Pre-merge checklist
|
| It may take approximately 1-2 minutes for all resources to appear in the | ||
| namespace. Allow up to 90 seconds before verifying resource creation with | ||
| `kubectl get` commands. | ||
| {{< /note >}} |
There was a problem hiding this comment.
Added the little note here
There was a problem hiding this comment.
Did we ever determine if this was just a resource constraint issue, we should have this warning, but honestly we should fix this so it deploys faster.
There was a problem hiding this comment.
Agree. I believe we opened a github issue https://github.com/MaterializeInc/database-issues/issues/10099 ... although, I wonder if it should be opened now in linear.
|
|
||
| {{< /warning >}} | ||
|
|
||
| {{< tip >}} |
There was a problem hiding this comment.
Just added this little blurb so as to plant seed about auth/security.
There was a problem hiding this comment.
Should we just point to the authentication page rather than suggesting SASL/SCRAM? seems more future proof.
| {{% yaml-table data="self_managed/authentication_setting" %}} | ||
|
|
||
| {{< include-md file="shared-content/auth-kind-warning.md" >}} | ||
| {{% include-headless |
There was a problem hiding this comment.
https://preview.materialize.com/materialize/35216/security/self-managed/authentication/
- Reorg to have SASL section before Password auth
- Some wording tweaks to be more accurate
| SASL authentication requires users to log in with a password. Passwords are | ||
| automatically stored in SCRAM-SHA-256 format in the database. |
There was a problem hiding this comment.
Just wondering why we're calling this out, for reference, we do this for password auth as well.
There was a problem hiding this comment.
Oh ... it was there before.
So, double-checking that "this" means both password + sasl will store password in scram-sha-256 format?
So, people who had configured as password can switch to sasl seamlessly?
|
|
||
| {{< /warning >}} | ||
|
|
||
| {{< tip >}} |
There was a problem hiding this comment.
Should we just point to the authentication page rather than suggesting SASL/SCRAM? seems more future proof.
| The simple example used in this tutorial enables [Password | ||
| authentication](https://github.com/MaterializeInc/materialize-terraform-self-managed/blob/main/azure/examples/simple/main.tf#L340). | ||
| To use SASL/SCRAM-SHA-256, set | ||
| [`authenticator_kind`](https://github.com/MaterializeInc/materialize-terraform-self-managed/blob/main/kubernetes/modules/materialize-instance/README.md#input_authenticator_kind) | ||
| to `"Sasl"`. |
There was a problem hiding this comment.
Same here... can we just point to the authentication page rather than recomending SASL/SCRAM
| {{< tip >}} | ||
|
|
||
| The simple example used in this tutorial enables [Password | ||
| authentication](https://github.com/MaterializeInc/materialize-terraform-self-managed/blob/main/gcp/examples/simple/main.tf#L332).To | ||
| use SASL/SCRAM-SHA-256, set | ||
| [`authenticator_kind`](https://github.com/MaterializeInc/materialize-terraform-self-managed/blob/main/kubernetes/modules/materialize-instance/README.md#input_authenticator_kind) | ||
| to `"Sasl"`. | ||
| {{< /tip >}} |
| It may take approximately 1-2 minutes for all resources to appear in the | ||
| namespace. Allow up to 90 seconds before verifying resource creation with | ||
| `kubectl get` commands. | ||
| {{< /note >}} |
There was a problem hiding this comment.
Did we ever determine if this was just a resource constraint issue, we should have this warning, but honestly we should fix this so it deploys faster.
2 participants
…tion