1 min readAug 22, 2019
Hey Wilson wilson,
Great article! Still very relevant in 2019 and highly ranking on search engines.
Could I get you to make a modification to the article?
“restuserkey” should no longer be used. It’s deprecated upstream in Kubernetes and using it in your setup leaves you vulnerable to CVE-2019–10225.
Luckily it’s *super* simple to fix. Simply create a secret in the heketi namespace:
oc create secret generic heketi-secret \
--type="kubernetes.io/glusterfs" --from-literal=key='password' \
--namespace=storageAnd then change “restuserkey” to “secretNamespace: storage” and “secretName: heketi-secret“ in the storage class.
Details on the CVE:
https://access.redhat.com/security/cve/cve-2019-10225
Details on using SecretNamespace and SecretName:
https://kubernetes.io/docs/concepts/storage/storage-classes/#glusterfs
