Specify and Rotate the Root Password

As of Operator 3.0.98, a RootPasswordSecret has been added that, if specified, will set the root password to the string set in RootPasswordSecret. If not specified, the root password will be randomly generated by the Operator by default.

Rotation occurs in the background based on the Kubernetes sync period, and will not cause a reboot. Refer to Secrets for more information.

Specify a Root Password

To specify a root password:

  1. Create a Secret.

    kubectl create secret generic rootpw --from-literal=password='<desired-root-password>'
  2. Add the following field to the MemsqlCluster spec (sdb-cluster.yaml file) to reference this Secret with a key selector.

    key: password
    name: rootpw

Rotate the Root Password

To rotate the root password, change the Secret value. For example:

kubectl patch secret rootpw --patch="{\"data\": { \"password\": \"$(echo -n 'newrootpassword123' | base64 -w0)\" }}"

Once updated, the root password will rotate in the background based on the Kubernetes sync period. Refer to Using Secrets as files from a Pod for more information.

Last modified: September 14, 2023

Was this article helpful?