Sign inTry Free

Specify and Rotate the Root Password

On this page

As of Operator 3.0.98, a RootPasswordSecret has been added that, if specified, will set the root password to the string set in RootPasswordSecret. If not specified, the root password will be randomly generated by the Operator by default.

Rotation occurs in the background based on the Kubernetes sync period, and will not cause a reboot. Refer to Secrets for more information.

Specify a Root Password

To specify a root password:

  1. Create a Secret.

    kubectl create secret generic rootpw --from-literal=password='<desired-root-password>'

  2. Add the following field to the MemsqlCluster spec (sdb-cluster.yaml file) to reference this Secret with a key selector.

    rootPasswordSecret:
      key: password
      name: rootpw

Note

Currently, the exporter container (part of Monitor Your Kubernetes Cluster) will not use this new password immediately.

To allow the exporter container to use this new root password immediately, restart the exporter container.

kubectl exec -it node-<memsql-cluster-name>-master-0 -cexporter -- /bin/sh -c "kill 1"

Rotate the Root Password

To rotate the root password, change the Secret value. For example:

kubectl patch secret rootpw --patch="{\"data\": { \"password\": \"$(echo -n 'newrootpassword123' | base64 -w0)\" }}"

Once updated, the root password will rotate in the background based on the Kubernetes sync period. Refer to Using Secrets as files from a Pod for more information.

Last modified: October 16, 2023

Was this article helpful?

On this page

Was this article helpful?