This project uses demonstration credentials in some YAML files for ease of setup. For production use, please follow these security practices:
The following files contain demo credentials that should be changed for production:
-
InfluxDB (
k8s/influxdb.yaml):- Username:
admin - Password:
supersecretpassword(CHANGE THIS) - Token:
my-super-secret-auth-token(CHANGE THIS)
- Username:
-
Grafana (
k8s/grafana.yaml):- Username:
admin - Password:
admin(CHANGE THIS)
- Username:
-
Use Kubernetes Secrets:
kubectl create secret generic influxdb-auth \ --from-literal=admin-password='your-secure-password' \ --from-literal=admin-token='your-secure-token' \ -n demo-app
-
Update Deployments to reference secrets:
env: - name: INFLUXDB_ADMIN_PASSWORD valueFrom: secretKeyRef: name: influxdb-auth key: admin-password
-
Never Commit Real Credentials:
- Use
.gitignoreto exclude secret files - Use environment variables for sensitive data
- Use secret management tools (e.g., Sealed Secrets, Vault)
- Use
-
Rotate Credentials Regularly:
- Change default passwords immediately after deployment
- Implement credential rotation policies
- The monitoring endpoints are currently open for demo purposes
- For production, implement:
- API authentication
- Network policies
- TLS/HTTPS encryption
- Rate limiting
If you discover a security vulnerability, please report it to murr2k@gmail.com