feat(cluster): Allow the use of existing secrets for DB access (i.e. cluster-app and cluster-superuser)

[mrclrchtr]

I would prefer to annotate the generated secret to be able to replicate it, but I don't think that's possible with CNPG yet, is it?

Therefore it would be very good to have the possibility to use already existing secrets for the creation of clusters.

[itay-grudev]

Is this not a duplicate of #197?

There is a PR for it - #239.

[mrclrchtr]

No, sorry, I should have expressed myself better. This is about using existing secrets for database access, i.e. cluster-app and cluster-superuser.

[itay-grudev]

This is indeed supported by CNPG, see the secret parameter here and superuserSecret here.

That being said, I'm not sure that's such a good idea. What is your use case?

[mrclrchtr]

No, I didn't mean simply creating one, but annotating the generated one with the help of a template. Then it can be copied by other tools like replicator.

The idea was to run the cluster in a different namespace than the application.

In the meantime, however, I have also decided against this. So it's probably ok to close the issue, unless you see some use in the feature?

[itay-grudev]

You can use the cluster chart with your favourite orchestration tool and set the access passwords during creation time. Your orchestration tool can then allocate a secret with the credentials in your app namespace. I've done this in the past with the database in a separate namespace

Also I imagine you can use HashiCorp Vault for an even fancier solution.