In InfluxDB Clustered we need to create a license Secret to be volume-mounted into backend component pods. It could also be a ConfigMap, but we use a Secret. This Secret is necessary for the pods to start up at all because they volume-mount data from it. The Secret is initially created with no contents and expected to be populated by separate controller once a specific CustomeResource containing the information necessary for the Secret has been installed separately by the user.
The CustomResource manifest is provided to our uses by our sales and contains licensing information. The controller extracts this license and inserts it into the Secret so that the license info is available to components that require it.
The problem we run into is that kubit's operational model of repeatedly re-applying manifests it gets from the OCI artifact means that the contents of the Secret injected by the CustomResource get overwritten by kubit with the original empty value almost right way.
There should be some way to express to kubit that a particular resource should only be created, not repeatedly updated to assert the original value.
In InfluxDB Clustered we need to create a license Secret to be volume-mounted into backend component pods. It could also be a ConfigMap, but we use a Secret. This Secret is necessary for the pods to start up at all because they volume-mount data from it. The Secret is initially created with no contents and expected to be populated by separate controller once a specific CustomeResource containing the information necessary for the Secret has been installed separately by the user.
The CustomResource manifest is provided to our uses by our sales and contains licensing information. The controller extracts this license and inserts it into the Secret so that the license info is available to components that require it.
The problem we run into is that kubit's operational model of repeatedly re-applying manifests it gets from the OCI artifact means that the contents of the Secret injected by the CustomResource get overwritten by kubit with the original empty value almost right way.
There should be some way to express to kubit that a particular resource should only be created, not repeatedly updated to assert the original value.