reddec
commented
11 months ago @hitman99 summoning you! 🪄
Closed reddec closed 11 months ago
reddec
commented
11 months ago @hitman99 summoning you! 🪄
hitman99
commented
11 months ago Will review this on monday
hitman99
commented
11 months ago This flag should come with a note of caution. The current logic prevents operator from entering endless reconcile loop as secret is very unlikely to exist. Your change increases a change that specified secret already exists by a lot. It's very easy to copy-paste two CRs and forget to change theSecretName to something different. If the secret already exists, the operator will never stop reconciling the CR until either offending secret is deleted or CR is deleted or updated with another SecretName
reddec
commented
11 months ago With KEEP_SECRET_NAME the operator (administrator/devops) at least can see the result secret name. It's not trivial (without reading docs) to understand after manifests quick scan that secret actually will NOT be a secretName but db-<secretName>.
Anyway, I added details in doc. @hitman99
Allow keeping secret name as defined in user spec while keeping current behavior by-default (ie: backward compatible).
PR adds new boolean environment variable
KEEP_SECRET_NAME(disabled by default) which instructs operator create secret with name exactly as defined inPostgresUserSpec.The main motivation is to increase transparency for operations team: understand which secret will be created without having deep knowledge of the operator code (principle of least surprise).
This is "opt-in" flag and doesn't require any configuration change for existing users to keep current behavior.