Superuser list are reset to default value if `auth.sasl.secretRef` is set

[RafalKorepta]

What happened?

There is race condition between post-upgrade job and config-watcher. Chain of events could be that config-watcher finishes whole reconciliation of superusers list, but post-upgrade job can reset superuser list to it's default value. That could break cluster if user is using superusers for authentication.

What did you expect to happen?

post-upgrade job should not reset superusers list to default.

How can we reproduce it (as minimally and precisely as possible)?. Please include values file.

```console $ helm install redpanda redpanda/redpanda --namespace redpanda --create-namespace $ helm upgrade redpanda --set config.tunable.kafka_connection_rate_limit=1500 # Reset superuser list replicating post-upgrade job execution $ kubectl exec -ti redpanda -- rpk cluster import -f /etc/redpanda/bootstrap.yaml ```

Anything else we need to know?

No response

Which are the affected charts?

Redpanda

Chart Version(s)

latest

Cloud provider

N/A

JIRA Link: K8S-99

[RafalKorepta]

This issue is solved with the following changes:

• https://github.com/redpanda-data/helm-charts/pull/1071
• https://github.com/redpanda-data/helm-charts/pull/1054

The crucial fact is that @chrisseto implemented config export, overwrite and config import.

[RafalKorepta]

I'm re-opening this issue as I need to implement test like in https://github.com/redpanda-data/helm-charts/pull/1058