Until SDP 24.3, the SecretClass tls used the default namespace to store the TLS CA. In #397, the namespace was changed to the operator's namespace in the Helm installation. This is a breaking change and users migrating from a prior SDP version must either revert this change by setting the Helm value secretClasses.tls.caSecretNamespace to default or by copying the Secret secret-provisioner-tls-ca to the operator's namespace.
This change was already implemented and released in the OLM version 24.4.0 (see stackabletech/stackable-utils#65).
It was planned to just add a note to the changelog. But it turned out, that this manual step is error-prone and should be performed automatically.
One solution is to add a Job to the Helm installation which checks if the secret exists in the default namespace but not in the one set in caSecretNamespace and copies the secret in this case.
Until SDP 24.3, the SecretClass
tlsused thedefaultnamespace to store the TLS CA. In #397, the namespace was changed to the operator's namespace in the Helm installation. This is a breaking change and users migrating from a prior SDP version must either revert this change by setting the Helm valuesecretClasses.tls.caSecretNamespacetodefaultor by copying the Secretsecret-provisioner-tls-cato the operator's namespace.This change was already implemented and released in the OLM version 24.4.0 (see stackabletech/stackable-utils#65).
It was planned to just add a note to the changelog. But it turned out, that this manual step is error-prone and should be performed automatically.
One solution is to add a Job to the Helm installation which checks if the secret exists in the
defaultnamespace but not in the one set incaSecretNamespaceand copies the secret in this case.