{namespace} placeholder not working

[Tri0L]

• Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.8.2
• Where do you run it - cloud or metal? Kubernetes or OpenShift? YandexCloud
• Type of issue? Bug report

Operator deployed using helm chart from v1.8.2 tag.

Custom values:

configKubernetes:
  secret_name_template: "{username}.{cluster}.postgresql.credentials.{namespace}"
  enable_cross_namespace_secret: true

Cluster yaml:

apiVersion: acid.zalan.do/v1
kind: postgresql
metadata:
  name: test-pg
  namespace: test
spec:
  numberOfInstances: 1
  postgresql:
    version: '12'
  preparedDatabases:
    mydb: {}
  teamId: test
  users:
    myuser: []
  volume:
    size: 1Gi

Operator error:

time="2023-01-09T14:57:49Z" level=error msg="could not create cluster: could not create secrets: could not create secret for user myuser: in namespace test: Secret \"myuser.test-pg.postgresql.credentials.{namespace}\" is invalid: metadata.name: Invalid value: \"myuser.test-pg.postgresql.credentials.{namespace}\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')" cluster-name=test/test-pg pkg=controller worker=3

[FxKu]

The secret name template cannot deal with the namespace placeholder. You have to define the namespace as part of the username, see docs.

[Tri0L]

But in docs(https://github.com/zalando/postgres-operator/blob/master/docs/reference/operator_parameters.md) I see:

[FxKu]

That's confusing indeed. We could enable it in the go code, but as of now the operator can only create secrets in other namespaces if the namespace is part of the username. For the secret's name it means that {username} would already contain the namespace name. So there's no need to have another {namespace} placeholder.