Harbor connect to Postgresql in Flux

[Jaxwood]

What can we help you?

We are using Harbor operator v1.3. For Postgres we using Zalando operator v1.8.2.

We are creating the Postgres cluster up-front using Gitops with Flux. As part of creating the postgres cluster a secret is created for the user we have defined in our Zalando Postgres cluster manifest file.

In the Harbor operator manifest definition we can refer to the Postgres secret containing the password to connect to Postgres. However Harbor expects the secret key to be named differently than what Postgres operator auto generates.

Is there a way to achieve this by using the auto generated secret by Zalando Operator or how would we go about doing this in a Gitops way?

[siegenthalerroger]

Same issue as : https://github.com/goharbor/harbor-operator/issues/946

[Jaxwood]

Same issue as : #946

@siegenthalerroger I have a workaround currently using a Kyverno policy that mutates the Zalando postgres secret to add the key that Harbor expects.

[alfsch]

@Jaxwood would it be possible for you to share the Kyverno policy?

[Jaxwood]

@Jaxwood would it be possible for you to share the Kyverno policy?

Sure, this is the one we've been using

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: mutate-postgres-secret
spec:
  generateExistingOnPolicyUpdate: true
  rules:
    - name: mutate-secret
      match:
        any:
          - resources:
              names:
                - harbor-admin.harbor-postgres-cluster.credentials.postgresql.acid.zalan.do
              namespaces:
                - kube-addons
              kinds:
                - Secret
      mutate:
        patchesJson6902: |-
          - op: add
            path: "/data/postgresql-password"
            value: "{{request.object.data.password}}"

[thcdrt]

Seems linked to #946