Feature-Request: Templating Secrets

[Nold360]

Please, answer some short questions which should help us to understand your problem / question better?

• Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.7.1
• Where do you run it - cloud or metal? Kubernetes or OpenShift? Bare Metal K3s
• Are you running Postgres Operator in production? not yet
• Type of issue? feature request

Templating Secrets

I'm currently facing the issue to get the Postgres-Operator work in combination with the AWX-Operator. The AWX-Operator requires a postgres-configuration-secret like this:

stringData:
  host: <external ip or url resolvable by the cluster>
  port: <external port, this usually defaults to 5432>
  database: <desired database name>
  username: <username to connect as>
  password: <password to connect with>
  sslmode: prefer
  type: unmanaged

But the Secret generated by the postgres-operator only contains the username & password. So either I have to copy or modify the secret. Both things i would like avoid.

Since I guess that there are more cases of software requiring e.g. different secret keys, templating the secret just like secret_name_template would be awsome. This way I could easily define something like this:

secret_template:
  host:  {{ service-name }}
  port: 5432
  database: {{ database }}
  username:  {{ username }}
  password: {{ password }}
  sslmode: prefer
  type: unmanaged

[willzhang]

yes, when i deploy harbor with external postgresql, i need username and password, but i don't know how to define my selft pg password.