Not managed credential is getting deleted by operator along with postgresql resource

[rhrytskiv]

Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.8.2 Where do you run it - cloud or metal? Kubernetes or OpenShift? [Bare Metal K8s] Are you running Postgres Operator in production? [not yet] Type of issue? [feature requrest]

So to have managed creds I have to create them beforehand as a secret with Zalando specific name, and then if I delete the postgresql resource, operator deletes this credential as well, which is unwanted. Could you make operator label somehow resource with additional label and only then delete the cred?

[FxKu]

I thought we already have an option to not remove the secrets. Does not seem to be the case. You can create a new option so that the operator does not delete secrets.

Btw, secrets are created by the operator when they are not found. No need to create them beforehand.

[rhrytskiv]

Thanks, I've no experience in go development unfortunately, maybe someone else coukld take a look.

Well I'm creating beforehand because I don't want randomly generated secret, I'm generating it with terraform, putting it into aws ssm param store and then I want to use that value as pg user cred. It would've been nice if we could just supply that as a parameter to postgresql resource in the first place though.

[kannanvr]

@FxKu , I will take up this issue. Here we need to implement the new parameter for not to manage the secret. So, the user can create the password as a secret and delete whenever they want.

Please confirm the above implementation. So that i will start implement it

[AmisGit]

@FxKu Hi, i also have the same problem, we need to keep current secrets when we remove any of Postgresql object from Kubernetes! Please help to move this issue in next step