Allow external resources secret key customization #1555
Description
Is your feature request related to a problem? Please describe.
The ability to define the keys in the secret for external db and cache instances.
A lot of operators for services like PostgreSQL, example CloudNativePG https://cloudnative-pg.io/documentation/1.27/applications/#secrets, automatically generate secrets that contain all the needed information for Pulp to connect to the DB but with different keys than what the Pulp Operator expects.
Example CNPG secret
apiVersion: v1
kind: Secret
metadata:
name: app-db-app
namespace: app
type: kubernetes.io/basic-auth
data:
dbname: app
host: app-db-rw
jdbc-uri: jdbc:postgresql://app-db-rw.app:5432/app?password=password&user=app
password: password
pgpass: |
app-db-rw:5432:app:app:password
port: "5432"
uri: postgresql://app:password@app-db-rw.app:5432/app
user: app
username: appDescribe the solution you'd like
The ability to set the key names for the values.
Example:
spec
database:
external_db_secret: my-db
keys:
host: host
name: dbname
port: port
username: username
password: passwordDescribe alternatives you've considered
- Use External-Secrets to sync a secret from an external source to both formats. This requires using an external source which is another attack point that requires securing which if it's a service entirely based in the cluster is unnecessary.
- Use External-Secrets to watch the generated secret and create a new secret.
- Manually copying the secret. Not conducive to automation, doesn't scale
All the methods require maintaining multiple secrets and ensuring they remain in sync.
Additional context
Add any other context about the feature request here.