Fix as per review

2021-06-29 17:49:49 +02:00 · 2021-06-29 17:49:49 +02:00 · 05593122d6
parent a04c9be0af
commit 05593122d6
6 changed files with 13 additions and 14 deletions
--- a/charts/postgres-operator/crds/operatorconfigurations.yaml
+++ b/charts/postgres-operator/crds/operatorconfigurations.yaml
@ -72,9 +72,6 @@ spec:
              enable_lazy_spilo_upgrade:
                type: boolean
                default: false
-              enable_cross_namespace_secret:
-                type: boolean
-                default: false
              enable_pgversion_env_var:
                type: boolean
                default: true
@ -176,6 +173,9 @@ spec:
                  enable_init_containers:
                    type: boolean
                    default: true
+                  enable_cross_namespace_secret:
+                    type: boolean
+                    default: false
                  enable_pod_antiaffinity:
                    type: boolean
                    default: false
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@ -151,7 +151,7 @@ configKubernetes:
  # template for database user secrets generated by the operator,
  # here username contains the namespace in the format namespace.username
  # if the user is in different namespace than cluster and cross namespace secrets
-  # are enabled via EnableCrossNamespaceSecret flag in configmap.
+  # are enabled via enable_cross_namespace_secret flag in configmap.
  secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
  # set user and group for the spilo container (required to run Spilo as non-root process)
  # spilo_runasuser: 101
--- a/docs/reference/operator_parameters.md
+++ b/docs/reference/operator_parameters.md
@ -275,13 +275,12 @@ configuration they are grouped under the `kubernetes` key.

 * **secret_name_template**
  a template for the name of the database user secrets generated by the
-  operator. `{namespace}` is replaced with name of the namespace (if cross
-  namespace secrets are enabled via EnableCrossNamespaceSecret flag, otherwise the
-  secret is in cluster's namespace and in that case it is not present in secret
-  name), `{username}` is replaced with name of the secret, `{cluster}` with the
-  name of the cluster, `{tprkind}` with the kind of CRD (formerly known as TPR)
-  and `{tprgroup}` with the group of the CRD. No other placeholders are allowed.
-  The default is
+  operator. `{namespace}` is replaced with name of the namespace if
+  enable_cross_namespace_secret is set, otherwise the
+  secret is in cluster's namespace. `{username}` is replaced with name of the
+  secret, `{cluster}` with the name of the cluster, `{tprkind}` with the kind
+  of CRD (formerly known as TPR) and `{tprgroup}` with the group of the CRD.
+  No other placeholders are allowed. The default is
  `{namespace}.{username}.{cluster}.credentials.{tprkind}.{tprgroup}`.

 * **cluster_domain**
--- a/docs/user.md
+++ b/docs/user.md
@ -140,7 +140,7 @@ At the moment it is not possible to define membership of the manifest role in
 other roles.

 To define the secrets for the users in a different namespace than that of the cluster,
-one can use the flag `EnableCrossNamespaceSecret` and declare the namespace for the
+one can set `enable_cross_namespace_secret` and declare the namespace for the
 secrets in the manifest in the following manner,

 ```yaml
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@ -36,12 +36,12 @@ data:
  # downscaler_annotations: "deployment-time,downscaler/*"
  # enable_admin_role_for_users: "true"
  # enable_crd_validation: "true"
+  # enable_cross_namespace_secret: "true"
  # enable_database_access: "true"
  enable_ebs_gp3_migration: "false"
  # enable_ebs_gp3_migration_max_size: "1000"
  # enable_init_containers: "true"
  # enable_lazy_spilo_upgrade: "false"
-  # enable_cross_namespace_secret: "false"
  enable_master_load_balancer: "false"
  enable_pgversion_env_var: "true"
  # enable_pod_antiaffinity: "false"
--- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
+++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
@ -91,6 +91,7 @@ type KubernetesMetaConfiguration struct {
 	EnablePodAntiAffinity      bool                `json:"enable_pod_antiaffinity,omitempty"`
 	PodAntiAffinityTopologyKey string              `json:"pod_antiaffinity_topology_key,omitempty"`
 	PodManagementPolicy        string              `json:"pod_management_policy,omitempty"`
+	EnableCrossNamespaceSecret bool                `json:"enable_cross_namespace_secret,omitempty"`
 }

 // PostgresPodResourcesDefaults defines the spec of default resources
@ -214,7 +215,6 @@ type OperatorLogicalBackupConfiguration struct {
 type OperatorConfigurationData struct {
 	EnableCRDValidation        *bool                              `json:"enable_crd_validation,omitempty"`
 	EnableLazySpiloUpgrade     bool                               `json:"enable_lazy_spilo_upgrade,omitempty"`
-	EnableCrossNamespaceSecret bool                               `json:"enable_cross_namespace_secret,omitempty"`
 	EnablePgVersionEnvVar      bool                               `json:"enable_pgversion_env_var,omitempty"`
 	EnableSpiloWalPathCompat   bool                               `json:"enable_spilo_wal_path_compat,omitempty"`
 	EtcdHost                   string                             `json:"etcd_host,omitempty"`