Feature request: Copy environment secret to cluster namespaces

[haslersn]

• Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.5.0
• Where do you run it - cloud or metal? Kubernetes or OpenShift? Bare Metal K8s
• Are you running Postgres Operator in production? yes
• Type of issue? feature request

Since #946 you can specify Spilo Pod environment variables through a K8s Secret, by specifying the name of the Secret in the operator configuration:

configuration:
  kubernetes:
    pod_environment_secret: spilo-env

Problem

However, the Secret must live in the same namespace as the Postgresql cluster. If you want to use this features for multiple Postgresql clusters in different namespaces, you must manually create the spilo-env Secret in each namespace. It would be nice if there was a feature such that you need to create the Secret only once.

Possible Solution

I suggest the following as a possible solution.

1. We should allow to optionally specify a namespace in pod_environment_secret, e.g. pod_environment_secret: postgres-operator/spilo-env.
2. If a namespace is specified, then for each Postgresql cluster, the operator should copy the Secret to the cluster namespace.

[FxKu]

The original author of this feature restricted it to the namespace for a reason.

[haslersn]

The reason applies to copying the Secret's contents to the Pod spec. But this feature request proposes to copy the Secret itself.

[haslersn]

This issue is not relevant to us anymore, as we do now use a different WAL bucket per PostgreSQL cluster. Feel free to ping me if you need this feature and want this to be reopened.