-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating a medusaConfiguration referenced secret should propagate #1217
Comments
Having taken a quick look, it appears that this design is a little odd, because it is replicating secrets between from one namespace to another without using the regular replicatedSecrets types and mechanisms. I think that the logical way to remedy this problem is to drop the current secret creation mechanism in favour of the creation of a replicatedSecret within the origin namespace of the MedusaConfig. I think i should mention that the behaviour of this logic is likely to be undefined or generally weird in the case of namespace-scoped deployments, and mention again that we should probably remove support for namespace scoping of this operator. |
That would probably prevent many users from installing the operator at all as they do not have cluster-wide access. |
Having discussed this last night, it appears that our preferred option is to prevent the use of namespace-remote MedusaConfigurations within the K8ssandraCluster going forward. PR 1267 gives effect to that change. Having implemented that change, we need to consider two scenarios:
I have a PR almost ready to go for this too. |
When using a medusaConfigurationRef, the original secret is copied and then replicated to the contexts and namespaces involved.
But in case the secret is updated due to credentials rotation for example, the copy doesn't get updated, which prevents from replicating the changes.
We need to make sure such secret updates get picked up by the operator and that the secret copy gets refreshed so that all medusa containers can get the new credentials.
Definition of Done
The text was updated successfully, but these errors were encountered: