Pulp

Currently database configuration is in the clear within the Pulp custom resource, this is not a good practice as it leaks credentials to anyone who can view the customer resource.

The operator should allow for the specification of a secret. If the secret is not provided in the configuration it should look for a default named secret "pulp-postgres-configuration" and use if it exists otherwise it should create the secret with default values.

Example generated secret:

# Postgres Secret.
---
apiVersion: v1
kind: Secret
metadata:
  name: '{{ meta.name }}-postgres-configuration'
  namespace: '{{ meta.namespace }}'
stringData:
  password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}'
  username: '{{ deployment_type }}'
  database: '{{ deployment_type }}'
  port: '5432'
  host: {{ meta.name }}-postgres
  type: 'managed'

The intent is to have a common usage pattern as other operators that this operator is often deployed with.

The values for the secret should be mounted as a volume on the required deployments. The mounted secrets should then be exported within the container so the values are available as settings.