[Feature]: Support Pooler integration even if user provides secrets #8836
Description
Is there an existing issue already for this feature request/idea?
- I have searched for an existing issue, and could not find anything. I believe this is a new feature request to be evaluated.
What problem is this feature going to solve? Why should it be added?
Currently when following the cert-manager examples, the Cluster reconciles fine, but if you add a Pooler, then you run into issues with the secret not having the ca.key, and if you provide an AuthQuerySecret the reconciliation skips the Pooler integration still.
Describe the solution you'd like
Allow the Pooler integration to continue even if user provides custom certs. Possibly with an explicit field to enable or disable the integration via the Pooler spec and keep the other checks in place to allow backwards compatibility.
Describe alternatives you've considered
-
Not providing custom certs, but this breaks future issues with wanting to automate client certs when the Pooler supports full cert auth.
-
Provide cert-manager certs but then you need to do the manual Pooler integration steps, which doesn't seem to work for custom Database resources, as those don't initSQL possibilities.
Additional context
These issues are semi related to allow cert-manager CA secrets, which I believe would also fix this possibly.
Backport?
No
Are you willing to actively contribute to this feature?
Yes
Code of Conduct
- I agree to follow this project's Code of Conduct