You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I attempted to generate a Crossplane provider with Upjet for PostgreSQL Terraform provider, but discovered that generated controllers do not watch referenced resources.
Take, for example, postgresql_role resource, which has sensitive attribute password. The generated CRD contains the following:
// Sets the role's password. A password is only of use// for roles having the login attribute set to true.// Sets the role's password// +kubebuilder:validation:OptionalPasswordSecretRef*v1.SecretKeySelector`json:"passwordSecretRef,omitempty" tf:"-"`
I was able to create a Role resource and it successfully reconciled, but when I changed the contents of the secret referenced from passwordSecretRef field, nothing happened.
The reason is that the following code in the generated controller doesn't specify that reconciliation should trigger whenever an associated secret is changed:
I generated CRDs and controller using make generate and then ran it against local Kind cluster using make run.
After initial reconciliation, I changed the contents of a secret which I referenced from my Role custom resource.
I used upjet 1.3.0.
The text was updated successfully, but these errors were encountered:
What happened?
Hi,
I attempted to generate a Crossplane provider with Upjet for PostgreSQL Terraform provider, but discovered that generated controllers do not watch referenced resources.
Take, for example, postgresql_role resource, which has sensitive attribute
password
. The generated CRD contains the following:I was able to create a Role resource and it successfully reconciled, but when I changed the contents of the secret referenced from
passwordSecretRef
field, nothing happened.The reason is that the following code in the generated controller doesn't specify that reconciliation should trigger whenever an associated secret is changed:
KubeBuilder book describes how to watch externally managed resources (such as secrets) in controllers: https://book.kubebuilder.io/reference/watching-resources/externally-managed
Perhaps Upjet could generate all necessary boilerplate code to watch externally managed secrets (and maybe all referenced resources as well?).
How can we reproduce it?
I followed the "Generating a Crossplane provider" guide from this repository and generated a Crossplane provider for PostgreSQL Terraform provider with "postgresql_role" resource.
Here's my
config/role/config.go
fileI generated CRDs and controller using
make generate
and then ran it against local Kind cluster usingmake run
.After initial reconciliation, I changed the contents of a secret which I referenced from my Role custom resource.
I used upjet 1.3.0.
The text was updated successfully, but these errors were encountered: