Cluster metadata is not applied to Root CA Certificate #4324
Description
Overview
The Root CA certificate secret does not inherit metadata (labels and annotations) from the PostgresCluster spec, preventing the application of custom labels and annotations.
Environment
- Platform: Kubernetes
- Platform Version: 1.32
- PGO Image Tag: ubi9-5.8.4-0
- Postgres Version: All supported versions
- Storage: N/A (affects all storage types)
Steps to Reproduce
REPRO
- Create a PostgresCluster with custom metadata:
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: hippocluster
spec:
metadata:
labels:
env-label: "test-label-value"
annotations:
env-annotation: "test-annotation-value"
postgresVersion: 18
# ... other spec fields- Check the root CA certificate secret:
kubectl get secret pgo-root-cacert -o yaml
EXPECTED
Per the documentation, the metadata in the spec.metadata section of the cluster should apply to "any PGO managed object in a cluster." The root CA certificate secret should inherit the labels and annotations defined.
ACTUAL
There are no labels or annotations on the pgo-root-cacert.
Additional Information
I discovered this when deploying a database into a namespace in conjunction with some operators that copy secrets into other namespaces unless they have a specific annotation. In my testing so far, the only secret that the PGO did not annotate was the pgo-root-cacert.