Description
The Password spec for the User CRD documents two valid ways to provide a password:
Redpanda users require a password, which you can provide directly, using the spec.password.value field, or through a Kubernetes Secret, using the spec.password.valueFrom.secretKeyRef.
However, using value alone is impossible in practice because the OpenAPI schema marks valueFrom as unconditionally required, causing the webhook to reject the manifest before any validation logic runs.
Steps to Reproduce
apiVersion: cluster.redpanda.com/v1alpha2
kind: User
metadata:
name: test-user
namespace: redpanda
spec:
cluster:
clusterRef:
name: redpanda
authentication:
type: scram-sha-256
password:
value: testkubectl apply -f test.yaml
Error
The User "test-user" is invalid:
* spec.authentication.password.valueFrom: Required value
* <nil>: Invalid value: null: some validation rules were not checked because the object was invalid; correct the existing errors to complete validation
Description
The Password spec for the User CRD documents two valid ways to provide a password:
However, using
valuealone is impossible in practice because the OpenAPI schema marksvalueFromas unconditionally required, causing the webhook to reject the manifest before any validation logic runs.Steps to Reproduce
Error