OSPRH-25976: prevent openstack operator from forcing Galera Secret

[zzzeek]

Remove the webhook rule that forces the Galera template to be copied from the top level openstack control plane secret field when blank, instead allowing the Galera level secret to be blank. This allows the Galera operator to use newer "automatic root password generation" logic delivered as part of OSPRH-14916.

Workflows include deployment of an openstack control plane with no galera secret (blank or omitted) which will fully auto-generate a mariadb root password for the new install, or modifying an existing deployment's secret to be blank, which will generate a mariadb root password and update the existing galera DB to use the new root pw.

References: OSPRH-25976

[openshift-ci-robot]

@zzzeek: This pull request references OSPRH-25976 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Remove the webhook rule that forces the Galera template to be copied from the top level openstack control plane secret field when blank, instead allowing the Galera level secret to be blank. This allows the Galera operator to use newer "automatic root password generation" logic delivered as part of OSPRH-14916.

Workflows include deployment of an openstack control plane with no galera secret (blank or omitted) which will fully auto-generate a mariadb root password for the new install, or modifying an existing deployment's secret to be blank, which will generate a mariadb root password and update the existing galera DB to use the new root pw.

References: OSPRH-25976

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: zzzeek
Once this PR has been reviewed and has the lgtm label, please assign rebtoor for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

OpenStackControlPlane CRD Size Report

Metric	Value
CRD JSON size	322062 bytes (315KB)
Base branch size	322062 bytes
Change	+0.00%
Status	yellow — growing

Threshold reference

Color	Range	Meaning
🟢 green	< 300KB	Comfortable
🟡 yellow	300–400KB	Growing
🟠 orange	400–750KB	Concerning
🔴 red	> 750KB	Approaching 1.5MB etcd limit (cut in half to allow space for update)

[zzzeek]

/retest

[openshift-ci]

@zzzeek: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/openstack-operator-build-deploy-kuttl-4-18	d186794	link	true	/test openstack-operator-build-deploy-kuttl-4-18

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.