Export secrets based on secrets-label-selector OR secrets-annotation-selector

[d-honeybadger]

The selectors for secrets, secrets-label-selector and secrets-annotation-selector, are currently ANDed. So, for example, if I wanted to export cert-manager secrets (with annotations) as well as some custom secrets, then I'd have to commit to using annotations only. Wondering if this is intentional as it seems natural to expect that one can mix and match label and annotation selectors.

[joe-elliott]

I wouldn't say this is intentional. When I first added annotation support I was thinking of it as a different "mode" and didn't really consider the case where you'd run them both at the same time.

Are you looking to OR the label and annotation selectors?

[d-honeybadger]

Makes sense, thank you!
Turns out I can (and should) just use multiple label selectors, so this isn't a blocker for my particular case and can be closed.
Still think it would be nice to have or'ed label and annotation selectors, maybe in the next major verion in case people rely on the current way.

[joe-elliott]

Are you looking to OR the label and annotation selectors?

Heh, that is exactly what the title of the issue calls for :P

Yeah, I see wisdom in ORing them together. Hard to say who relies on the current behavior. I'll leave this open in case others would like to comment about their preferences.

[jenting]

I had the OR scenario before is that if I want to monitor lots of certificates within one cert-exporter Deployment, some certificates are find and filter by label, the others are find and filter by annotation.

Right now, the only way to support this is to have 2 Deployments, one is filter by label, the other one is filter by annotation.

From my perspective, I can't think a scenario that user would like to use label and annotation by ANS operation (my 2 cents).