For some secrets, we recommend to reuses the default name, <cr-Name>-credentials-secrete for example.

This cause problems b/c the operator wants to potentially reconcile the values in that secrete when it creates it, but when it is created externally, it should be read only from an operator perspective.

The operator has worked around this by appending the -internal name to any updates. However the real problem is that a 'custom' configuration has not been named in a custom fashion.

If we suggest to use a -custom postfix, then we can treat any default named secret/configMap as owned by the operator.

This will cut off the problem at source and it makes sense to name with the <sensible-default-name>-<some custom postfix> to indicate that the values are being overridden.

We can add some CRD validation to ensure that users don't use reserved names in the future, or for new CRs ENTMQBR-7419