Commit 0f3c0a3
committed
feat: add one-shot provisioning for keycloak-users ExternalSecret
When externalSecrets.oneShot is true, the keycloak-users
ExternalSecret becomes an ArgoCD Sync hook with BeforeHookCreation
and deletionPolicy: Retain. This allows a PostSync job in the
rh-keycloak wrapper chart (layered-zero-trust) to delete the
ExternalSecret with --cascade=orphan so the Secret survives
initial provisioning, then clean up ephemeral Secrets labeled
for deletion.
Defaults to false (oneShot disabled) — keycloak-users is a regular
ExternalSecret with no hook annotations. The Secret and
ExternalSecret simply persist. The rh-keycloak wrapper chart in
layered-zero-trust enables it via rhbk.externalSecrets.oneShot.
Also fixes NATURAL_LANGUAGE linter errors: postgresql -> PostgreSQL
in values.yaml comments and README.md.gotmpl.
Bump chart version to 0.0.9.
Signed-off-by: Min Zhang <minzhang@redhat.com>1 parent c49dc58 commit 0f3c0a3
5 files changed
Lines changed: 519 additions & 396 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
| 7 | + | |
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| |||
0 commit comments