Skip to content

Commit 3c201dd

Browse files
minmzzhangminmzzhang
committed
feat: add one-shot provisioning for keycloak-users ExternalSecret
When externalSecrets.oneShot is true, the keycloak-users ExternalSecret switches from HookSucceeded to BeforeHookCreation delete policy and sets deletionPolicy: Retain. This allows a PostSync job in the rh-keycloak wrapper chart (layered-zero-trust) to delete the ExternalSecret with --cascade=orphan so the Secret survives initial provisioning, then clean up ephemeral Secrets labeled for deletion. Defaults to false (oneShot disabled) to preserve the existing HookSucceeded behavior. The rh-keycloak wrapper chart in layered-zero-trust enables it via rhbk.externalSecrets.oneShot. Bump chart version to 0.0.9. Signed-off-by: Min Zhang <minzhang@redhat.com>
1 parent c49dc58 commit 3c201dd

4 files changed

Lines changed: 515 additions & 391 deletions

File tree

Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ keywords:
44
- pattern
55
name: rhbk
66
type: application
7-
version: 0.0.8
7+
version: 0.0.9
88
home: https://github.com/validatedpatterns/rhbk-chart
99
maintainers:
1010
- name: Validated Patterns Team

0 commit comments

Comments
 (0)