fix(keystone): ensure fernet and credential keys are not deleted

Ensure that we do not delete credentials and fernet keys when deploying
an upgrade of the chart.

Change-Id: I89f5e2fa5f3e1a436ea747a0ab1472159f637e90
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
This commit is contained in:
Doug Goldstein
2025-09-02 16:49:02 -05:00
parent 937ad1c58a
commit a396e01985
3 changed files with 11 additions and 0 deletions

View File

@@ -22,6 +22,7 @@ metadata:
{{- if .Values.helm3_hook }} {{- if .Values.helm3_hook }}
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/resource-policy": keep
{{- end }} {{- end }}
type: Opaque type: Opaque
data: data:

View File

@@ -23,6 +23,7 @@ metadata:
{{- if .Values.helm3_hook }} {{- if .Values.helm3_hook }}
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/resource-policy": keep
{{- end }} {{- end }}
type: Opaque type: Opaque
data: data:

View File

@@ -0,0 +1,9 @@
---
keystone:
- |
Annotate credential and fernet keys secrets with the Helm keep policy.
While helm does not clean up hook resources today, their documentation
says that it is coming and users should annotate resources they do not
expect to be deleted appropriately. Some GitOps tools like ArgoCD
implement the cleanup today as part of their Helm support.
...