From 4cedc8c074081ab75ac15dde6cae84cb5875839e Mon Sep 17 00:00:00 2001
From: kirinnee <kirinnee97@gmail.com>
Date: Sat, 18 Nov 2023 16:47:09 +0800
Subject: [PATCH] fix: sync wave for secretstore externalsecret

---
 chart/README.md                     |  5 ++---
 chart/templates/secret.yaml         |  6 ++----
 chart/values.suicune.opal-ruby.yaml | 16 ++++++++++++++++
 chart/values.yaml                   |  9 +++++----
 4 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/chart/README.md b/chart/README.md
index 67ca394..0d01f82 100644
--- a/chart/README.md
+++ b/chart/README.md
@@ -43,11 +43,10 @@ Helm chart to deploy internal ingress controller with VPN access to internal ser
 | podSecurityContext | object | `{}` | Security Context for Pods |
 | replicaCount | int | `1` | Number of Replicas, only if HPA is not enabled |
 | resources | object | `{"limits":{"cpu":"50m","memory":"256Mi"},"requests":{"cpu":"15m","memory":"128Mi"}}` | resource limits |
+| secretAnnotation | object | `{"argocd.argoproj.io/sync-wave":"-2"}` | Secret Annotations (External Secrets) to control synchronization |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10000}` | Generate security Context |
 | serviceTree | object | `{"layer":"1","module":"tunnel","platform":"sulfoxide","service":"boron"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |
-| sulfoxide-bromine | object | `{"annotations":{"helm.sh/hook":"pre-install,pre-upgrade","helm.sh/weight":"-5"},"rootSecret":{"ref":"SULFOXIDE_BORON"},"storeName":"doppler-boron"}` | Create SecretStore via secret of secrets pattern |
-| sulfoxide-bromine.annotations."helm.sh/hook" | string | `"pre-install,pre-upgrade"` | Helm hook to run |
-| sulfoxide-bromine.annotations."helm.sh/weight" | string | `"-5"` | Helm weight to run |
+| sulfoxide-bromine | object | `{"annotations":{"argocd.argoproj.io/sync-wave":"-3"},"rootSecret":{"ref":"SULFOXIDE_BORON"},"storeName":"doppler-boron"}` | Create SecretStore via secret of secrets pattern |
 | sulfoxide-bromine.rootSecret | object | `{"ref":"SULFOXIDE_BORON"}` | Secret of Secrets reference |
 | sulfoxide-bromine.rootSecret.ref | string | `"SULFOXIDE_BORON"` | DOPPLER Token Reference |
 | sulfoxide-bromine.storeName | string | `"doppler-boron"` | Store name to create |
diff --git a/chart/templates/secret.yaml b/chart/templates/secret.yaml
index 65a9cb6..5274165 100644
--- a/chart/templates/secret.yaml
+++ b/chart/templates/secret.yaml
@@ -4,8 +4,7 @@ kind: Secret
 metadata:
   name: {{ .Values.auth.secretName }}
   annotations: {{- include "sulfoxide-boron.annotations" . | nindent 4 }}
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-weight": "-2"
+    {{- toYaml .Values.secretAnnotation | nindent 4 }}
   labels: {{- include "sulfoxide-boron.labels" . | nindent 4 }}
 data:
   TUNNEL_TOKEN: {{ b64enc .Values.auth.internal.token }}
@@ -17,8 +16,7 @@ kind: ExternalSecret
 metadata:
   name: {{ .Release.Name -}}-external-secret
   annotations: {{- include "sulfoxide-boron.annotations" . | nindent 4 }}
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-weight": "-2"
+    {{- toYaml .Values.secretAnnotation | nindent 4 }}
   labels: {{- include "sulfoxide-boron.labels" . | nindent 4 }}
 spec:
   refreshInterval: {{ .Values.auth.external.refreshInterval }}
diff --git a/chart/values.suicune.opal-ruby.yaml b/chart/values.suicune.opal-ruby.yaml
index 3fa1584..fedac2b 100644
--- a/chart/values.suicune.opal-ruby.yaml
+++ b/chart/values.suicune.opal-ruby.yaml
@@ -2,6 +2,22 @@ serviceTree:
   landscape: suicune
   cluster: opal-ruby
 
+# -- Create SecretStore via secret of secrets pattern
+sulfoxide-bromine:
+  annotations:
+    # -- Helm hook to run
+    helm.sh/hook: pre-install,pre-upgrade
+    # -- Helm weight to run
+    helm.sh/weight: "-5"
+
+
+# -- Secret Annotations (External Secrets) to control synchronization
+secretAnnotation:
+  # -- Helm hook to run
+  helm.sh/hook: pre-install,pre-upgrade
+  # -- Helm weight to run
+  helm.sh/weight: "-4"
+
 auth:
   internal:
     enable: false
diff --git a/chart/values.yaml b/chart/values.yaml
index 5f1d714..6f0edc9 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -8,10 +8,7 @@ serviceTree:
 # -- Create SecretStore via secret of secrets pattern
 sulfoxide-bromine:
   annotations:
-    # -- Helm hook to run
-    helm.sh/hook: pre-install,pre-upgrade
-    # -- Helm weight to run
-    helm.sh/weight: "-5"
+    argocd.argoproj.io/sync-wave: "-3"
   # -- Store name to create
   storeName: doppler-boron
   # -- Secret of Secrets reference
@@ -20,6 +17,10 @@ sulfoxide-bromine:
     ref: "SULFOXIDE_BORON"
 
 
+# -- Secret Annotations (External Secrets) to control synchronization
+secretAnnotation:
+  argocd.argoproj.io/sync-wave: "-2"
+
 # -- Cloudflare Tunnel Token
 auth: