Merge "fix(keystone): ensure fernet and credential keys are not deleted"

Author: Zuul

keystone/templates/secret-credential-keys.yaml

@@ -22,6 +22,7 @@ metadata:
 {{- if .Values.helm3_hook }}
   annotations:
     "helm.sh/hook": pre-install
+    "helm.sh/resource-policy": keep
 {{- end }}
 type: Opaque
 data:

keystone/templates/secret-fernet-keys.yaml

@@ -23,6 +23,7 @@ metadata:
 {{- if .Values.helm3_hook }}
   annotations:
     "helm.sh/hook": pre-install
+    "helm.sh/resource-policy": keep
 {{- end }}
 type: Opaque
 data:

releasenotes/notes/keystone-56908951efdcc19e.yaml

@@ -0,0 +1,9 @@
+---
+keystone:
+  - |
+    Annotate credential and fernet keys secrets with the Helm keep policy.
+    While helm does not clean up hook resources today, their documentation
+    says that it is coming and users should annotate resources they do not
+    expect to be deleted appropriately. Some GitOps tools like ArgoCD
+    implement the cleanup today as part of their Helm support.
+...