From c0b61a2eb4d49a0df1840a16cc3273456822f3b6 Mon Sep 17 00:00:00 2001
From: Massaki Archambault <marchambault@badjware.dev>
Date: Mon, 20 Feb 2023 10:58:55 -0500
Subject: [PATCH] explicitly set the labels of external-secret managed secrets
 to prevent it being pruned on apply

---
 .../drone-server/drone-server-externalsecret.yaml    | 12 +++++++++++-
 .../grafana-agent/grafana-agent-externalsecret.yaml  |  5 +++++
 kustomize/bases/grafana/grafana-externalsecret.yaml  |  5 +++++
 .../bases/longhorn/longhorn-externalsecret.yaml      |  5 +++++
 .../bases/postgres/postgres-externalsecret.yaml      |  5 +++++
 kustomize/bases/redis/redis-externalsecret.yaml      |  8 +++++++-
 kustomize/env/prod/kustomization.yaml                |  2 +-
 7 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/kustomize/bases/drone-server/drone-server-externalsecret.yaml b/kustomize/bases/drone-server/drone-server-externalsecret.yaml
index 5815c5b..290404b 100644
--- a/kustomize/bases/drone-server/drone-server-externalsecret.yaml
+++ b/kustomize/bases/drone-server/drone-server-externalsecret.yaml
@@ -8,6 +8,11 @@ spec:
     kind: ClusterSecretStore
   target:
     name: drone-secret
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
   data:
     - secretKey: rpc_secret
       remoteRef:
@@ -26,10 +31,15 @@ spec:
     kind: ClusterSecretStore
   target:
     name: drone-gitea-oauth-secret
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
   data:
     - secretKey: client_id
       remoteRef:
         key: /k3s/prod/drone/gitea/client_id
     - secretKey: client_secret
       remoteRef:
-        key: /k3s/prod/drone/gitea/client_secret
+        key: /k3s/prod/drone/gitea/client_secret
\ No newline at end of file
diff --git a/kustomize/bases/grafana-agent/grafana-agent-externalsecret.yaml b/kustomize/bases/grafana-agent/grafana-agent-externalsecret.yaml
index 3792882..05eb5c4 100644
--- a/kustomize/bases/grafana-agent/grafana-agent-externalsecret.yaml
+++ b/kustomize/bases/grafana-agent/grafana-agent-externalsecret.yaml
@@ -8,6 +8,11 @@ spec:
     kind: ClusterSecretStore
   target:
     name: grafana-agent
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
   data:
     - secretKey: agent.yaml
       remoteRef:
diff --git a/kustomize/bases/grafana/grafana-externalsecret.yaml b/kustomize/bases/grafana/grafana-externalsecret.yaml
index a633433..b369ab6 100644
--- a/kustomize/bases/grafana/grafana-externalsecret.yaml
+++ b/kustomize/bases/grafana/grafana-externalsecret.yaml
@@ -8,6 +8,11 @@ spec:
     kind: ClusterSecretStore
   target:
     name: grafana-config
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
   data:
     - secretKey: custom.ini
       remoteRef:
diff --git a/kustomize/bases/longhorn/longhorn-externalsecret.yaml b/kustomize/bases/longhorn/longhorn-externalsecret.yaml
index d522880..5ec122f 100644
--- a/kustomize/bases/longhorn/longhorn-externalsecret.yaml
+++ b/kustomize/bases/longhorn/longhorn-externalsecret.yaml
@@ -9,6 +9,11 @@ spec:
     kind: ClusterSecretStore
   target:
     name: s3-backupstore-credentials
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
   data:
     - secretKey: AWS_ACCESS_KEY_ID
       remoteRef:
diff --git a/kustomize/bases/postgres/postgres-externalsecret.yaml b/kustomize/bases/postgres/postgres-externalsecret.yaml
index 7c0a760..3e3624b 100644
--- a/kustomize/bases/postgres/postgres-externalsecret.yaml
+++ b/kustomize/bases/postgres/postgres-externalsecret.yaml
@@ -8,6 +8,11 @@ spec:
     kind: ClusterSecretStore
   target:
     name: postgres-credentials
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
   data:
     - secretKey: database
       remoteRef:
diff --git a/kustomize/bases/redis/redis-externalsecret.yaml b/kustomize/bases/redis/redis-externalsecret.yaml
index 0a96f4e..8827c79 100644
--- a/kustomize/bases/redis/redis-externalsecret.yaml
+++ b/kustomize/bases/redis/redis-externalsecret.yaml
@@ -8,7 +8,13 @@ spec:
     kind: ClusterSecretStore
   target:
     name: redis-credentials
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
+
   data:
     - secretKey: password
       remoteRef:
-        key: changeme
+        key: changeme
\ No newline at end of file
diff --git a/kustomize/env/prod/kustomization.yaml b/kustomize/env/prod/kustomization.yaml
index d1ac95c..6a9c79f 100644
--- a/kustomize/env/prod/kustomization.yaml
+++ b/kustomize/env/prod/kustomization.yaml
@@ -32,7 +32,7 @@ images:
   - name: postgres
     newTag: 9.6.23
   - name: redis
-    newTag: 6.2.5
+    newTag: 6.2.10
 
 configMapGenerator:
   - name: replacements