From ee95a472687549f7b753a15d4e083462286a373c Mon Sep 17 00:00:00 2001
From: Dev Jadeja <krushndevsinh@simformsolutions.com>
Date: Thu, 27 Mar 2025 16:13:11 +0530
Subject: [PATCH 1/2] fix: added an extra label on ExternalSecrets

- this label will provide filtration for resource exclusion
---
 charts/py-app/templates/external-secrets.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/charts/py-app/templates/external-secrets.yaml b/charts/py-app/templates/external-secrets.yaml
index 4db2558..9602b2b 100644
--- a/charts/py-app/templates/external-secrets.yaml
+++ b/charts/py-app/templates/external-secrets.yaml
@@ -6,14 +6,15 @@ metadata:
   name: "{{include "py-app.name" $ }}-{{ $name }}"
   labels:
     {{- include "py-app.labels" $ | nindent 4 }}
+    external-secrets/managed: "true"  # ArgoCD will not manage the Secret that has this label
   annotations:
     argocd.argoproj.io/hook: PreSync,Sync
     argocd.argoproj.io/sync-wave: "-1"
 spec:
-  refreshInterval: {{ default "1h" $val.refreshInterval }}           # rate SecretManager pulls GCPSM
+  refreshInterval: {{ default "1h" $val.refreshInterval }}
   secretStoreRef:
     kind: ClusterSecretStore
-    name: {{ $val.secretStoreName }} # name of the SecretStore (or kind specified)
+    name: {{ $val.secretStoreName }}
   target:
     name: {{ $val.targetName }}
     creationPolicy: {{ default "Owner" $val.targetCreationPolicy }}

From 15f52269141f724bae7caf04fdc14091ca58ff53 Mon Sep 17 00:00:00 2001
From: Dev Jadeja <krushndevsinh@simformsolutions.com>
Date: Thu, 27 Mar 2025 16:16:10 +0530
Subject: [PATCH 2/2] corrected label path

---
 charts/py-app/templates/external-secrets.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/charts/py-app/templates/external-secrets.yaml b/charts/py-app/templates/external-secrets.yaml
index 9602b2b..e47658f 100644
--- a/charts/py-app/templates/external-secrets.yaml
+++ b/charts/py-app/templates/external-secrets.yaml
@@ -6,7 +6,6 @@ metadata:
   name: "{{include "py-app.name" $ }}-{{ $name }}"
   labels:
     {{- include "py-app.labels" $ | nindent 4 }}
-    external-secrets/managed: "true"  # ArgoCD will not manage the Secret that has this label
   annotations:
     argocd.argoproj.io/hook: PreSync,Sync
     argocd.argoproj.io/sync-wave: "-1"
@@ -17,6 +16,10 @@ spec:
     name: {{ $val.secretStoreName }}
   target:
     name: {{ $val.targetName }}
+    template:
+      metadata:
+        labels: 
+          external-secrets/managed: "true"  # ArgoCD will not manage the Secret that has this label
     creationPolicy: {{ default "Owner" $val.targetCreationPolicy }}
     deletionPolicy: {{ default "Retain" $val.targetDeletionPolicy }}
   dataFrom: {{ toYaml $val.dataFrom | nindent 4 }}