fix: sync wave for secretstore externalsecret

chart/README.md

@@ -17,10 +17,10 @@ Helm chart to deploy External DNS to configure DNS records to DNS providers
 |-----|------|---------|-------------|
 | external-dns | object | `{"commonLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/module":"controller","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"tin"}},"deploymentAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/module":"controller","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"tin"}},"env":[{"name":"CF_API_TOKEN","valueFrom":{"secretKeyRef":{"key":"CLOUDFLARE_TOKEN","name":"cloudflare-external-dns-token"}}}],"interval":"1m","logFormat":"json","podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/module":"controller","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"tin"}},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/module":"controller","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"tin"}},"podSecurityContext":{"<<":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}},"policy":"sync","provider":"cloudflare","rbac":{"create":true},"resources":{"limits":{"cpu":1,"memory":"1Gi"},"requests":{"cpu":"250m","memory":"256Mi"}},"securityContext":{"<<":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":3000,"runAsNonRoot":true,"runAsUser":1000}},"serviceMonitor":{"enabled":true},"sources":["service"]}` | ExternalDNS configuration. See [ExternalDNS Helm Chart](https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns) |
 | podSecurityContext | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for PodSecurityContext |
-| secretAnnotation."argocd.argoproj.io/sync-wave" | string | `"1"` |  |
+| secretAnnotation | object | `{"argocd.argoproj.io/sync-wave":"-2"}` | Secret Annotations (External Secrets) to control synchronization |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":3000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for SecurityContext |
 | serviceTree | object | `{"layer":"1","module":"controller","platform":"sulfoxide","service":"tin"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |
-| sulfoxide-bromine | object | `{"annotations":{"argocd.argoproj.io/sync-wave":"-1"},"rootSecret":{"ref":"SULFOXIDE_TIN"},"storeName":"doppler-tin"}` | Create SecretStore via secret of secrets pattern |
+| sulfoxide-bromine | object | `{"annotations":{"argocd.argoproj.io/sync-wave":"-3"},"rootSecret":{"ref":"SULFOXIDE_TIN"},"storeName":"doppler-tin"}` | Create SecretStore via secret of secrets pattern |
 | sulfoxide-bromine.rootSecret | object | `{"ref":"SULFOXIDE_TIN"}` | Secret of Secrets reference |
 | sulfoxide-bromine.rootSecret.ref | string | `"SULFOXIDE_TIN"` | DOPPLER Token Reference |
 | sulfoxide-bromine.storeName | string | `"doppler-tin"` | Store name to create |

chart/values.yaml

@@ -33,17 +33,17 @@ securityContext: &securityContext
 # -- Create SecretStore via secret of secrets pattern
 sulfoxide-bromine:
   annotations:
-    argocd.argoproj.io/sync-wave: "-1"
+    argocd.argoproj.io/sync-wave: "-3"
   # -- Store name to create
   storeName: doppler-tin
   # -- Secret of Secrets reference
   rootSecret:
     # -- DOPPLER Token Reference
     ref: "SULFOXIDE_TIN"
 
-
+# -- Secret Annotations (External Secrets) to control synchronization
 secretAnnotation:
-  argocd.argoproj.io/sync-wave: "1"
+  argocd.argoproj.io/sync-wave: "-2"
 
 # -- Cloudflare Tunnel Token
 token: