Preserve annotations and labels on SealedSecret objects #1625
Description
Which component:
0.27.1
Is your feature request related to a problem? Please describe.
Sealed Secrets is often used with ArgoCD/Flux. In ArgoCD, argocd.argoproj.io/sync-wave annotation is used everywhere to control the priority of the git sync operation. Because SealedSecret object doesn't preserve any annotations and labels, it requires manual update of the json file after running kubeseal command.
Describe the solution you'd like
Easiest solution would be just preserve the same annotations and labels from the kubeseal input secret.
Describe alternatives you've considered
N/A
Additional context
Input secret
{
"kind": "Secret",
"apiVersion": "v1",
"metadata": {
"name": "s3-access",
"namespace": "loki",
"annotations": {
"argocd.argoproj.io/sync-wave": "-10"
}
},
"stringData": {
"foo": "bar"
}
}Output SealedSecret
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "s3-access",
"namespace": "loki",
"annotations": {
"argocd.argoproj.io/sync-wave": "-10" // This is what we want
},
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "s3-access",
"namespace": "loki",
"creationTimestamp": null,
"annotations": {
"argocd.argoproj.io/sync-wave": "-10"
}
}
},
"encryptedData": {
"foo": "AgBNnuq7/9OG+...."
}
}
}The previous feature request was closed incorrectly. #460