Add explicit ExternalSecret defaults for SSA sync parity

The external-secrets webhook injects conversionStrategy, decodingStrategy, and metadataPolicy defaults on admission. Declaring them explicitly prevents ArgoCD SSA from flagging the resource as OutOfSync. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 07:02:28 -08:00 · 2026-02-26 07:02:28 -08:00 · fb83c5c577
commit fb83c5c577
parent db561c6b0e
2 changed files with 4 additions and 0 deletions
--- a/argocd/manifests/argocd/external-secret-repo-forge.yaml
+++ b/argocd/manifests/argocd/external-secret-repo-forge.yaml
@ -26,5 +26,8 @@ spec:
  data:
  - secretKey: privateKey
    remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
      key: argocd-forge-ssh-key
+      metadataPolicy: None
      property: private-key-openssh
--- a/docs/changelog.d/main.infra.md
+++ b/docs/changelog.d/main.infra.md
@ -0,0 +1 @@
+Add explicit ExternalSecret defaults for SSA sync parity with ArgoCD v3.3
				`@ -0,0 +1 @@`
				`Add explicit ExternalSecret defaults for SSA sync parity with ArgoCD v3.3`