fix(eso): chart 0.6.2 - revert fullnameOverride; use templated SA in ClusterSecretStore

Chart 0.6.1's fullnameOverride attempted to give ESO resources stable names (just 'external-secrets' instead of '<release>-external-secrets') but ArgoCD couldn't fully drain the prefixed resources from 0.6.0, leaving sync stuck. Reverting: keep the subchart's default release- prefixed naming, template the SA reference in ClusterSecretStore via {{ .Release.Name }}-external-secrets so it resolves correctly per cluster.
2026-05-07 21:01:38 +03:00
parent ddc01def62
commit 52a157f187
3 changed files with 12 additions and 18 deletions
--- a/values.yaml
+++ b/values.yaml
@@ -278,20 +278,10 @@ externalSecrets:
 # first apply. Resource limits conservative — ESO is event-driven
 # and idle most of the time.
 #
-# fullnameOverride locks the SA + Deployment + Service names to plain
-# "external-secrets" (no <release-name>- prefix), so the OpenBao role
-# binding and our ClusterSecretStore.serviceAccountRef can reference
-# a stable name across every cluster.
+# We keep the subchart's default release-prefixed naming
+# (`<release>-external-secrets`) — i.e., we DON'T set
+# fullnameOverride. The ClusterSecretStore manifest references the
+# SA via `{{ .Release.Name }}-external-secrets` so the name resolves
+# correctly per-cluster.
 external-secrets:
  installCRDs: true
-  fullnameOverride: "external-secrets"
-  serviceAccount:
-    name: external-secrets
-  webhook:
-    fullnameOverride: "external-secrets-webhook"
-    serviceAccount:
-      name: external-secrets-webhook
-  certController:
-    fullnameOverride: "external-secrets-cert-controller"
-    serviceAccount:
-      name: external-secrets-cert-controller