component label getting overwritten by VaultSecret Operator #23696
Description
Describe the bug
As documented here hashicorp/vault-secrets-operator#1045
When creating a secret and deploying it with Vault Secrets Operator to enable oauth for devspaces the app.kubernetes.io/component label gets overwritten.
From VSO
app.kubernetes.io/component: secret-sync
Required by Devspaces
app.kubernetes.io/component: oauth-scm-configuration
If we could define a different label, annotation or selector to use for the oauth-scm-configuration this would be extremely useful
Che version
7.113@latest
Steps to reproduce
Deploy a static secret using VSO (Vault Secrets Operator)
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: devspaces-bitbucket-oauth
namespace: openshift-devspaces
spec:
vaultAuthRef: vault-auth-jwt
mount: kv
type: kv-v2
path: ocp/devspaces-bitbucket-oauth
refreshAfter: 1h
destination:
create: true
overwrite: true
name: devspaces-bitbucket-oauth
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: **oauth-scm-configuration**
annotations:
che.eclipse.org/oauth-scm-server: bitbucket
che.eclipse.org/scm-server-endpoint: 'https://bitbucket.myorg.co.uk'
deployed with VSO
$ oc describe secret devspaces-bitbucket-oauth
Name: devspaces-bitbucket-oauth
Namespace: openshift-devspaces
Labels: **app.kubernetes.io/component=secret-sync**
app.kubernetes.io/managed-by=hashicorp-vso
app.kubernetes.io/name=vault-secrets-operator
app.kubernetes.io/part-of=che.eclipse.org
secrets.hashicorp.com/vso-ownerRefUID=c51c1071-fcc2-40d3-8ec7-def1e7afe0a9
Annotations: che.eclipse.org/oauth-scm-server: bitbucket
che.eclipse.org/scm-server-endpoint: https://bitbucket.myorg.co.uk
Type: Opaque
Data
====
_raw: 259 bytes
id: 32 bytes
secret: 64 bytes
Expected behavior
Auth mounted into devpspaces
Runtime
OpenShift
Screenshots
No response
Installation method
OperatorHub
Environment
other (please specify in additional context)
Eclipse Che Logs
Additional context
No response