Generated authentication secret is not removed on uninstall

[ryanemerson]

No description provided.

[dmvolod]

@ryanemerson I don't remember why this annotation added, but probably can take a side effect. More detail tests in CI with install/update/uninstall and resource validation after these stages need to be implemented

annotations:
    "helm.sh/resource-policy": no-update

[ryanemerson]

@dmvolod Thanks for commenting. From what I can see in the helm docs, "no-update" isn't a valid value for the helm.sh/resource-policy annotation, the only option is "keep" https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource.

Maybe I was too quick to remove this annotation though, as removing the Secret during a chart upgrade would result in new user credentials being generated and any user applications being broken on upgrade.

I think I should revert the commit and update the annotation value to be "keep". We will then need to update the docs to state that the generated Secret needs to be manually uninstalled.

Ideally what we require is the ability to keep a resource during update/rollback but remove on delete, however this doesn't seem to exist helm/helm#7839 😞.

@fabriziosta FYI, it looks like we won't be able to remove the secret after all.