wiz-kubernetes-integration unable to deploy from scratch via ArgoCD using externalSecrets

[juhosyrjanen]

Hello,

wiz-kubernetes-integration is unable to deploy from scratch with ArgoCD when passing secrets with External-Secrets. Reason for this is dependency on Kubernetes secrets in job/wiz-kubernetes-connector-create-connector, it will naturally not be able to run without secrets being present.

With external-secrets Kubernetes secrets are not created within the deployment, instead an ExternalSecret resource is created which is syncing with external vault and then creating Kubernetes secrets.

As The Helm template has a dependency to Kubernetes secrets, the deployment fails

│   Warning  Failed     9s (x2 over 9s)  kubelet            Error: secret "wiz-sa" not found                                                                                      

We are deploying Wiz via ArgoCD using Kustomize + Helm:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: wiz

resources:
  - namespace.yml
  - secrets.yml

helmCharts:
- name: wiz-kubernetes-integration
  repo: https://charts.wiz.io/
  releaseName: wiz-kubernetes-integration
  namespace: wiz
  valuesFile: values.yml
  version: 0.1.95

ExternalSecrets are defined in the secrets.yml file. While deploying this manually directly via Kustomize the deployment will work as ExternalSecrets are created with kustomize build --enable-helm | kubectl apply -f -, with ArgoCD deployment will remain OutOfSync.

Could the chart be improved upon a bit an allow this sort of use case?