Shared secrets script should not label pre-existing secrets

Summary

The shared-secrets script should not label or otherwise modify secrets that the user provides. This leads to a situation where two different sets of code flip-flop values (e.g. if Terraform or some other code "owns" the secret)

Steps to reproduce

Note this works with any shared secret from the script because regardless of whether the secret exists or not, label_secret is called here

1. Create a Kubernetes Secret called gitlab-praefect-postgres with no labels
2. Use that secret for the praefect postgres password when installing the Gitlab helm chart (e.g. --set global.praefect.dbSecret.secret=gitlab-praefect-postgres)
3. Note that after the install, the shared-secrets script has labeled the secret with app: shared-secrets etc.

Current behavior

The pre-existing secret is modified by the helm chart.

Expected behavior

The pre-existing secret should not be modified by the helm chart.

Versions

• Chart: 5.1.2
• Platform:
  • Cloud: Any (tested in AWS)
• Kubernetes: (kubectl version)
  • Client:
  • Server: v1.19.13-eks
• Helm: (helm version)
  • Client: v3.7.0 (although I'm using the TF helm provider 2.2.0)
  • Server: n/a

Relevant logs

From shared secrets job

...
secret "gitlab-praefect-postgres" already exists
label "app.kubernetes.io/name" not found.
secret/gitlab-praefect-postgres labeled
secret/gitlab-praefect-postgres labeled
...