From 062417e30db4bf82d85f71cd87b7aecdb5be2470 Mon Sep 17 00:00:00 2001
From: Eugene Lugovtsov <34510252+EugeneLugovtsov@users.noreply.github.com>
Date: Fri, 25 Nov 2022 02:35:40 +0200
Subject: [PATCH] feat(argo-workflows): Add labels for ServiceAccounts (#1665)

* Add labels for ServiceAccounts

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>

* fix workflow serviceaccount labels

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>

* fix docs

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>
---
 charts/argo-workflows/Chart.yaml                            | 4 ++--
 charts/argo-workflows/README.md                             | 3 +++
 .../templates/controller/workflow-controller-sa.yaml        | 3 +++
 charts/argo-workflows/templates/controller/workflow-sa.yaml | 3 +++
 charts/argo-workflows/templates/server/server-sa.yaml       | 3 +++
 charts/argo-workflows/values.yaml                           | 6 ++++++
 6 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml
index 60d71bf1..4935775b 100644
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: v3.4.3
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.20.9
+version: 0.20.10
 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@@ -13,4 +13,4 @@ maintainers:
     url: https://argoproj.github.io/
 annotations:
   artifacthub.io/changes: |
-    - "[Fixed]: allow users to optionally whitelist secrets"
+    - "[Added]: Add labels to ServiceAccounts."
diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md
index 3f60f868..58e88acf 100644
--- a/charts/argo-workflows/README.md
+++ b/charts/argo-workflows/README.md
@@ -62,6 +62,7 @@ Fields to note:
 | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
 | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
+| workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows |
 
 ### Workflow Controller
@@ -114,6 +115,7 @@ Fields to note:
 | controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext |
 | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | controller.serviceAccount.create | bool | `true` | Create a service account for the controller |
+| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | controller.serviceAccount.name | string | `""` | Service account name |
 | controller.serviceAnnotations | object | `{}` | Annotations to be applied to the controller Service |
 | controller.serviceLabels | object | `{}` | Optional labels to add to the controller Service |
@@ -200,6 +202,7 @@ Fields to note:
 | server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context |
 | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | server.serviceAccount.create | bool | `true` | Create a service account for the server |
+| server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | server.serviceAccount.name | string | `""` | Service account name |
 | server.serviceAnnotations | object | `{}` | Annotations to be applied to the UI Service |
 | server.serviceLabels | object | `{}` | Optional labels to add to the UI Service |
diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
index 3acc93ab..36245900 100644
--- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ template "argo-workflows.controllerServiceAccountName" . }}
   labels:
     {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+  {{- with .Values.controller.serviceAccount.labels  }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   {{ with .Values.controller.serviceAccount.annotations }}
   annotations:
     {{- toYaml .| nindent 4 }}
diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml
index 43e6cbf6..8928b32e 100644
--- a/charts/argo-workflows/templates/controller/workflow-sa.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml
@@ -7,6 +7,9 @@ metadata:
   name: {{ $.Values.workflow.serviceAccount.name }}
   labels:
     {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
+  {{- with $.Values.workflow.serviceAccount.labels  }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
     {{- with $namespace }}
   namespace: {{ . }}
     {{- end }}
diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml
index 5525d7af..2f6644ed 100644
--- a/charts/argo-workflows/templates/server/server-sa.yaml
+++ b/charts/argo-workflows/templates/server/server-sa.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ template "argo-workflows.serverServiceAccountName" . }}
   labels:
     {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+  {{- with .Values.server.serviceAccount.labels  }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   {{- with .Values.server.serviceAccount.annotations  }}
   annotations:
     {{- toYaml . | nindent 4 }}
diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml
index 3a371a8f..703bb77b 100644
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@@ -41,6 +41,8 @@ workflow:
   serviceAccount:
     # -- Specifies whether a service account should be created
     create: false
+    # -- Labels applied to created service account
+    labels: {}
     # -- Annotations applied to created service account
     annotations: {}
     # -- Service account which is used to run workflows
@@ -181,6 +183,8 @@ controller:
     create: true
     # -- Service account name
     name: ""
+    # -- Labels applied to created service account
+    labels: {}
     # -- Annotations applied to created service account
     annotations: {}
 
@@ -366,6 +370,8 @@ server:
     create: true
     # -- Service account name
     name: ""
+    # -- Labels applied to created service account
+    labels: {}
     # -- Annotations applied to created service account
     annotations: {}