From 197526a40b4c8237869145255610069f91f9f7fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mattias=20=C3=84ngehov?= <mattias.angehov@castoredc.com>
Date: Thu, 6 Oct 2022 16:31:51 +0200
Subject: [PATCH] feat(argo-cd): Add support for labels on Service Accounts
 (#1513)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Allow configuring labels on service accounts

Signed-off-by: Mattias Ängehov <mattias.angehov@castoredc.com>

* Update documentation

Signed-off-by: Mattias Ängehov <mattias.angehov@castoredc.com>

* Update version and changes

Signed-off-by: Mattias Ängehov <mattias.angehov@castoredc.com>

Signed-off-by: Mattias Ängehov <mattias.angehov@castoredc.com>
---
 charts/argo-cd/Chart.yaml                                   | 4 ++--
 charts/argo-cd/README.md                                    | 3 +++
 .../argocd-application-controller/serviceaccount.yaml       | 3 +++
 .../templates/argocd-applicationset/serviceaccount.yaml     | 3 +++
 charts/argo-cd/templates/argocd-server/serviceaccount.yaml  | 3 +++
 charts/argo-cd/values.yaml                                  | 6 ++++++
 6 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index f7a44267..3687d9a8 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.4.13
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.5.8
+version: 5.5.9
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -22,4 +22,4 @@ dependencies:
     condition: redis-ha.enabled
 annotations:
   artifacthub.io/changes: |
-    - "[Fixed]: Upgrade Dex to v2.35.0 to avoid CVE-2022-39222 and update app version to v2.4.13"
+    - "[Added]: Allow labels to be set on service accounts"
diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index d1c507b6..43430cc9 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -462,6 +462,7 @@ NAME: my-release
 | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
 | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller |
+| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name |
 | controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the application controller |
@@ -677,6 +678,7 @@ NAME: my-release
 | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
 | server.serviceAccount.create | bool | `true` | Create server service account |
+| server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | server.serviceAccount.name | string | `"argocd-server"` | Server service account name |
 | server.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the Argo CD server |
@@ -908,6 +910,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.service.portName | string | `"webhook"` | Application set service port name |
 | applicationSet.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | applicationSet.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | applicationSet.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | applicationSet.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations |
diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
index 4703236c..96d786cd 100644
--- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
@@ -12,4 +12,7 @@ metadata:
 {{- end }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+  {{- range $key, $value := .Values.controller.serviceAccount.labels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 {{- end }}
diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
index 4fafac8d..cf5c0ef5 100644
--- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
@@ -12,4 +12,7 @@ metadata:
 {{- end }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
+  {{- range $key, $value := .Values.applicationSet.serviceAccount.labels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 {{- end }}
diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml
index cd95480b..a2eb9b11 100644
--- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml
@@ -12,4 +12,7 @@ metadata:
 {{- end }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+  {{- range $key, $value := .Values.server.serviceAccount.labels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 {{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index d1b17b44..83acc6d9 100755
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -516,6 +516,8 @@ controller:
     name: argocd-application-controller
     # -- Annotations applied to created service account
     annotations: {}
+    # -- Labels applied to created service account
+    labels: {}
     # -- Automount API credentials for the Service Account
     automountServiceAccountToken: true
 
@@ -1356,6 +1358,8 @@ server:
     name: argocd-server
     # -- Annotations applied to created service account
     annotations: {}
+    # -- Labels applied to created service account
+    labels: {}
     # -- Automount API credentials for the Service Account
     automountServiceAccountToken: true
 
@@ -2068,6 +2072,8 @@ applicationSet:
     create: true
     # -- Annotations to add to the service account
     annotations: {}
+    # -- Labels applied to created service account
+    labels: {}
     # -- The name of the service account to use.
     # If not set and create is true, a name is generated using the fullname template
     name: ""