Support to add annotations in injector serviceaccount (#753)

2022-07-11 13:11:30 -03:00 · 2022-07-11 13:11:30 -03:00 · 6c14d9d656
commit 6c14d9d656
parent 44a07b8970
5 changed files with 42 additions and 0 deletions
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -470,6 +470,21 @@ Sets extra injector service annotations
  {{- end }}
 {{- end -}}

+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
 {{/*
 Sets extra injector webhook annotations
 */}}
--- a/templates/injector-serviceaccount.yaml
+++ b/templates/injector-serviceaccount.yaml
@ -9,4 +9,5 @@ metadata:
    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
 {{ end }}
--- a/test/unit/injector-serviceaccount.bats
+++ b/test/unit/injector-serviceaccount.bats
@ -20,3 +20,13 @@ load _helpers
      yq 'length > 0' | tee /dev/stderr)
  [ "${actual}" = "false" ]
 }
+
+@test "injector/ServiceAccount: generic annotations" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-serviceaccount.yaml \
+      --set 'injector.serviceAccount.annotations=vaultIsAwesome: true' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["vaultIsAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
--- a/values.schema.json
+++ b/values.schema.json
@ -373,6 +373,17 @@
                        }
                    }
                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
                "strategy": {
                    "type": [
                        "object",
--- a/values.yaml
+++ b/values.yaml
@ -269,6 +269,11 @@ injector:
    # Extra annotations to attach to the injector service
    annotations: {}

+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+
  # A disruption budget limits the number of pods of a replicated application
  # that are down simultaneously from voluntary disruptions
  podDisruptionBudget: {}