Support to add annotations in injector serviceaccount (hashicorp#753)

ryuseongryong · Jul 11, 2022 · 6c14d9d · 6c14d9d
1 parent 44a07b8
commit 6c14d9d
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 0 deletions.
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -470,6 +470,21 @@ Sets extra injector service annotations
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
 {{/*
 Sets extra injector webhook annotations
 */}}

diff --git a/templates/injector-serviceaccount.yaml b/templates/injector-serviceaccount.yaml
@@ -9,4 +9,5 @@ metadata:
     app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
 {{ end }}
diff --git a/test/unit/injector-serviceaccount.bats b/test/unit/injector-serviceaccount.bats
@@ -20,3 +20,13 @@ load _helpers
       yq 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "false" ]
 }
+
+@test "injector/ServiceAccount: generic annotations" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-serviceaccount.yaml \
+      --set 'injector.serviceAccount.annotations=vaultIsAwesome: true' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["vaultIsAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
diff --git a/values.schema.json b/values.schema.json
@@ -373,6 +373,17 @@
                         }
                     }
                 },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
                 "strategy": {
                     "type": [
                         "object",

diff --git a/values.yaml b/values.yaml
@@ -269,6 +269,11 @@ injector:
     # Extra annotations to attach to the injector service
     annotations: {}
 
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+
   # A disruption budget limits the number of pods of a replicated application
   # that are down simultaneously from voluntary disruptions
   podDisruptionBudget: {}