Add ServiceAccount annotations

[jim-barber-he]

Add the ability to add annotations to the service accounts created for
logstash and elasticsearch.

Addresses: #627

• Chart version not bumped (the versions are all bumped and released at the same time)
• README.md updated with any new values or changes
• Updated template tests in ${CHART}/tests/*.py
• Updated integration tests in ${CHART}/examples/*/test/goss.yaml

[elasticmachine]

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

[cla-checker-service]

💚 CLA has been signed

[jim-barber-he]

I didn't update the README.md files because the description of the rbac field seems suitable still.

I don't know how to add tests for the changes I've made.

[fatmcgav]

Jenkins test this please

[jmlrt]

jenkins test this please

[jmlrt]

jenkins test this please

[jmlrt]

Thanks for this PR @jim-barber-he,
It could be worse adding ServiceAccount annotations to apm-server, filebeat, kibana and metricbeat charts also.
Would you be interested to do it in this PR?

I don't know how to add tests for the changes I've made.

A test like this one could be added

helm-charts/logstash/tests/logstash_test.py

Lines 257 to 271 in fa72b48

	def test_adding_multiple_persistence_annotations():
	config = """
	persistence:
	enabled: true
	annotations:
	hello: world
	world: hello
	"""
	r = helm_template(config)
	annotations = r["statefulset"][name]["spec"]["volumeClaimTemplates"][0]["metadata"][
	"annotations"
	]
	assert annotations["hello"] == "world"
	assert annotations["world"] == "hello"

[jim-barber-he]

@jmlrt I'm happy to do annotations for those other charts.
The only reason I didn't is they take a different approach to how they were getting their names, and didn't really know what the best value name to use would be.
I guess I could introduce a .Values.serviceAccountAnnotations value; does that sound suitable?

Originally I submitted this as a feature request, but had a go at it based on @fatmcgav telling me it should be simple.
I didn't realise I'd be having to work out how to write tests so I'm going to need more help...
For the logstash chart where I've added the following to the top-level metadata key:

  annotations:
    {{- with .Values.rbac.serviceAccountAnnotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}

Would the test be something like the following?

def test_adding_serviceaccount_annotations():
    config = """
rbac:
  serviceAccountAnnotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.elasticsearch.logstash
"""
    r = helm_template(config)
    assert (
        r["serviceaccount"][name]["metadata"]["annotations"][
            "eks.amazonaws.com/role-arn"
        ]
        == "arn:aws:iam::111111111111:role/k8s.clustername.elasticsearch.logstash"
    )

[jim-barber-he]

In the interests of keeping things moving I've added tests that I hope will work.
Also I've added the ability to add annotations to the apm-server, filebeat, and metricbeat charts as requested by @jmlrt
The kibana chart does not create its own service account and so I didn't do it for that one.

[jmlrt]

jenkins test this please

[jmlrt]

A few changes are required for the tests:

• Elasticsearch and Logstash chart require rbac.create=true to create the service accounts
• Elasticsearch chart use uname instead of name

[jmlrt]

jenkins test this please

[jmlrt]

I guess I could introduce a .Values.serviceAccountAnnotations value; does that sound suitable?

.Values.serviceAccountAnnotations is very suitable. I'd like to standardize values naming and the way we do thing across all the charts at some time but meanwhile having the same features in all charts when relevant is already really good.

I didn't realise I'd be having to work out how to write tests so I'm going to need more help...

Your tests were mostly good, a few changes were required, I commited so we can merge your work soon 🤞

[jmlrt]

backported to 6.8, 7.8and 7.x branches

[jim-barber-he]

Awesome. Thank you very much.