Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Add ServiceAccount annotations #686

Merged
merged 5 commits into from
Jun 26, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions apm-server/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ as a reference. They are also used in the automated testing of this chart.
| `resources` | Allows you to set the [resources][] for the `Deployment` | see [values.yaml][] |
| `secretMounts` | Allows you easily mount a secret as a file inside the `Deployment`. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` |
| `serviceAccount` | Custom [serviceAccount][] that APM Server will use during execution. By default will use the `serviceAccount` created by this chart | `""` |
| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}`
| `service` | Configurable [service][] to expose the APM Server service. See [values.yaml][] for an example | see [values.yaml][] |
| `terminationGracePeriod` | Termination period (in seconds) to wait before killing APM Server pod process on pod shutdown | `30` |
| `tolerations` | Configurable [tolerations][] | `[]` |
Expand Down
4 changes: 4 additions & 0 deletions apm-server/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "apm.serviceAccount" . }}
annotations:
{{- with .Values.serviceAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: "{{ template "apm.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
Expand Down
14 changes: 14 additions & 0 deletions apm-server/tests/apmserver_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,20 @@ def test_adding_pod_labels():
)


def test_adding_serviceaccount_annotations():
config = """
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount
"""
r = helm_template(config)
assert (
r["serviceaccount"][name]["metadata"]["annotations"][
"eks.amazonaws.com/role-arn"
]
== "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount"
)


def test_adding_a_node_selector():
config = """
nodeSelector:
Expand Down
4 changes: 4 additions & 0 deletions apm-server/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ resources:
# Custom service account override that the pod will use
serviceAccount: ""

# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set.
serviceAccountAnnotations: {}
# eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount

# A list of secrets and their paths to mount inside the pod
secretMounts: []
# - name: elastic-certificate-pem
Expand Down
4 changes: 4 additions & 0 deletions elasticsearch/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ metadata:
{{- else }}
name: {{ .Values.rbac.serviceAccountName | quote }}
{{- end }}
annotations:
{{- with .Values.rbac.serviceAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
Expand Down
16 changes: 16 additions & 0 deletions elasticsearch/tests/elasticsearch_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -576,6 +576,22 @@ def test_adding_pod_annotations():
)


def test_adding_serviceaccount_annotations():
config = """
rbac:
jmlrt marked this conversation as resolved.
Show resolved Hide resolved
create: true
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount
"""
r = helm_template(config)
assert (
r["serviceaccount"][uname]["metadata"]["annotations"][
"eks.amazonaws.com/role-arn"
]
== "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount"
)


def test_adding_a_node_selector():
config = """
nodeSelector:
Expand Down
1 change: 1 addition & 0 deletions elasticsearch/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ volumeClaimTemplate:

rbac:
create: false
serviceAccountAnnotations: {}
serviceAccountName: ""

podSecurityPolicy:
Expand Down
1 change: 1 addition & 0 deletions filebeat/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ as a reference. They are also used in the automated testing of this chart.
| `resources` | Allows you to set the [resources][] for the `DaemonSet` | see [values.yaml][] |
| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` |
| `serviceAccount` | Custom [serviceAccount][] that Filebeat will use during execution. By default will use the service account created by this chart | `""` |
| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}`
| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` |
| `tolerations` | Configurable [tolerations][] | `[]` |
| `updateStrategy` | The [updateStrategy][] for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` |
Expand Down
4 changes: 4 additions & 0 deletions filebeat/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "filebeat.serviceAccount" . }}
annotations:
{{- with .Values.serviceAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: "{{ template "filebeat.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
Expand Down
14 changes: 14 additions & 0 deletions filebeat/tests/filebeat_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,20 @@ def test_adding_pod_labels():
)


def test_adding_serviceaccount_annotations():
config = """
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount
"""
r = helm_template(config)
assert (
r["serviceaccount"][name]["metadata"]["annotations"][
"eks.amazonaws.com/role-arn"
]
== "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount"
)


def test_adding_a_node_selector():
config = """
nodeSelector:
Expand Down
4 changes: 4 additions & 0 deletions filebeat/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ resources:
# Custom service account override that the pod will use
serviceAccount: ""

# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set.
serviceAccountAnnotations: {}
# eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount

# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security other sensitive values
secretMounts: []
Expand Down
4 changes: 4 additions & 0 deletions logstash/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ metadata:
{{- else }}
name: {{ .Values.rbac.serviceAccountName | quote }}
{{- end }}
annotations:
{{- with .Values.rbac.serviceAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: "{{ template "logstash.fullname" . }}"
chart: "{{ .Chart.Name }}"
Expand Down
16 changes: 16 additions & 0 deletions logstash/tests/logstash_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,22 @@ def test_adding_pod_annotations():
)


def test_adding_serviceaccount_annotations():
config = """
rbac:
jmlrt marked this conversation as resolved.
Show resolved Hide resolved
create: true
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount
"""
r = helm_template(config)
assert (
r["serviceaccount"][name]["metadata"]["annotations"][
"eks.amazonaws.com/role-arn"
]
== "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount"
)


def test_adding_a_node_selector():
config = """
nodeSelector:
Expand Down
1 change: 1 addition & 0 deletions logstash/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ volumeClaimTemplate:

rbac:
create: false
serviceAccountAnnotations: {}
serviceAccountName: ""

podSecurityPolicy:
Expand Down
1 change: 1 addition & 0 deletions metricbeat/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ as a reference. They are also used in the automated testing of this chart.
| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] |
| `replicas` | The replica count for the Metricbeat deployment talking to kube-state-metrics | `1` |
| `serviceAccount` | Custom [serviceAccount][] that Metricbeat will use during execution. By default will use the service account created by this chart | `""` |
| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}`
| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Metricbeat pod process on pod shutdown | `30` |
| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` |

Expand Down
4 changes: 4 additions & 0 deletions metricbeat/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "metricbeat.serviceAccount" . }}
annotations:
{{- with .Values.serviceAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: "{{ template "metricbeat.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
Expand Down
14 changes: 14 additions & 0 deletions metricbeat/tests/metricbeat_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -975,6 +975,20 @@ def test_adding_pod_labels():
)


def test_adding_serviceaccount_annotations():
config = """
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount
"""
r = helm_template(config)
assert (
r["serviceaccount"][name]["metadata"]["annotations"][
"eks.amazonaws.com/role-arn"
]
== "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount"
)


def test_adding_env_from():
config = """
daemonset:
Expand Down
4 changes: 4 additions & 0 deletions metricbeat/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,10 @@ podAnnotations: {}
# Custom service account override that the pod will use
serviceAccount: ""

# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set.
serviceAccountAnnotations: {}
# eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount

# How long to wait for metricbeat pods to stop gracefully
terminationGracePeriod: 30

Expand Down