Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Please allow annotations for the ServiceAccount resources in your charts #627

Closed
jim-barber-he opened this issue May 18, 2020 · 2 comments
Closed

Please allow annotations for the ServiceAccount resources in your charts #627

jim-barber-he opened this issue May 18, 2020 · 2 comments
Labels
enhancement New feature or request

Comments

@jim-barber-he
Copy link
Contributor

Describe the feature:

Please add the ability to add annotations to the Service Accounts in some of your charts.
For my use case I need support for them on the logstash and elasticsearch charts.
I don't use your other charts, so I don't know if the others would benefit from this or not, but it would do no harm.

For example, logstash/templates/serviceaccount.yaml file would change from:

{{- if .Values.rbac.create -}}
{{- $fullName := include "logstash.fullname" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
  {{- if eq .Values.rbac.serviceAccountName "" }}
  name: {{ $fullName | quote }}
  {{- else }}
  name: {{ .Values.rbac.serviceAccountName | quote }}
  {{- end }}
  labels:
    app: "{{ template "logstash.fullname" . }}"
    chart: "{{ .Chart.Name }}"
    heritage: {{ .Release.Service | quote }}
    release: {{ .Release.Name | quote }}
{{- end -}}

to something like:

{{- if .Values.rbac.create -}}
{{- $fullName := include "logstash.fullname" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
  {{- if eq .Values.rbac.serviceAccountName "" }}
  name: {{ $fullName | quote }}
  {{- else }}
  name: {{ .Values.rbac.serviceAccountName | quote }}
  {{- end }}
  annotations:
    {{- with .Values.rbac.serviceAccountAnnotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    app: "{{ template "logstash.fullname" . }}"
    chart: "{{ .Chart.Name }}"
    heritage: {{ .Release.Service | quote }}
    release: {{ .Release.Name | quote }}
{{- end -}}

Describe a specific use case for the feature:

I need access to AWS S3 buckets from these pods, and they require AWS IAM permissions to do so.
I'm using AWS's IAM roles for service accounts to assign IAM roles to pods based on the service account that they run with.
For this to work, an annotation needs to be put on the service account specifying the role to use as per the following document.
https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
@jmlrt jmlrt added the enhancement New feature or request label May 27, 2020
@lambda-9 lambda-9 mentioned this issue Jun 22, 2020
Closed
@fatmcgav
Copy link
Contributor

@jim-barber-he if you feel like taking a stab at it we welcome community PRs.

This should be a pretty small one to add given the example you've provided.

@jim-barber-he jim-barber-he mentioned this issue Jun 24, 2020
Merged
4 tasks
@jmlrt
Copy link
Member

jmlrt commented Jun 26, 2020

closing this since #686 is merged

@jmlrt jmlrt closed this as completed Jun 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fatmcgav @jmlrt @jim-barber-he