fix: Add annotations for headless service (#143)

* fix: Add annotations for headless service

Signed-off-by: ymkc <sixth_brother@gmx.net>

Author: ymkc

CHANGELOG.md

@@ -1,5 +1,9 @@
 ## Unreleased
 
+### 0.25.4
+
+- fix: Add annotations for headless service
+
 ### 0.25.3
 
 - fix: Add extraPorts to server Service in ha

charts/openbao/Chart.yaml

@@ -3,7 +3,7 @@
 
 apiVersion: v2
 name: openbao
-version: 0.25.3
+version: 0.25.4
 appVersion: v2.5.0
 kubeVersion: ">= 1.30.0-0"
 description: Official OpenBao Chart
@@ -28,7 +28,7 @@ annotations:
   artifacthub.io/changes: |
     - kind: changed
       description: |
-        fix: Add extraPorts to server Service in ha
+        fix: Add annotations for headless service
 maintainers:
   - name: OpenBao
     email: openbao-security@lists.openssf.org

charts/openbao/README.md

@@ -1,6 +1,6 @@
 # openbao
 
-![Version: 0.25.3](https://img.shields.io/badge/Version-0.25.3-informational?style=flat-square) ![AppVersion: v2.5.0](https://img.shields.io/badge/AppVersion-v2.5.0-informational?style=flat-square)
+![Version: 0.25.4](https://img.shields.io/badge/Version-0.25.4-informational?style=flat-square) ![AppVersion: v2.5.0](https://img.shields.io/badge/AppVersion-v2.5.0-informational?style=flat-square)
 
 Official OpenBao Chart
 
@@ -280,6 +280,7 @@ Kubernetes: `>= 1.30.0-0`
 | server.service.externalTrafficPolicy | string | `"Cluster"` |  |
 | server.service.extraLabels | object | `{}` |  |
 | server.service.extraPorts | list | `[]` | extraPorts is a list of extra ports. Specified as a YAML list. This is useful if you need to add additional ports to the server service in dynamic way. |
+| server.service.headless.annotations | object | `{}` |  |
 | server.service.instanceSelector.enabled | bool | `true` |  |
 | server.service.ipFamilies | list | `[]` |  |
 | server.service.ipFamilyPolicy | string | `""` |  |

charts/openbao/templates/_helpers.tpl

@@ -786,6 +786,23 @@ Sets extra openbao server Service (standby) annotations
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets extra openbao server Service (headless) annotations
+*/}}
+{{- define "openbao.service.headless.annotations" -}}
+  {{- $headless := .Values.server.service.headless.annotations -}}
+  {{- $generic := .Values.server.service.annotations -}}
+  {{- if or $headless $generic }}
+  annotations:
+    {{- if $headless }}
+      {{- include "openbao.annotations.render.4" (list . $headless) -}}
+    {{- end }}
+    {{- if $generic }}
+      {{- include "openbao.annotations.render.4" (list . $generic) -}}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
 {{/*
 Sets PodSecurityPolicy annotations
 */}}

charts/openbao/templates/server-headless-service.yaml

@@ -19,7 +19,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     openbao-internal: "true"
-{{ template "openbao.service.annotations" .}}
+{{- template "openbao.service.headless.annotations" .}}
 spec:
   {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
   {{- if .Values.server.service.ipFamilyPolicy }}

charts/openbao/values.yaml

@@ -807,6 +807,11 @@ server:
       # Extra labels for the service definition.
       # This should be a YAML map of the labels to apply to the standby service
       extraLabels: {}
+    headless:
+      # Extra annotations for the headless service definition. This can either be YAML or a
+      # YAML-formatted multi-line templated string map of the annotations to apply
+      # to the headless service.
+      annotations: {}
     # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}`
     # When disabled, services may select OpenBao pods not deployed from the chart.
     # Does not affect the headless openbao-internal service with `ClusterIP: None`

test/unit/server-headless-service.bats

@@ -74,3 +74,57 @@ load _helpers
       yq '.spec.ipFamilies' -c | tee /dev/stderr)
   [ "${actual}" = '["IPv4","IPv6"]' ]
 }
+
+@test "server/headless-Service: generic annotations string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      --set 'server.service.annotations=openBaoIsAwesome: true' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["openBaoIsAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "server/headless-Service: generic annotations yaml" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      --set 'server.service.annotations.openBaoIsAwesome=true' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["openBaoIsAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "server/headless-Service: with headless annotations string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      --set 'server.service.headless.annotations=openBaoIsAwesome: true' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["openBaoIsAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "server/headless-Service: with headless annotations yaml" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      --set 'server.service.headless.annotations.openBaoIsAwesome=true' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["openBaoIsAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+@test "server/headless-Service: with both annotations set" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      --set 'server.service.headless.annotations=openBaoIsAwesome: true' \
+      --set 'server.service.annotations=openbaoIsNotAwesome: false' \
+      . | tee /dev/stderr |
+      yq -r '.metadata' | tee /dev/stderr)
+
+  local actual=$(echo "$object" | yq '.annotations["openBaoIsAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+  actual=$(echo "$object" | yq '.annotations["openbaoIsNotAwesome"]' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}