Add support to set service account annotations (#151)

Author: michaellzc

charts/sourcegraph/CHANGELOG.md

@@ -11,6 +11,7 @@ Use `**BREAKING**:` to denote a breaking change
 ### Added
 
 - Add new example `envoy` to enable HTTP trailers using Envoy Filter [#148](https://github.com/sourcegraph/deploy-sourcegraph-helm/pull/148)
+- Add support to configure service account annotations [#151](https://github.com/sourcegraph/deploy-sourcegraph-helm/pull/151)
 
 ## 3.41.0
 

charts/sourcegraph/README.md

@@ -22,6 +22,8 @@ In addition to the documented values, all services also support the following va
 - `<serviceName>.podSecurityContext` - [learn more](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
 - `<serviceName>.args` - override default container args
 - `<serviceName>.env` - consult `values.yaml` file
+- `<serviceName>.serivceAccount.create` - create service account for service
+- `<serviceName>.serviceAccount.annotations` - Annotations for the service-specific service account
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|

charts/sourcegraph/README.md.gotmpl

@@ -22,5 +22,7 @@ In addition to the documented values, all services also support the following va
 - `<serviceName>.podSecurityContext` - [learn more](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
 - `<serviceName>.args` - override default container args
 - `<serviceName>.env` - consult `values.yaml` file
+- `<serviceName>.serivceAccount.create` - create service account for service
+- `<serviceName>.serviceAccount.annotations` - Annotations for the service-specific service account
 
 {{ template "chart.valuesTable" . }}

charts/sourcegraph/templates/_helpers.tpl

@@ -53,6 +53,15 @@ serviceAccountName: {{ include "sourcegraph.serviceAccountName" (list $top $serv
 {{- end }}
 {{- end }}
 
+{{- define "sourcegraph.serviceAccountAnnotations" -}}
+{{- $top := index . 0 }}
+{{- $service := index . 1 }}
+{{- with (index $top.Values $service "serviceAccount" "annotations") }}
+annotations:
+{{- . | toYaml | trim | nindent 4 }}
+{{- end }}
+{{- end }}
+
 {{/*
 Create the docker image reference and allow it to be overridden on a per-service basis
 Default tags are toggled between a global and service-specific setting by the

charts/sourcegraph/templates/cadvisor/cadvisor.ServiceAccount.yaml

@@ -7,5 +7,6 @@ metadata:
     category: rbac
     deploy: sourcegraph
     app.kubernetes.io/component: cadvisor
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "cadvisor") | trim | nindent 2 }}
   name: {{ include "sourcegraph.serviceAccountName" (list . "cadvisor") }}
 {{- end }}

charts/sourcegraph/templates/codeinsights-db/codeinsights-db.ServiceAccount.yaml

@@ -6,5 +6,6 @@ metadata:
     category: rbac
     deploy: sourcegraph
     app.kubernetes.io/component: codeinsights-db
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "codeInsightsDB") | trim | nindent 2 }}
   name: {{ include "sourcegraph.serviceAccountName" (list . "codeInsightsDB") }}
 {{- end }}

charts/sourcegraph/templates/codeintel-db/codeintel-db.ServiceAccount.yaml

@@ -6,5 +6,6 @@ metadata:
     category: rbac
     deploy: sourcegraph
     app.kubernetes.io/component: codeintel-db
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "codeIntelDB") | trim | nindent 2 }}
   name: {{ include "sourcegraph.serviceAccountName" (list . "codeIntelDB") }}
 {{- end }}

charts/sourcegraph/templates/frontend/sourcegraph-frontend.ServiceAccount.yaml

@@ -10,5 +10,6 @@ metadata:
     category: rbac
     deploy: sourcegraph
     app.kubernetes.io/component: frontend
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "frontend") | trim | nindent 2 }}
   name: {{ include "sourcegraph.serviceAccountName" (list . "frontend") }}
 {{- end }}

charts/sourcegraph/templates/github-proxy/github-proxy.ServiceAccount.yaml

@@ -6,5 +6,6 @@ metadata:
     category: rbac
     deploy: sourcegraph
     app.kubernetes.io/component: github-proxy
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "githubProxy") | trim | nindent 2 }}
   name: {{ include "sourcegraph.serviceAccountName" (list . "githubProxy") }}
 {{- end }}

charts/sourcegraph/templates/gitserver/gitserver.ServiceAccount.yaml

@@ -6,5 +6,6 @@ metadata:
     category: rbac
     deploy: sourcegraph
     app.kubernetes.io/component: gitserver
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "gitserver") | trim | nindent 2 }}
   name: {{ include "sourcegraph.serviceAccountName" (list . "gitserver") }}
 {{- end }}