From 2521c63b8615d1acf5fc98b131f851dda5b7a7a9 Mon Sep 17 00:00:00 2001
From: Justin Seiser <jseiser@users.noreply.github.com>
Date: Wed, 31 May 2023 14:48:07 -0400
Subject: [PATCH] feat(cronjobs): Enable podAnnotations on CronJobs (#7366)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Justin S <justinseiser@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 charts/kyverno/README.md                                    | 2 ++
 .../templates/cleanup/cleanup-admission-reports.yaml        | 5 +++++
 .../cleanup/cleanup-cluster-admission-reports.yaml          | 5 +++++
 charts/kyverno/values.yaml                                  | 6 ++++++
 config/install-latest-testing.yaml                          | 2 ++
 5 files changed, 20 insertions(+)

diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 0ae00f0df6..fdbda8b154 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -625,6 +625,7 @@ The chart values are organised per component.
 | cleanupJobs.admissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
 | cleanupJobs.admissionReports.resources | object | `{}` | Job resources |
 | cleanupJobs.admissionReports.tolerations | list | `[]` | List of node taints to tolerate |
+| cleanupJobs.admissionReports.podAnnotations | object | `{}` | Pod Annotations |
 | cleanupJobs.clusterAdmissionReports.enabled | bool | `true` | Enable cleanup cronjob |
 | cleanupJobs.clusterAdmissionReports.image.registry | string | `nil` | Image registry |
 | cleanupJobs.clusterAdmissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
@@ -637,6 +638,7 @@ The chart values are organised per component.
 | cleanupJobs.clusterAdmissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
 | cleanupJobs.clusterAdmissionReports.resources | object | `{}` | Job resources |
 | cleanupJobs.clusterAdmissionReports.tolerations | list | `[]` | List of node taints to tolerate |
+| cleanupJobs.clusterAdmissionReports.podAnnotations | object | `{}` | Pod Annotations |
 
 ### Other
 
diff --git a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
index 7a051546f1..dbb40687f4 100644
--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@@ -14,6 +14,11 @@ spec:
   jobTemplate:
     spec:
       template:
+        metadata:
+          {{- with .Values.cleanupJobs.admissionReports.podAnnotations }}
+          annotations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         spec:
           serviceAccountName: {{ template "kyverno.name" . }}-cleanup-jobs
           {{- with .Values.cleanupJobs.admissionReports.podSecurityContext }}
diff --git a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
index aefb1b1f35..2ffa379a85 100644
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@@ -14,6 +14,11 @@ spec:
   jobTemplate:
     spec:
       template:
+        metadata:
+          {{- with .Values.cleanupJobs.clusterAdmissionReports.podAnnotations }}
+          annotations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         spec:
           serviceAccountName: {{ template "kyverno.name" . }}-cleanup-jobs
           {{- with .Values.cleanupJobs.clusterAdmissionReports.podSecurityContext }}
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index a9cb8f40bd..c3dee059f3 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -434,6 +434,9 @@ cleanupJobs:
     # -- List of node taints to tolerate
     tolerations: []
 
+    # -- Pod Annotations
+    podAnnotations: {}
+
   clusterAdmissionReports:
 
     # -- Enable cleanup cronjob
@@ -483,6 +486,9 @@ cleanupJobs:
     # -- List of node taints to tolerate
     tolerations: []
 
+    # -- Pod Annotations
+    podAnnotations: {}
+
 # Admission controller configuration
 admissionController:
 
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index e83e03bd4b..db7a86aa42 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -35719,6 +35719,7 @@ spec:
   jobTemplate:
     spec:
       template:
+        metadata:
         spec:
           serviceAccountName: kyverno-cleanup-jobs
           containers:
@@ -35765,6 +35766,7 @@ spec:
   jobTemplate:
     spec:
       template:
+        metadata:
         spec:
           serviceAccountName: kyverno-cleanup-jobs
           containers: