fix: add annotations support for all SA in helm chart (#6585)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-03-16 08:50:12 +01:00 · 2023-03-16 08:50:12 +01:00 · ba6da89416
commit ba6da89416
parent 8de01fc006
5 changed files with 29 additions and 2 deletions
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -292,6 +292,7 @@ The command removes all the Kubernetes components associated with the chart and
 | cleanupController.enabled | bool | `true` | Enable cleanup controller. |
 | cleanupController.rbac.create | bool | `true` | Create RBAC resources |
 | cleanupController.rbac.serviceAccount.name | string | `nil` | Service account name |
+| cleanupController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
 | cleanupController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
 | cleanupController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. |
 | cleanupController.image.registry | string | `"ghcr.io"` | Image registry |
@ -350,6 +351,7 @@ The command removes all the Kubernetes components associated with the chart and
 | reportsController.enabled | bool | `true` | Enable reports controller. |
 | reportsController.rbac.create | bool | `true` | Create RBAC resources |
 | reportsController.rbac.serviceAccount.name | string | `nil` | Service account name |
+| reportsController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
 | reportsController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
 | reportsController.image.registry | string | `"ghcr.io"` | Image registry |
 | reportsController.image.repository | string | `"kyverno/reports-controller"` | Image repository |
@ -400,6 +402,7 @@ The command removes all the Kubernetes components associated with the chart and
 | backgroundController.enabled | bool | `true` | Enable background controller. |
 | backgroundController.rbac.create | bool | `true` | Create RBAC resources |
 | backgroundController.rbac.serviceAccount.name | string | `nil` | Service account name |
+| backgroundController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
 | backgroundController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
 | backgroundController.image.registry | string | `nil` | Image registry |
 | backgroundController.image.repository | string | `"ghcr.io/kyverno/background-controller"` | Image repository |
--- a/charts/kyverno/templates/background-controller/serviceaccount.yaml
+++ b/charts/kyverno/templates/background-controller/serviceaccount.yaml
@ -4,8 +4,12 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "kyverno.background-controller.serviceAccountName" . }}
+  namespace: {{ template "kyverno.namespace" . }}
  labels:
    {{- include "kyverno.background-controller.labels" . | nindent 4 }}
-  namespace: {{ template "kyverno.namespace" . }}
+  {{- with .Values.backgroundController.rbac.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end -}}
 {{- end -}}
--- a/charts/kyverno/templates/cleanup-controller/serviceaccount.yaml
+++ b/charts/kyverno/templates/cleanup-controller/serviceaccount.yaml
@ -7,5 +7,9 @@ metadata:
  namespace: {{ template "kyverno.namespace" . }}
  labels:
    {{- include "kyverno.cleanup-controller.labels" . | nindent 4 }}
+  {{- with .Values.cleanupController.rbac.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end -}}
 {{- end -}}
--- a/charts/kyverno/templates/reports-controller/serviceaccount.yaml
+++ b/charts/kyverno/templates/reports-controller/serviceaccount.yaml
@ -4,8 +4,12 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "kyverno.reports-controller.serviceAccountName" . }}
+  namespace: {{ template "kyverno.namespace" . }}
  labels:
    {{- include "kyverno.reports-controller.labels" . | nindent 4 }}
-  namespace: {{ template "kyverno.namespace" . }}
+  {{- with .Values.reportsController.rbac.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end -}}
 {{- end -}}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -548,6 +548,10 @@ cleanupController:
      # -- Service account name
      name:

+      # -- Annotations for the ServiceAccount
+      annotations: {}
+        # example.com/annotation: value
+
    clusterRole:
      # -- Extra resource permissions to add in the cluster role
      extraResources: []
@ -792,6 +796,10 @@ reportsController:
      # -- Service account name
      name:

+      # -- Annotations for the ServiceAccount
+      annotations: {}
+        # example.com/annotation: value
+
    clusterRole:
      # -- Extra resource permissions to add in the cluster role
      extraResources: []
@ -1024,6 +1032,10 @@ backgroundController:
      # -- Service account name
      name:

+      # -- Annotations for the ServiceAccount
+      annotations: {}
+        # example.com/annotation: value
+
    clusterRole:
      # -- Extra resource permissions to add in the cluster role
      extraResources: []