feat(helm): add service-account features to egress and ingress

Add features that existed for the CP but not ingress/egress:

- imagePullSecrets (for egress)
- serviceAccountAnnotations
- automountServiceAccountToken

Fix #7824

Signed-off-by: Charly Molter <[email protected]>

app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml

@@ -498,7 +498,12 @@ ingress:
 
   # -- Security context at the container level for ingress
   containerSecurityContext:
-   readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: true
+
+  # -- Annotations to add for Control Plane's Service Account
+  serviceAccountAnnotations: { }
+  # -- Whether to automountServiceAccountToken for cp. Optionally set to false
+  automountServiceAccountToken: true
 
 egress:
   # -- If true, it deploys Egress for cross cluster communication
@@ -602,7 +607,12 @@ egress:
 
   # -- Security context at the container level for egress
   containerSecurityContext:
-   readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: true
+
+  # -- Annotations to add for Control Plane's Service Account
+  serviceAccountAnnotations: { }
+  # -- Whether to automountServiceAccountToken for cp. Optionally set to false
+  automountServiceAccountToken: true
 
 kumactl:
   image:

app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml

@@ -573,6 +573,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-egress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux

app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml

@@ -6659,6 +6659,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-egress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux
@@ -6789,6 +6790,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-ingress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux

app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml

@@ -577,6 +577,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-ingress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux

app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml

@@ -590,6 +590,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-ingress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux

app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml

@@ -839,6 +839,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-egress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux
@@ -972,6 +973,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-ingress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux

app/kumactl/cmd/install/testdata/install-cp-helm/fix5978.golden.yaml

@@ -611,6 +611,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-egress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux
@@ -741,6 +742,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 5678
       serviceAccountName: kuma-ingress
+      automountServiceAccountToken: true
       nodeSelector:
 
         kubernetes.io/os: linux