From 095c1f1e43ddeb2d6939907d07acba40d0442af7 Mon Sep 17 00:00:00 2001 From: Maneesh Singh Date: Wed, 30 Oct 2024 19:49:32 -0700 Subject: [PATCH] feat: allow service account annoations Signed-off-by: Maneesh Singh --- charts/ratify/README.md | 1 + charts/ratify/templates/serviceaccount.yaml | 6 +++++- charts/ratify/values.yaml | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 571bfa141..7b79647bf 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -78,6 +78,7 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t | resources.requests.memory | Memory request of Ratify Deployment | `512Mi` | | serviceAccount.create | Create new dedicated Ratify service account | `true` | | serviceAccount.name | Name of Ratify service account to create | `ratify-admin` | +| serviceAccount.annotations | Annotations to add to the service account | `{}` | | gatekeeper.version | Determines the Gatekeeper CRD versioning | `3.17.0` | | gatekeeper.namespace | Namespace Gatekeeper is installed | `gatekeeper-system` | | instrumentation.metricsEnabled | Initializes the configured metrics provider | `true` | diff --git a/charts/ratify/templates/serviceaccount.yaml b/charts/ratify/templates/serviceaccount.yaml index 16713acff..68db5e8c5 100644 --- a/charts/ratify/templates/serviceaccount.yaml +++ b/charts/ratify/templates/serviceaccount.yaml @@ -7,5 +7,9 @@ metadata: {{- if .Values.azureWorkloadIdentity.clientId }} azure.workload.identity/use: "true" {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ratify.serviceAccountName" . }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index 2faf76a13..c026ed4df 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -49,9 +49,13 @@ resources: requests: cpu: 600m memory: 512Mi + serviceAccount: create: true name: ratify-admin + # Annotations to add to the service account + annotations: {} + gatekeeper: version: "3.17.0" namespace: # default is gatekeeper-system