feat(annotations): add secret annotations

Allow adding annotations to secret resources.

Signed-off-by: Alexander Chebotov <[email protected]>

charts/atlantis/templates/secret-api.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   apisecret: {{ .Values.api.secret | b64enc }}

charts/atlantis/templates/secret-aws.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   {{- if .Values.aws.credentials }}

charts/atlantis/templates/secret-basic-auth.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   username: {{ .Values.basicAuth.username | b64enc }}

charts/atlantis/templates/secret-gitconfig.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   gitconfig: {{ .Values.gitconfig | b64enc }}

charts/atlantis/templates/secret-netrc.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   netrc: {{ .Values.netrc | b64enc }}

charts/atlantis/templates/secret-redis.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   password: {{ .Values.redis.password | b64enc }}

charts/atlantis/templates/secret-service-account.yaml

@@ -8,9 +8,14 @@ metadata:
   labels:
     component: service-account-secret
     {{- include "atlantis.labels" $ | nindent 4 }}
-  {{- with $.Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   service-account.json: {{ $secret }}

charts/atlantis/templates/secret-webhook.yaml

@@ -6,9 +6,14 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
-  {{- with .Values.extraAnnotations }}
+  {{- if or .Values.secretAnnotations .Values.extraAnnotations }}
   annotations:
+    {{- with .Values.secretAnnotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.extraAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
 data:
   {{- if .Values.githubApp }}

charts/atlantis/values.schema.json

@@ -1193,6 +1193,16 @@
       "description": "SecurityContext configuration for atlantis containers.",
       "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext"
     },
+    "secretAnnotations": {
+      "type": "object",
+      "description": "Add additional secret annotations",
+      "items": {
+        "type": "object"
+      },
+      "examples": {
+        "team": "example"
+      }
+    },
     "servicemonitor": {
       "type": "object",
       "description": "ServiceMonitor configuration for atlantis containers.",

charts/atlantis/values.yaml

@@ -652,6 +652,12 @@ dnsConfig: {}
 
 hostNetwork: false
 
+# - These annotations will be added to secrets.
+# Check values.yaml for examples.
+secretAnnotations: {}
+# secretAnnotations:
+#   team: example
+
 # - These annotations will be added to all the resources.
 # Check values.yaml for examples.
 extraAnnotations: {}