-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(chart): allow to run tpl on ServiceAccount
annotations
#4958
feat(chart): allow to run tpl on ServiceAccount
annotations
#4958
Conversation
Welcome @fcrespofastly! |
Hi @fcrespofastly. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Hey @szuecs @stevehipwell 👋🏻 ! How do you feel about this change? it should be basically noop, can we launch the tests? |
I also updated the CHANGELOG adding an entry under @szuecs @stevehipwell ☝🏻 I think that's correct right? |
/ok-to-test |
ServiceAccount
annotations
/assign @stevehipwell |
Is it not safer to create a helper function in _helpers.tpl, and reference it in template?
Then for example if someone deploy external-dns with umbrella chart can override behaviour in local Example apiVersion: v2
name: external-dns-umbrella
dependencies:
- name: external-dns
version: 1.15.0
repository: https://kubernetes-sigs.github.io/external-dns/ and in my local {{- define "external-dns.serviceAccountAnnotations" -}}
.. behaviour override |
Hey @ivankatliarchuk 👋🏻 ! Thanks for suggesting this, that's an interesting approach as well! I don't mind iterating on this towards your suggested approach, but I want to make sure we're all on the same page:
@stevehipwell thoughts? Thanks folks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @fcrespofastly but the implementation isn't correct due to the way helm works with YAML blobs. This can be solved with a loop as the annotations are a fixed simple type.
Please could you also update the comment in values.yaml so the ability to template is added to the docs (you need to run helm-docs
after making this change to update README.md).
@@ -11,7 +11,7 @@ metadata: | |||
{{- end }} | |||
{{- with .Values.serviceAccount.annotations }} | |||
annotations: | |||
{{- toYaml . | nindent 4 }} | |||
{{- tpl (toYaml .) $ | nindent 4 }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{{- tpl (toYaml .) $ | nindent 4 }} | |
{{- range $k, $v := . }} | |
{{- printf "%s: %s" (tpl $k $) (tpl $v $) }} | |
{{- end }} |
charts/external-dns/CHANGELOG.md
Outdated
@@ -27,6 +27,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | |||
|
|||
- Fixed automatic addition of pod selector labels to `affinity` and `topologySpreadConstraints` if not defined. _@pvickery-ParamountCommerce_ | |||
|
|||
### Changed | |||
|
|||
- Allow templatizing `serviceaccount.annotations` in values, by rendering them using `tpl` built-in function: [#4958](https://github.com/kubernetes-sigs/external-dns/pull/4958) @fcrespofastly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Allow templatizing `serviceaccount.annotations` in values, by rendering them using `tpl` built-in function: [#4958](https://github.com/kubernetes-sigs/external-dns/pull/4958) @fcrespofastly | |
- Allow templating `serviceaccount.annotations` keys and values, by rendering them using the `tpl` built-in function. ([#4958](https://github.com/kubernetes-sigs/external-dns/pull/4958)) _@fcrespofastly_ |
@stevehipwell thanks for the feedback!! I implemented the suggested changes, plus a minor nit (nindent). Out of curiosity now, why the initial implementation doesn't work exactly? You mentioned due to the way Helm handles YAML blobs but I was wondering if you could provide with an example (again, just curiosity) Thanks again! |
charts/external-dns/values.yaml
Outdated
# -- Annotations to add to the service account. Templates are allowed here. Example: | ||
# annotations: | ||
# example.com/annotation: {{ .Values.nameOverride }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# -- Annotations to add to the service account. Templates are allowed here. Example: | |
# annotations: | |
# example.com/annotation: {{ .Values.nameOverride }} | |
# -- Annotations to add to the service account. Templates are allowed in both the key and value; for example `example.com/annotation/{{ .Values.nameOverride }}: {{ .Values.nameOverride }}`. |
Helm docs doesn't support multi-line strings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done! thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @fcrespofastly. Could you add a templated annotation to the charts/external-dns/ci/ci-values.yaml file so this pattern is validated?
@stevehipwell done! 🚀 |
/label tide/merge-method-squash |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: stevehipwell The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Description
The basic use-case is to add dynamic environmental metadata to external-dns KSA so we can take advantage of advanced cloud IAM features such as IRSA or Workload Identity. We already provide the necessary metadata through values so we could DRY those values and render them in values files. For instance:
This change doesn't break any previous behavior.