From 09a827af6d6ea24643573e5f17949ace38cda7b8 Mon Sep 17 00:00:00 2001
From: James PS <jamesarems@gmail.com>
Date: Thu, 14 Sep 2023 14:58:14 +0100
Subject: [PATCH] chart/service-deployment add support for azure (closes #111)

---
 CHANGELOG                                           | 4 ++++
 charts/service-deployment/Chart.lock                | 6 +++---
 charts/service-deployment/Chart.yaml                | 4 ++--
 charts/service-deployment/README.md                 | 3 ++-
 charts/service-deployment/templates/deployment.yaml | 3 +++
 charts/service-deployment/values.yaml               | 5 ++++-
 6 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8db2016..62d310c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,7 @@
+Version 0.1.43 (2023-09-14)
+---------------------------
+charts/service-deployment: Add support for Azure managed identity (#111)
+
 Version 0.1.42 (2023-09-14)
 ---------------------------
 charts/daemonset: Add azure workload identity label (#114)
diff --git a/charts/service-deployment/Chart.lock b/charts/service-deployment/Chart.lock
index 00b620b..fab5bb5 100644
--- a/charts/service-deployment/Chart.lock
+++ b/charts/service-deployment/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
   version: 0.1.0
 - name: cloudserviceaccount
   repository: https://snowplow-devops.github.io/helm-charts
-  version: 0.2.0
-digest: sha256:9deff1a4eb1a923a1ff362a28e27e86945c843c50945797618d3e59e0429c4ad
-generated: "2022-11-01T10:50:08.896834Z"
+  version: 0.3.0
+digest: sha256:75f92234ea471c522e2cd8072bde78e2ff3b5ecf1dbdc43d2b86ed7dcdf9ec08
+generated: "2023-09-14T14:33:02.109845+01:00"
diff --git a/charts/service-deployment/Chart.yaml b/charts/service-deployment/Chart.yaml
index adb69dc..6e919e3 100644
--- a/charts/service-deployment/Chart.yaml
+++ b/charts/service-deployment/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: service-deployment
 description: A Helm Chart to setup a generic deployment with optional service/hpa bindings
-version: 0.5.0
+version: 0.6.0
 icon: https://raw.githubusercontent.com/snowplow-devops/helm-charts/master/docs/logo/snowplow.png
 home: https://github.com/snowplow-devops/helm-charts
 sources:
@@ -18,5 +18,5 @@ dependencies:
     version: 0.1.0
     repository: "https://snowplow-devops.github.io/helm-charts"
   - name: cloudserviceaccount
-    version: 0.2.0
+    version: 0.3.0
     repository: "https://snowplow-devops.github.io/helm-charts"
diff --git a/charts/service-deployment/README.md b/charts/service-deployment/README.md
index 4b6d3cd..9d2ebfd 100644
--- a/charts/service-deployment/README.md
+++ b/charts/service-deployment/README.md
@@ -43,7 +43,7 @@ helm delete service-deployment
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| global.cloud | string | `""` | Cloud specific bindings (options: aws, gcp) |
+| global.cloud | string | `""` | Cloud specific bindings (options: aws, gcp, azure) |
 | fullnameOverride | string | `""` | Overrides the full-name given to the deployment resources (default: .Release.Name) |
 | image.repository | string | `"nginx"` |  |
 | image.tag | string | `"latest"` |  |
@@ -82,3 +82,4 @@ helm delete service-deployment
 | cloudserviceaccount.name | string | `"snowplow-sd-service-account"` | Name of the service-account to create |
 | cloudserviceaccount.aws.roleARN | string | `""` | IAM Role ARN to bind to the k8s service account |
 | cloudserviceaccount.gcp.serviceAccount | string | `""` | Service Account email to bind to the k8s service account |
+| cloudserviceaccount.azure.managedIdentityId | string | `""` | Workload managed identity id to bind to the k8s service account |
diff --git a/charts/service-deployment/templates/deployment.yaml b/charts/service-deployment/templates/deployment.yaml
index 3651fbb..2f4ccf8 100644
--- a/charts/service-deployment/templates/deployment.yaml
+++ b/charts/service-deployment/templates/deployment.yaml
@@ -13,6 +13,9 @@ spec:
     metadata:
       labels:
         app: {{ include "app.fullname" . }}
+        {{- if eq .Values.global.cloud "azure" }}
+        azure.workload.identity/use: "true"
+        {{- end }}
       annotations:
         {{- if .Values.configMaps }}
         {{- range $v := .Values.configMaps }}
diff --git a/charts/service-deployment/values.yaml b/charts/service-deployment/values.yaml
index aa44448..ff8ec90 100644
--- a/charts/service-deployment/values.yaml
+++ b/charts/service-deployment/values.yaml
@@ -1,5 +1,5 @@
 global:
-  # -- Cloud specific bindings (options: aws, gcp)
+  # -- Cloud specific bindings (options: aws, gcp , azure)
   cloud: ""
 
 # -- Overrides the full-name given to the deployment resources (default: .Release.Name)
@@ -114,6 +114,9 @@ cloudserviceaccount:
   gcp:
     # -- Service Account email to bind to the k8s service account
     serviceAccount: ""
+  azure:
+    # -- Workload managed identity id to bind to the k8s service account
+    managedIdentityId: ""
 
 deployment:
   # -- When enabled, disables the HPA and scales the deployment to zero replicas