From 5bd095051a9d5f403a7a4dc93f5bbb922018c114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=BB=83=E5=81=A5=E6=AF=85?= <2756283+huang-jy@users.noreply.github.com> Date: Fri, 9 Apr 2021 08:53:17 +0100 Subject: [PATCH 1/4] Bump version to 1.1.5 (1.1.4 is currently packaged and publicly available) --- moon/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/moon/Chart.yaml b/moon/Chart.yaml index 49f90d3..7d1d219 100644 --- a/moon/Chart.yaml +++ b/moon/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -name: moon -version: 1.0.7 appVersion: 1.8.3 description: Moon Helm chart +name: moon +version: 1.1.5 From 254fbf7384c2eaf7106c434815a8e5c2049b81e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=BB=83=E5=81=A5=E6=AF=85?= <2756283+huang-jy@users.noreply.github.com> Date: Fri, 9 Apr 2021 08:56:54 +0100 Subject: [PATCH 2/4] Add annotations option to service account to enable workload identity of security/monitoring tagging of the service account if needed. --- moon/templates/moon.yaml | 6 ++++++ moon/values.yaml | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/moon/templates/moon.yaml b/moon/templates/moon.yaml index d8f9305..239f330 100644 --- a/moon/templates/moon.yaml +++ b/moon/templates/moon.yaml @@ -4,6 +4,12 @@ kind: ServiceAccount metadata: name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} + {{- if .Values.moon.serviceaccount.annotations }} + annotations: + {{- range $key, $value := .Values.moon.serviceaccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/moon/values.yaml b/moon/values.yaml index f2a3af8..ec36865 100644 --- a/moon/values.yaml +++ b/moon/values.yaml @@ -6,6 +6,14 @@ moon: enabled: resources: true + ## + ## Optionally add annotations to the service account generated byt the chart + ## This is necessary if you intend to use the moon service account for + ## Workload Identity or want to tag it for any security monitoring tools + ## + serviceaccount: + annotations: {} + # iam.gke.io/gcp-service-account: moon-sa-on-gcp@gcp-project.iam.gserviceaccount.com # ## # ## Global timeouts. # ## From 0dc365282a3abe15143264654c4844a7667cabe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=BB=83=E5=81=A5=E6=AF=85?= <2756283+huang-jy@users.noreply.github.com> Date: Fri, 9 Apr 2021 14:08:00 +0100 Subject: [PATCH 3/4] Revert the version change as discussed --- moon/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/moon/Chart.yaml b/moon/Chart.yaml index 7d1d219..49f90d3 100644 --- a/moon/Chart.yaml +++ b/moon/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 +name: moon +version: 1.0.7 appVersion: 1.8.3 description: Moon Helm chart -name: moon -version: 1.1.5 From 97f3099f14246ac7a87ada0b5e26059a93fb0fb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=BB=83=E5=81=A5=E6=AF=85?= <2756283+huang-jy@users.noreply.github.com> Date: Fri, 9 Apr 2021 14:09:09 +0100 Subject: [PATCH 4/4] Detect for null values --- moon/templates/moon.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/moon/templates/moon.yaml b/moon/templates/moon.yaml index 239f330..38de8d4 100644 --- a/moon/templates/moon.yaml +++ b/moon/templates/moon.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount metadata: name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} - {{- if .Values.moon.serviceaccount.annotations }} + {{- if and .Values.moon.serviceaccount .Values.moon.serviceaccount.annotations }} annotations: {{- range $key, $value := .Values.moon.serviceaccount.annotations }} {{ $key }}: {{ $value | quote }}