feat(argo-workflows): Add labels for ServiceAccounts (#1665)

* Add labels for ServiceAccounts Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> * fix workflow serviceaccount labels Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> * fix docs Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>
2022-11-25 02:35:40 +02:00 · 2022-11-25 02:35:40 +02:00 · 062417e30d
parent 16cf7af98b
commit 062417e30d
6 changed files with 20 additions and 2 deletions
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v3.4.3
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.20.9
+version: 0.20.10
 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -13,4 +13,4 @@ maintainers:
    url: https://argoproj.github.io/
 annotations:
  artifacthub.io/changes: |
-    - "[Fixed]: allow users to optionally whitelist secrets"
+    - "[Added]: Add labels to ServiceAccounts."
--- a/charts/argo-workflows/README.md
+++ b/charts/argo-workflows/README.md
@ -62,6 +62,7 @@ Fields to note:
 | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
 | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
+| workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows |

 ### Workflow Controller
@ -114,6 +115,7 @@ Fields to note:
 | controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext |
 | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | controller.serviceAccount.create | bool | `true` | Create a service account for the controller |
+| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | controller.serviceAccount.name | string | `""` | Service account name |
 | controller.serviceAnnotations | object | `{}` | Annotations to be applied to the controller Service |
 | controller.serviceLabels | object | `{}` | Optional labels to add to the controller Service |
@ -200,6 +202,7 @@ Fields to note:
 | server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context |
 | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | server.serviceAccount.create | bool | `true` | Create a service account for the server |
+| server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | server.serviceAccount.name | string | `""` | Service account name |
 | server.serviceAnnotations | object | `{}` | Annotations to be applied to the UI Service |
 | server.serviceLabels | object | `{}` | Optional labels to add to the UI Service |
--- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
@ -5,6 +5,9 @@ metadata:
  name: {{ template "argo-workflows.controllerServiceAccountName" . }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+  {{- with .Values.controller.serviceAccount.labels  }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
  {{ with .Values.controller.serviceAccount.annotations }}
  annotations:
    {{- toYaml .| nindent 4 }}
--- a/charts/argo-workflows/templates/controller/workflow-sa.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml
@ -7,6 +7,9 @@ metadata:
  name: {{ $.Values.workflow.serviceAccount.name }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
+  {{- with $.Values.workflow.serviceAccount.labels  }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
    {{- with $namespace }}
  namespace: {{ . }}
    {{- end }}
--- a/charts/argo-workflows/templates/server/server-sa.yaml
+++ b/charts/argo-workflows/templates/server/server-sa.yaml
@ -5,6 +5,9 @@ metadata:
  name: {{ template "argo-workflows.serverServiceAccountName" . }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+  {{- with .Values.server.serviceAccount.labels  }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
  {{- with .Values.server.serviceAccount.annotations  }}
  annotations:
    {{- toYaml . | nindent 4 }}
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@ -41,6 +41,8 @@ workflow:
  serviceAccount:
    # -- Specifies whether a service account should be created
    create: false
+    # -- Labels applied to created service account
+    labels: {}
    # -- Annotations applied to created service account
    annotations: {}
    # -- Service account which is used to run workflows
@ -181,6 +183,8 @@ controller:
    create: true
    # -- Service account name
    name: ""
+    # -- Labels applied to created service account
+    labels: {}
    # -- Annotations applied to created service account
    annotations: {}

@ -366,6 +370,8 @@ server:
    create: true
    # -- Service account name
    name: ""
+    # -- Labels applied to created service account
+    labels: {}
    # -- Annotations applied to created service account
    annotations: {}