feat(kube-enforcer): add deploymentAnnotations option to control deployment annotations

[sjoukedv]

this is useful for example with argo cd sync waves

Signed-off-by: Sjouke de Vries [email protected]

[CLAassistant]

All committers have signed the CLA.

[semyonmor]

@sjoukedv
Can you pls add more details on how the deploymentAnnotations is different from the podAnnotation?

[sjoukedv]

@sjoukedv Can you pls add more details on how the deploymentAnnotations is different from the podAnnotation?

@semyonmor Deployment is the 'root' object that is created against the Kubernetes api server. It will create a ReplicaSet which in terms create a Pod (where the pod also has at least one Container), so the annotation is on a completely different object.

I can elaborate on my use case; Argo CD will create all of our Kubernetes resources for us, so it is useful if we can add annotations to it to control the order it synces the deployment (see argocd sync waves). We need this because first we want to create the (new) certificate/ca in the secret and afterwards mount it into the pod. Otherwise the old value of the secret will be mounted. I have created to #784 address this issue with checksum/config.