Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Custom service account annotations #200

Merged
merged 1 commit into from
Feb 26, 2025
Merged

feat: Custom service account annotations #200

merged 1 commit into from
Feb 26, 2025

Conversation

jsirianni
Copy link
Member

@jsirianni jsirianni commented Feb 26, 2025
edited
Loading

Description of Changes

Added support for arbitrary service account annotations.

When running helm template with annotations defined (see test update), I get the following service account.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: release-name-bindplane
  namespace: default
  labels:
    app.kubernetes.io/name: bindplane
    app.kubernetes.io/stack: bindplane
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/managed-by: Helm
  annotations:
    iam.gke.io/gcp-service-account: bindplane-sa

This annotation allows users to implement workload identity in GKE. You can read more about it here. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Closes #177

Please check that the PR fulfills these requirements

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • CI passes
  • Changes to ports, services, or other networking have been tested with istio

@jsirianni jsirianni marked this pull request as ready for review February 26, 2025 14:37
@jsirianni jsirianni requested a review from tbm48813 as a code owner February 26, 2025 14:37
@jsirianni jsirianni merged commit f98c9c0 into main Feb 26, 2025
28 checks passed
@jsirianni jsirianni deleted the joesirianni/bpop-2111-bindplane-helm-arbitrary-service-account-annotations branch February 26, 2025 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andykellr andykellr andykellr approved these changes

@tbm48813 tbm48813 Awaiting requested review from tbm48813 tbm48813 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Workload Identity federation support for GKE
2 participants
@jsirianni @andykellr