Added service account annotations

[mkotsalainen]

Summary

Helm chart service account annotation. Needed for EKS IRSA roles. I took code from: https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/values.yaml#L78 https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/serviceaccount.yaml#L12

[mkotsalainen]

Here's related issue: https://github.com/k8up-io/k8up/issues/875

[mkotsalainen]

The comment for the parameter is wrong.

Good catch! Fixed.

Could you please also run make chart-docs and git rebase master --signoff on your branch to make our checks pass.

Done.

[Kidswiss]

hmmm... the DCO check is still not happy.

Can you try this way?

git rebase HEAD~6 --signoff
git push --force-with-lease origin sa-annotation

[mkotsalainen]

hmmm... the DCO check is still not happy.

Can you try this way?

git rebase HEAD~6 --signoff
git push --force-with-lease origin sa-annotation

done

[mkotsalainen]

is there something more I need to do on this?

[Kidswiss]

Sorry I was off pretty early yesterday.

The commits look a bit weird now. Did you maybe rebase or squash before you executed my signoff command? It also signed commits from other people with your mail address.

Could you please drop those from the PR?

[mkotsalainen]

If I'm not mistaken executed the commands in the order that they appeared in the chat. To tell you the truth I didn't really know what I was doing - I've never seen the --force-with-lease flag before :)

Anyways, I've tried but I can't seem to get rid of those older commits from my branch.

If you want I can try to fork your repo again and redo from scratch, maybe that helps? Or you just take my diff and merge it - I don't care about attribution - I just want to be able give an AWS IRSA role to the k8up pod so that we can use it.

[Kidswiss]

Yeah the whole DCO thing is a bit fiddly unfortunately... But it's required as we're a CNCF project.

I have a look to get this merged and released. Maybe I can cherry-pick your commits onto a new branch.

[Kidswiss]

I've merged it via #877.

I just triggered a release, it should be available in a few minutes.

[mkotsalainen]

Thanks!!

[mkotsalainen]

Sorry to bother you with this again but there is a whitespace in front of annotations:

This causes the helm chart to render a non-valid ServiceAccount spec. Helm / yaml is picky.

This indentention level works:

{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: testing
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
{{- end }}

[Kidswiss]

No worries, I should have caught that during the review 🙈. The git mess made me miss that, sorry. I'll create a fix for that.