Add support for additional annotations in the statefulset object to support cert-manager/reloader integration

[wollud1969]

I would like to obtain the certificate for my timescaledb instance from Let's Encrypt via cert-manager. I've setup this using the following code:

cert.yml:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: db2-hottis-de
spec:
  secretName: timescaledb-2-certificate
  duration: 2160h
  renewBefore: 360h
  subject:
    organizations:
      - hottis-de
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
  dnsNames:
    - db2.hottis.de
  issuerRef:
    name: letsencrypt-staging-http
    kind: ClusterIssuer
    group: cert-manager.io

and

kubectl -f cert.yml -n $NAMESPACE apply

while true; do
  echo "certificate not yet ready"
  kubectl get secret timescaledb-2-certificate -n $NAMESPACE && break
done

helm repo add timescaledb https://charts.timescale.com
helm repo update
helm upgrade --install -f values.yml timescaledb timescaledb/timescaledb-single --version 0.33.1 \
  --namespace=$NAMESPACE

and

(in values.yml)

secrets:
  certificateSecretName: timescaledb-2-certificate

Renewal of the certificate is handled by cert-manager. However, the timescaledb pods need to mount the renewed certificates after renewal. To trigger a restart of applications after such a configuration/secret change I've deployed stakater/reloader. To let reloader consider timescaledb an annotation at the statefulset is required. bitnami/keycloak for instance provides this functionality this way:

commonAnnotations:
  secret.reloader.stakater.com/reload: "keycloak-db-cred"

(Although this functionality concerning certificate is not required here since the certificate stuff is handled by the ingress controller in this case.)

Consider, please, to add the option to set annotations in the statefulset object via the values.yml file.

Cheers and thanks, Wolfgang