Added ability to specify annotations to ServiceAccount

2026-03-26 21:33:14 +00:00 · 2021-05-25 12:04:38 -04:00
parent 8c6ccfbca2
commit 446ac0b190
9 changed files with 45 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -28,6 +28,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
         * [Persisting Projects Directory](#persisting-projects-directory)
         * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options)
         * [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers)
+         * [Service Account](#service-account)
   * [Upgrading](#upgrading)
   * [Contributing](#contributing)
   * [Release Process](#release-process)
@@ -535,6 +536,22 @@ Example configuration of environment variables
        value: foo
 ```

+#### Service Account
+
+If you need to modify some `ServiceAccount` proprieties
+
+| Name                          | Description                                              | Default |
+| ----------------------------- | -------------------------------------------------------- | ------- |
+| service_account_annotations   | Annotations to the ServiceAccount                        | ''      |
+
+Example configuration of environment variables
+
+```yaml
+  spec:
+    service_account_annotations: |
+      eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
+```
+
 ### Upgrading

 To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX.  To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release.
--- a/ansible/templates/crd.yml.j2
+++ b/ansible/templates/crd.yml.j2
@@ -201,6 +201,9 @@ spec:
                          type: string
                      type: object
                  type: object
+                service_account_annotations:
+                  description: ServiceAccount annotations
+                  type: string
                replicas:
                  description: Number of instance replicas
                  type: integer
--- a/deploy/awx-operator.yaml
+++ b/deploy/awx-operator.yaml
@@ -203,6 +203,9 @@ spec:
                          type: string
                      type: object
                  type: object
+                service_account_annotations:
+                  description: ServiceAccount annotations
+                  type: string
                replicas:
                  description: Number of instance replicas
                  type: integer
--- a/deploy/crds/awx_v1beta1_crd.yaml
+++ b/deploy/crds/awx_v1beta1_crd.yaml
@@ -201,6 +201,9 @@ spec:
                          type: string
                      type: object
                  type: object
+                service_account_annotations:
+                  description: ServiceAccount annotations
+                  type: string
                replicas:
                  description: Number of instance replicas
                  type: integer
--- a/deploy/crds/awx_v1beta1_molecule.yaml
+++ b/deploy/crds/awx_v1beta1_molecule.yaml
@@ -5,6 +5,8 @@ metadata:
  name: example-awx
  namespace: example-awx
 spec:
+  service_account_annotations: |
+    foo: bar
  deployment_type: awx
  ingress_type: ingress
  web_resource_requirements:
--- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
+++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
@@ -173,6 +173,11 @@ spec:
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:io.kubernetes:Secret
+      - displayName: Service Account Annotations
+        path: service_account_annotations
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
      - displayName: Ingress Type
        path: ingress_type
        x-descriptors:
--- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
+++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
@@ -226,6 +226,9 @@ spec:
              redis_image_version:
                description: Redis container image version to use
                type: string
+              service_account_annotations:
+                description: ServiceAccount annotations
+                type: string
              replicas:
                default: 1
                description: Number of instance replicas
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -9,6 +9,11 @@ database_username: "{{ deployment_type }}"
 task_privileged: false
 ingress_type: none

+# Add annotations to the service account. Specify as literal block. E.g.:
+# service_account_annotations: |
+#   eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
+service_account_annotations: ''
+
 # Custom labels for the tower service. Specify as literal block. E.g.:
 # service_labels: |
 #   environment: non-production
--- a/roles/installer/templates/service_account.yaml.j2
+++ b/roles/installer/templates/service_account.yaml.j2
@@ -10,6 +10,10 @@ metadata:
    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
    app.kubernetes.io/component: '{{ deployment_type }}'
    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+{% if service_account_annotations %}
+  annotations:
+    {{ service_account_annotations | indent(width=4) }}
+{% endif %}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role