Add ability to specify annotations for the SDK service account #2317
Conversation
|
Build Succeeded 👏 Build Id: b9c0c387-5f33-4c1f-ad3c-bc38ae5c5073 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
highlyunavailable
force-pushed
the
add-sdk-annotations
branch
from
4a6e2f7
to
a3b7a84
Compare
| @@ -23,6 +23,10 @@ metadata: | |||
| chart: {{ template "agones.chart" $ }} | |||
| release: {{ $.Release.Name }} | |||
| heritage: {{ $.Release.Service }} | |||
| {{- if hasKey $.Values.agones.serviceaccount.sdk.annotations . }} | |||
There was a problem hiding this comment.
In other places we just check for existence, e.g.:
{{- if .Values.agones.allocator.service.annotations }}
annotations:
{{ toYaml .Values.agones.allocator.service.annotations | indent 4 }}
{{- end }}
There was a problem hiding this comment.
The reason it is "hasKey" is because that checks for existence of a variable key.
Given this:
agones:
serviceaccounts:
sdk:
annotations:
gameservers-eu-central-1:
eks.amazonaws.com/role-arn: arn:aws:iam::12345:role/IAMROLEHEREhasKey $.Values.agones.serviceaccount.sdk.annotations . where . is gameservers-eu-central-1 is saying "does the key gameservers-eu-central-1 exist under Values.agones.serviceaccount.sdk.annotations? If yes, then put the entire map below that into annotations. As far as I know, that's the correct way to check for if .Values.agones.serviceaccount.sdk.annotations.somevariablevalue - let me know if there's a better way.
There was a problem hiding this comment.
Sorry, I totally missed in my initial review that this allows you to set different annotations in each namespace, which is why you are checking for keys in a map and then pulling values from the map.
I wonder if it would be worthwhile to document somewhere the expected structure here (since it is different from the other places we allow annotations). Right now, your PR is the only place people could look to see how to properly set these annotations.
@markmandel - I know we have the reference pages for the yaml files that show all of the possible options (with comments) but I don't think there is anything similar for the helm values file. As it gets more expansive, I wonder if it would make sense to better document all of the options that we are adding. WDYT?
The gameserver SDK account commonly wants annotations, e.g. for cloud file store permissions for logs. This adds the ability to map gameserver namespaces to maps of annotations to be added to the SDK account for the specified namespace.
|
Build Succeeded 👏 Build Id: 4a477ee9-d595-4195-a2c5-d9d8f1f840c6 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
highlyunavailable
force-pushed
the
add-sdk-annotations
branch
from
a3b7a84
to
6a0128b
Compare
|
Build Succeeded 👏 Build Id: 34904944-43ec-4cf4-8219-46875d1645d8 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
| @@ -23,6 +23,10 @@ metadata: | |||
| chart: {{ template "agones.chart" $ }} | |||
| release: {{ $.Release.Name }} | |||
| heritage: {{ $.Release.Service }} | |||
| {{- if hasKey $.Values.agones.serviceaccount.sdk.annotations . }} | |||
There was a problem hiding this comment.
Sorry, I totally missed in my initial review that this allows you to set different annotations in each namespace, which is why you are checking for keys in a map and then pulling values from the map.
I wonder if it would be worthwhile to document somewhere the expected structure here (since it is different from the other places we allow annotations). Right now, your PR is the only place people could look to see how to properly set these annotations.
@markmandel - I know we have the reference pages for the yaml files that show all of the possible options (with comments) but I don't think there is anything similar for the helm values file. As it gets more expansive, I wonder if it would make sense to better document all of the options that we are adding. WDYT?
|
New changes are detected. LGTM label has been removed. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: highlyunavailable, roberthbailey The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Build Succeeded 👏 Build Id: aa55fd1e-9893-4b60-963f-3096903a3754 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
What type of PR is this?
/kind feature
What this PR does / Why we need it:
The gameserver SDK account commonly wants annotations, e.g. for cloud permissions for storing logs or replays. This adds the ability to map SDK accounts per namespace to maps of annotations to be added to the SDK account for the specified namespace in the Helm chart during creation. An example value from the values file for the helm chart would be:
In this example yaml, the
agones-sdkaccounts in thegameserversandxboxnamespaces would get annotations as follows:The agones-sdk service account in the staging namespace would get no annotations.
Which issue(s) this PR fixes:
N/A
Special notes for your reviewer: