Add optional annotations to secrets (#1599)

* Add optional annotations to secrets * Include changelog file * Update .chloggen/secretannotations.yaml --------- Co-authored-by: Antoine Toulme <antoine@toulme.name>
signalfx · Jan 30, 2025 · 8789029 · 8789029
1 parent 2f4ca14
commit 8789029
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 0 deletions.
diff --git a/.chloggen/secretannotations.yaml b/.chloggen/secretannotations.yaml
@@ -0,0 +1,12 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+# The name of the component, or a single word describing the area of concern, (e.g. agent, clusterReceiver, gateway, operator, chart, other)
+component: chart
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Add optional annotations to secrets
+# One or more tracking issues related to the change
+issues: [1599]
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
diff --git a/helm-charts/splunk-otel-collector/templates/secret-etcd.yaml b/helm-charts/splunk-otel-collector/templates/secret-etcd.yaml
@@ -10,6 +10,10 @@ metadata:
     chart: {{ template "splunk-otel-collector.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+  {{- if .Values.agent.controlPlaneMetrics.etcd.secret.annotations }}
+  annotations:
+    {{- toYaml .Values.agent.controlPlaneMetrics.etcd.secret.annotations | nindent 4 }}
+  {{- end }}
 type: Opaque
 data:
   {{- with .Values.agent.controlPlaneMetrics.etcd.secret.clientCert }}

diff --git a/helm-charts/splunk-otel-collector/templates/secret-splunk.yaml b/helm-charts/splunk-otel-collector/templates/secret-splunk.yaml
@@ -10,6 +10,10 @@ metadata:
     chart: {{ template "splunk-otel-collector.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+  {{- if .Values.secret.annotations }}
+  annotations:
+    {{- toYaml .Values.secret.annotations | nindent 4 }}
+  {{- end }}
 type: Opaque
 data:
   {{- if (eq (include "splunk-otel-collector.splunkO11yEnabled" .) "true") }}

diff --git a/helm-charts/splunk-otel-collector/values.schema.json b/helm-charts/splunk-otel-collector/values.schema.json
@@ -425,6 +425,9 @@
                     },
                     "caFile": {
                       "type": "string"
+                    },
+                    "annotations": {
+                      "type": "object"
                     }
                   }
                 },
@@ -1208,6 +1211,9 @@
         },
         "validateSecret": {
           "type": "boolean"
+        },
+        "annotations": {
+          "type": "object"
         }
       }
     },

diff --git a/helm-charts/splunk-otel-collector/values.yaml b/helm-charts/splunk-otel-collector/values.yaml
@@ -320,6 +320,8 @@ agent:
         # NOTE: The content of the file itself should be used here, not the file path.
         #       The file will be stored as a secret in kubernetes.
         caFile: ""
+        # Secret annotations
+        annotations: {}
       # Specifies whether the etcd's TLS cert will be verified. If set to false, a CA certificate must be made
       # available as part of the etcd secret to verify the TLS cert with.
       skipVerify: true
@@ -1020,6 +1022,8 @@ secret:
   name: ""
   # Specifies whether secret provided by user should be validated.
   validateSecret: true
+  # Secret annotations
+  annotations: {}
 
 # The tolerations for deploying the agent collector daemonset. By default, it targets control-plane, worker,
 # and k8s distribution-specific nodes (infrastructure or system) to ensure logs and metrics collection from nodes.