feat(kspm-collector): Enable annotations on kspm collector deployment…

… pods (#1346)

Co-authored-by: Marco Vito Moscaritolo <[email protected]>

charts/kspm-collector/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kspm-collector
 description: Sysdig KSPM collector
 
-version: 0.8.5
+version: 0.9.0
 appVersion: 1.34.0
 
 keywords:

charts/kspm-collector/README.md

@@ -71,6 +71,7 @@ The following table lists the configurable parameters of the Sysdig KSPM Collect
 | `os`                                       | Specifies the allowed operating systems for scheduling.                                                                                          | `[ linux ]`                                                 |
 | `affinity`                                 | Specifies the node affinities. Overrides `arch` and `os` values.                                                                                 | `{}`                                                        |
 | `labels`                                   | Specifies the KSPM collector specific labels as a multi-line templated string map or as YAML.                                                    | `{}`                                                        |
+| `podAnnotations`                           | Specifies the pod annotations as a multi-line templated string map or as YAML.                                                                   | `{}`                                                        |
 | `port`                                     | Specifies the KSPM collector port for health checks.                                                                                             | `8080`                                                      |
 | `psp.create`                               | Creates Pod Security Policy to allow the KSPM collector running in PSP-enabled clusters.                                                         | `true`                                                      |
 | `readinessProbe.enabled`                   | Specifies whether KSPM collector readinessProbe is enabled or not.                                                                               | `true`                                                      |

charts/kspm-collector/templates/deployment.yaml

@@ -16,6 +16,10 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: {{ include "kspmCollector.name" . }}
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
 {{ include "kspmCollector.labels" . | indent 8 }}
     spec:
       serviceAccountName: {{ template "kspmCollector.serviceAccountName" .}}

charts/kspm-collector/tests/pod_annotation_test.yaml

@@ -0,0 +1,37 @@
+suite: Pod annotation test
+templates:
+  - deployment.yaml
+tests:
+  - it: check that the deployment do not have any custom annotation in the pod if not specified
+    set:
+      sysdig:
+        accessKey: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
+    asserts:
+    - isNull:
+        path: spec.template.metadata.annotations
+
+  - it: check that the deployment include the pod annotation
+    set:
+      sysdig:
+        accessKey: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
+      podAnnotations:
+        my-annotation: my-value
+    asserts:
+    - exists:
+        path: spec.template.metadata.annotations
+
+  - it: check that the deployment include the pod annotation match the value we specified
+    set:
+      sysdig:
+        accessKey: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
+      podAnnotations:
+        my-annotation-1: my-value-1
+        my-annotation-2: my-value-2
+    asserts:
+    - equal:
+        path: spec.template.metadata.annotations['my-annotation-1']
+        value: my-value-1
+
+    - equal:
+        path: spec.template.metadata.annotations['my-annotation-2']
+        value: my-value-2

charts/kspm-collector/values.yaml

@@ -172,6 +172,8 @@ affinity: {}
 
 labels: {}
 
+podAnnotations: {}
+
 ssl:
   ca:
     # For outbound connections (secure backend, proxy,...)