allow adding service annotations #137 (#139)

implements #137

chart/Chart.yaml

@@ -1,13 +1,13 @@
 apiVersion: v2
-appVersion: v3.0.6
+appVersion: v3.0.7
 description: A web interface for Sealed Secrets by Bitnami.
 home: https://github.com/bakito/sealed-secrets-web
 icon: https://raw.githubusercontent.com/bakito/sealed-secrets-web/master/assets/logo.png
 maintainers:
   - name: bakito
     url: https://github.com/bakito
 name: sealed-secrets-web
-version: 3.0.6
+version: 3.0.7
 #annotations:
 #  artifacthub.io/changes: |
 #    -

chart/README.md

@@ -1,6 +1,6 @@
 # sealed-secrets-web
 
-![Version: 3.0.6](https://img.shields.io/badge/Version-3.0.6-informational?style=flat-square) ![AppVersion: v3.0.6](https://img.shields.io/badge/AppVersion-v3.0.6-informational?style=flat-square)
+![Version: 3.0.7](https://img.shields.io/badge/Version-3.0.7-informational?style=flat-square) ![AppVersion: v3.0.7](https://img.shields.io/badge/AppVersion-v3.0.7-informational?style=flat-square)
 
 A web interface for Sealed Secrets by Bitnami.
 
@@ -27,6 +27,7 @@ helm install sealed-secrets-web bakito/sealed-secrets-web
 | image.tag | string | `nil` | Overrides the image tag (default is the chart appVersion) |
 | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. |
 | includeLocalNamespaceOnly | bool | `false` | If set to true, the application has only the permission to view sealed secrets in the current namespace |
+| ingress.annotations | object | `{}` | Ingress annotations |
 | ingress.className | string | `""` | Ingress class name |
 | ingress.defaultTls | bool | `false` | set this to true and leave tls an empty array to use the default TLS certificate (works at least in openshift) |
 | ingress.enabled | bool | `false` | Enable ingress support |
@@ -42,6 +43,7 @@ helm install sealed-secrets-web bakito/sealed-secrets-web
 | sealedSecrets.certURL | string | `""` | URL sealed secrets certificate (required if sealed secrets is not reachable with in cluster service) |
 | sealedSecrets.namespace | string | `"sealed-secrets"` | Namespace of the sealed secrets service |
 | sealedSecrets.serviceName | string | `"sealed-secrets"` | Name of the sealed secrets service |
+| service.annotations | object | `{}` | Service annotations |
 | service.port | int | `80` | Service port |
 | service.type | string | `"ClusterIP"` | Sets the type of the Service |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |

chart/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ $.Release.Namespace }}
   labels:
     {{- include "sealed-secrets-web.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

chart/values.yaml

@@ -63,6 +63,8 @@ service:
   type: ClusterIP
   # -- Service port
   port: 80
+  # -- Service annotations
+  annotations: { }
 
 ingress:
   # -- Enable ingress support
@@ -72,7 +74,7 @@ ingress:
   className: ""
 
   # -- Ingress annotations
-  # annotations:
+  annotations: { }
   #   # -- Specifies number of requests accepted from a given IP each minute
   #   nginx.ingress.kubernetes.io/limit-rpm: "180"
   #   nginx.ingress.kubernetes.io/rewrite-target: /$2
@@ -81,16 +83,16 @@ ingress:
 
   # -- Ingress hosts
   hosts:
-  - paths:
-    - path: /
-      pathType: Prefix
-    # host: example.internal
+    - paths:
+        - path: /
+          pathType: Prefix
+      # host: example.internal
 
   # -- set this to true and leave tls an empty array to use the default TLS certificate (works at least in openshift)
   defaultTls: false
 
   # -- Ingress tls
-  tls: []
+  tls: [ ]
   # - hosts:
   #   - example.internal
   #   - another-example.internal
@@ -133,7 +135,7 @@ deployment:
     allowPrivilegeEscalation: false
     capabilities:
       drop:
-      - ALL
+        - ALL
     privileged: false
     runAsGroup: 1000
     runAsUser: 1001