[IDP-1068] fix: output Azure Entra ID workload identity's client ID i…

…n annotations (#47) * fix: ensure Azure Entra ID workload identity's client ID renders in service account's annotations rather than labels * build: test chart on Kubernetes 1.27
gsoft-inc · Mar 21, 2024 · 0f9df1e · 0f9df1e
1 parent d1d06e6
commit 0f9df1e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/.github/workflows/ci-aspnetcore.yml b/.github/workflows/ci-aspnetcore.yml
@@ -33,8 +33,10 @@ jobs:
       fail-fast: false
       matrix:
         # Images are defined on every Kind release, see: https://github.com/kubernetes-sigs/kind/releases
-        kubernetesVersion: [v1.26, v1.25, v1.24, v1.23]
+        kubernetesVersion: [v1.27, v1.26, v1.25, v1.24, v1.23]
         include:
+          - kubernetesVersion: v1.27
+            kindImage: kindest/node:v1.27.0@sha256:c6b22e613523b1af67d4bc8a0c38a4c3ea3a2b8fbc5b367ae36345c9cb844518
           - kubernetesVersion: v1.26
             kindImage: kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352
           - kubernetesVersion: v1.25

diff --git a/charts/aspnetcore/templates/serviceaccount.yaml b/charts/aspnetcore/templates/serviceaccount.yaml
@@ -9,12 +9,16 @@ metadata:
       {{- toYaml . | nindent 4 }}
     {{- end }}
     {{- if .Values.azureWorkloadIdentity.enabled }}
+    # https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview#pod-labels
     azure.workload.identity/use: "true"
+    {{- end }}
+  annotations:
+    {{- if .Values.azureWorkloadIdentity.enabled }}
     {{- if .Values.azureWorkloadIdentity.clientId }}
+    # https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview#service-account-annotations
     azure.workload.identity/client-id: {{ .Values.azureWorkloadIdentity.clientId | quote }}
     {{- end }}
     {{- end }}
-  annotations:
     {{- with .Values.serviceAccount.annotations }}
       {{- toYaml . | nindent 4 }}
     {{- end }}