From f23d3033a8a41ef338bfbd4d72f2ccf050221ea8 Mon Sep 17 00:00:00 2001 From: Felix Pelletier Date: Thu, 21 Mar 2024 07:45:42 -0700 Subject: [PATCH 1/2] fix: ensure Azure Entra ID workload identity's client ID renders in service account's annotations rather than labels --- charts/aspnetcore/templates/serviceaccount.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/aspnetcore/templates/serviceaccount.yaml b/charts/aspnetcore/templates/serviceaccount.yaml index 44fd61d..e89e137 100644 --- a/charts/aspnetcore/templates/serviceaccount.yaml +++ b/charts/aspnetcore/templates/serviceaccount.yaml @@ -9,12 +9,16 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- if .Values.azureWorkloadIdentity.enabled }} + # https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview#pod-labels azure.workload.identity/use: "true" + {{- end }} + annotations: + {{- if .Values.azureWorkloadIdentity.enabled }} {{- if .Values.azureWorkloadIdentity.clientId }} + # https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview#service-account-annotations azure.workload.identity/client-id: {{ .Values.azureWorkloadIdentity.clientId | quote }} {{- end }} {{- end }} - annotations: {{- with .Values.serviceAccount.annotations }} {{- toYaml . | nindent 4 }} {{- end }} From 66b3ddd9d73f193fb896c55a2eb1e7866d4845c4 Mon Sep 17 00:00:00 2001 From: Felix Pelletier Date: Thu, 21 Mar 2024 07:59:39 -0700 Subject: [PATCH 2/2] build: test chart on Kubernetes 1.27 --- .github/workflows/ci-aspnetcore.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-aspnetcore.yml b/.github/workflows/ci-aspnetcore.yml index 5b01dc5..2476044 100644 --- a/.github/workflows/ci-aspnetcore.yml +++ b/.github/workflows/ci-aspnetcore.yml @@ -33,8 +33,10 @@ jobs: fail-fast: false matrix: # Images are defined on every Kind release, see: https://github.com/kubernetes-sigs/kind/releases - kubernetesVersion: [v1.26, v1.25, v1.24, v1.23] + kubernetesVersion: [v1.27, v1.26, v1.25, v1.24, v1.23] include: + - kubernetesVersion: v1.27 + kindImage: kindest/node:v1.27.0@sha256:c6b22e613523b1af67d4bc8a0c38a4c3ea3a2b8fbc5b367ae36345c9cb844518 - kubernetesVersion: v1.26 kindImage: kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 - kubernetesVersion: v1.25