fix: add preset-wide annotations to serviceaccount, clusterrole, clus…

…terrolebinding

deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml

@@ -11,6 +11,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 ---
 # Source: elastic-agent/templates/agent/service-account.yaml
 apiVersion: v1
@@ -24,6 +26,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 ---
 # Source: elastic-agent/templates/agent/service-account.yaml
 apiVersion: v1
@@ -37,6 +41,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 ---
 # Source: elastic-agent/templates/agent/eck/secret.yaml
 apiVersion: v1
@@ -571,6 +577,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -694,6 +702,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -926,6 +936,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -1007,6 +1019,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 subjects:
   - kind: ServiceAccount
     name: agent-clusterwide-example
@@ -1027,6 +1041,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 subjects:
   - kind: ServiceAccount
     name: agent-ksmsharded-example
@@ -1047,6 +1063,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    eck.k8s.elastic.co/license: basic
 subjects:
   - kind: ServiceAccount
     name: agent-pernode-example

deploy/helm/elastic-agent/examples/user-cluster-role/agent-nginx-values.yaml

@@ -33,11 +33,15 @@ extraIntegrations:
 agent:
   presets:
     nginx:
+      annotations:
+        elastic-agent.k8s.elastic.co/preset: nginx
       mode: deployment
       securityContext:
         runAsUser: 0
       serviceAccount:
         create: true
+        annotations:
+          elastic-agent.k8s.elastic.co/sa: nginx
       clusterRole:
         create: false
         name: user-cr

deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml

@@ -11,6 +11,9 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    elastic-agent.k8s.elastic.co/preset: nginx
+    elastic-agent.k8s.elastic.co/sa: nginx
 ---
 # Source: elastic-agent/templates/agent/k8s/secret.yaml
 apiVersion: v1
@@ -24,6 +27,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    elastic-agent.k8s.elastic.co/preset: nginx
 stringData:
 
   agent.yml: |-
@@ -79,6 +84,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    elastic-agent.k8s.elastic.co/preset: nginx
 subjects:
   - kind: ServiceAccount
     name: agent-nginx-example
@@ -110,6 +117,7 @@ spec:
         name: agent-nginx-example
       annotations:
         checksum/config: 99eaac30ab163ab5f4cedbdbf3e6936d34c2b0e2c22dee59947487bab88fcc26
+        elastic-agent.k8s.elastic.co/preset: nginx
     spec:
       automountServiceAccountToken: true
       containers:

deploy/helm/elastic-agent/examples/user-service-account/agent-kubernetes-values.yaml

@@ -8,11 +8,20 @@ agent:
       serviceAccount:
         create: false
         name: user-sa-perNode
+      clusterRole:
+        annotations:
+          elastic-agent.k8s.elastic.co/cr: nginx
     clusterWide:
       serviceAccount:
         create: false
         name: user-sa-clusterWide
+      clusterRole:
+        annotations:
+          elastic-agent.k8s.elastic.co/cr: nginx
     ksmSharded:
       serviceAccount:
         create: false
         name: user-sa-ksmSharded
+      clusterRole:
+        annotations:
+          elastic-agent.k8s.elastic.co/cr: nginx

deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml

@@ -547,6 +547,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    elastic-agent.k8s.elastic.co/cr: nginx
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -670,6 +672,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    elastic-agent.k8s.elastic.co/cr: nginx
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -902,6 +906,8 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
+  annotations:
+    elastic-agent.k8s.elastic.co/cr: nginx
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:

deploy/helm/elastic-agent/templates/agent/cluster-role-binding.yaml

@@ -12,6 +12,10 @@ metadata:
     {{- with ($presetVal).labels -}}
     {{ toYaml . | nindent 4 }}
     {{- end }}
+  {{- with ($presetVal).annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 subjects:
   - kind: ServiceAccount
     {{-  if eq $presetVal.serviceAccount.create true }}

deploy/helm/elastic-agent/templates/agent/cluster-role.yaml

@@ -12,9 +12,11 @@ metadata:
     {{- with ($presetVal).labels -}}
     {{ toYaml . | nindent 4 }}
     {{- end }}
-  {{- with ($presetVal).clusterRole.annotations -}}
+  {{- $presetValAnnotations := ($presetVal).annotations | default dict }}
+  {{- $clusterRoleAnnotations := ($presetVal).clusterRole.annotations | default dict }}
+  {{- with (merge dict $presetValAnnotations $clusterRoleAnnotations) }}
   annotations:
-    {{ toYaml . | nindent 4 }}
+    {{- toYaml . | nindent 4 }}
   {{- end }}
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group

deploy/helm/elastic-agent/templates/agent/service-account.yaml

@@ -12,7 +12,9 @@ metadata:
     {{- with ($presetVal).labels -}}
     {{ toYaml . | nindent 4 }}
     {{- end }}
-  {{- with ($presetVal).serviceAccount.annotations }}
+  {{- $presetValAnnotations := ($presetVal).annotations | default dict }}
+  {{- $serviceAccountAnnotations := ($presetVal).serviceAccount.annotations | default dict }}
+  {{- with merge dict $presetValAnnotations $serviceAccountAnnotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}