From 802f22f0aea8d22efd9291cc04634893d56383e9 Mon Sep 17 00:00:00 2001
From: Ruslan Khizhnyak <mustdiechik@gmail.com>
Date: Wed, 8 Nov 2023 12:47:42 +0300
Subject: [PATCH] helm: add annotations secret manifest

To use mutating webhook to modify secrets.
For example banzaicloud vault webhook:
https://bank-vaults.dev/docs/mutating-webhook/annotations/

Signed-off-by: Ruslan Khizhnyak <mustdiechik@gmail.com>
---
 charts/ceph-csi-cephfs/templates/secret.yaml | 3 +++
 charts/ceph-csi-cephfs/values.yaml           | 1 +
 charts/ceph-csi-rbd/templates/secret.yaml    | 3 +++
 charts/ceph-csi-rbd/values.yaml              | 1 +
 4 files changed, 8 insertions(+)

diff --git a/charts/ceph-csi-cephfs/templates/secret.yaml b/charts/ceph-csi-cephfs/templates/secret.yaml
index 64124cb0f..bd5b99a4b 100644
--- a/charts/ceph-csi-cephfs/templates/secret.yaml
+++ b/charts/ceph-csi-cephfs/templates/secret.yaml
@@ -4,6 +4,9 @@ kind: Secret
 metadata:
   name: {{ .Values.secret.name }}
   namespace: {{ .Release.Namespace }}
+  {{- with .Values.secret.annotations }}
+  annotations: {{- . | toYaml | nindent 4 }}
+  {{- end }}
   labels:
     app: {{ include "ceph-csi-cephfs.name" . }}
     chart: {{ include "ceph-csi-cephfs.chart" . }}
diff --git a/charts/ceph-csi-cephfs/values.yaml b/charts/ceph-csi-cephfs/values.yaml
index 05bf0beab..9ec64b833 100644
--- a/charts/ceph-csi-cephfs/values.yaml
+++ b/charts/ceph-csi-cephfs/values.yaml
@@ -288,6 +288,7 @@ secret:
   # Specifies whether the secret should be created
   create: false
   name: csi-cephfs-secret
+  annotations: {}
   # Key values correspond to a user name and its key, as defined in the
   # ceph cluster. User ID should have required access to the 'pool'
   # specified in the storage class
diff --git a/charts/ceph-csi-rbd/templates/secret.yaml b/charts/ceph-csi-rbd/templates/secret.yaml
index 3040bcfd0..e38a89965 100644
--- a/charts/ceph-csi-rbd/templates/secret.yaml
+++ b/charts/ceph-csi-rbd/templates/secret.yaml
@@ -4,6 +4,9 @@ kind: Secret
 metadata:
   name: {{ .Values.secret.name }}
   namespace: {{ .Release.Namespace }}
+  {{- with .Values.secret.annotations }}
+  annotations: {{- . | toYaml | nindent 4 }}
+  {{- end }}
   labels:
     app: {{ include "ceph-csi-rbd.name" . }}
     chart: {{ include "ceph-csi-rbd.chart" . }}
diff --git a/charts/ceph-csi-rbd/values.yaml b/charts/ceph-csi-rbd/values.yaml
index 8b06ca996..e78b97b20 100644
--- a/charts/ceph-csi-rbd/values.yaml
+++ b/charts/ceph-csi-rbd/values.yaml
@@ -480,6 +480,7 @@ secret:
   # Specifies whether the secret should be created
   create: false
   name: csi-rbd-secret
+  annotations: {}
   # Key values correspond to a user name and its key, as defined in the
   # ceph cluster. User ID should have required access to the 'pool'
   # specified in the storage class