Support custom secret job init annotation#1268
Conversation
|
@tuteng:Thanks for your contribution. For this PR, do we need to update docs? |
github-actions
Bot
added
the
doc-info-missing
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2e87d8eb18
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| {{- if and .Values.initialize .Values.auth.authentication.enabled .Values.auth.authentication.jwt.enabled .Values.auth.authentication.jwt.autoInitSecret }} | ||
| {{- $jobAnnotations := mergeOverwrite (deepCopy (.Values.toolset.annotations | default dict)) (.Values.toolset.initJobAnnotations | default dict) }} | ||
| {{- $podAnnotations := mergeOverwrite (deepCopy (.Values.toolset.podAnnotations | default dict)) (.Values.toolset.initJobAnnotations | default dict) }} |
There was a problem hiding this comment.
This change builds $podAnnotations from toolset.podAnnotations plus initJobAnnotations, but the previous template applied toolset.annotations to the init job pod. As a result, existing installs that only configured toolset.annotations (for example, admission-controller or service-mesh pod annotations) will silently stop applying those annotations to jwt-secret-init pods after upgrade, which is a behavior regression. Consider preserving legacy inheritance (e.g., include toolset.annotations in the pod merge, or add a fallback) to keep existing values files working.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Adds a new Helm values entry to allow customizing annotations used by the JWT secret init Job in the toolset component, for both sn-platform and sn-platform-slim.
Changes:
- Introduce
toolset.initJobAnnotationsin both charts’values.yaml. - Update the JWT secret init Job template to merge base annotations with
initJobAnnotationsfor Job metadata and pod template metadata.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| charts/sn-platform/values.yaml | Adds toolset.initJobAnnotations to values for configuring init Job annotations. |
| charts/sn-platform/templates/toolset/jwt-secret-init-job.yaml | Merges toolset.initJobAnnotations into Job/pod annotations for the JWT secret init Job. |
| charts/sn-platform-slim/values.yaml | Adds toolset.initJobAnnotations to slim chart values. |
| charts/sn-platform-slim/templates/toolset/jwt-secret-init-job.yaml | Mirrors the init Job annotation merge behavior in the slim chart. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
(If this PR fixes a github issue, please add
Fixes #<xyz>.)Fixes #
(or if this PR is one task of a github issue, please add
Master Issue: #<xyz>to link to the master issue.)Master Issue: #
Motivation
Explain here the context, and why you're making that change. What is the problem you're trying to solve.
Modifications
Describe the modifications you've done.
Verifying this change
(Please pick either of the following options)
This change is a trivial rework / code cleanup without any test coverage.
(or)
This change is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(example:)
Documentation
Check the box below.
Need to update docs?
doc-required(If you need help on updating docs, create a doc issue)
no-need-doc(Please explain why)
doc(If this PR contains doc changes)