From e0d8c41eb6f5f56a0e2a5deb39cd45a495ecddec Mon Sep 17 00:00:00 2001
From: Navin Ayer <thenav56@users.noreply.github.com>
Date: Tue, 10 Dec 2024 13:47:11 +0545
Subject: [PATCH] Azure identity issue fix (#112)

* Add azure.workload.identity/use: "true" to pods

- Enable service account for api, worker and argoHook pods

* fix labels/template references

---------

Co-authored-by: Moses Anzagi <moses@datafriendlyspace.org>
---
 helm/templates/api/deployment.yaml      | 3 +++
 helm/templates/argo-hooks/hook-job.yaml | 9 +++++++++
 helm/templates/worker/deployment.yaml   | 7 +++++++
 3 files changed, 19 insertions(+)

diff --git a/helm/templates/api/deployment.yaml b/helm/templates/api/deployment.yaml
index ca9e062d..3cdd18d4 100644
--- a/helm/templates/api/deployment.yaml
+++ b/helm/templates/api/deployment.yaml
@@ -27,6 +27,9 @@ spec:
       labels:
         app: {{ include "ifrcgo-alert-hub.fullname" . }}
         component: api
+        {{- if .Values.serviceAccount.create }}
+        azure.workload.identity/use: "true"
+        {{- end }}
     spec:
       containers:
         - name: api
diff --git a/helm/templates/argo-hooks/hook-job.yaml b/helm/templates/argo-hooks/hook-job.yaml
index bd9b35fe..5cd6de3e 100644
--- a/helm/templates/argo-hooks/hook-job.yaml
+++ b/helm/templates/argo-hooks/hook-job.yaml
@@ -15,6 +15,11 @@ metadata:
     argocd.argoproj.io/hook: {{ $hook.hook }}
 spec:
   template:
+    metadata:
+      labels:
+        {{- if $.Values.serviceAccount.create }}
+        azure.workload.identity/use: "true"
+        {{- end }}
     spec:
       restartPolicy: "Never"
       containers:
@@ -37,6 +42,10 @@ spec:
             - configMapRef:
                 name: {{ template "ifrcgo-alert-hub.fullname" $ }}-api-configmap
 
+      {{- if $.Values.serviceAccount.create }}
+      serviceAccountName: {{ include "ifrcgo-alert-hub.serviceAccountName" $ }}
+      {{- end }}
+
       {{- with $.Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
diff --git a/helm/templates/worker/deployment.yaml b/helm/templates/worker/deployment.yaml
index 8da8ccd5..4028f6a5 100644
--- a/helm/templates/worker/deployment.yaml
+++ b/helm/templates/worker/deployment.yaml
@@ -33,6 +33,9 @@ spec:
         app: {{ include "ifrcgo-alert-hub.fullname" $ }}
         component: worker
         queue: {{ $queue_name }}
+        {{- if $.Values.serviceAccount.create }}
+        azure.workload.identity/use: "true"
+        {{- end }}
     spec:
       containers:
         - name: worker
@@ -52,6 +55,10 @@ spec:
             - configMapRef:
                 name: {{ template "ifrcgo-alert-hub.fullname" $ }}-api-configmap
 
+      {{- if $.Values.serviceAccount.create }}
+      serviceAccountName: {{ include "ifrcgo-alert-hub.serviceAccountName" $ }}
+      {{- end }}
+
       {{- with $.Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}