From 93fe3e06effe42b398a24da437a9d9f9c3164588 Mon Sep 17 00:00:00 2001
From: David Louks <2402775+dlouks@users.noreply.github.com>
Date: Fri, 20 May 2022 17:00:00 -0500
Subject: [PATCH] Add support for including annotations on
 aws-ebs-csi-controller (#8779)

* Add support for including annotations on aws-ebs-csi-controller

* update comment to specify role arn
---
 roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml  | 5 +++++
 .../aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2  | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml b/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml
index 92751964d..33df37c9d 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml
@@ -4,3 +4,8 @@ aws_ebs_csi_enable_volume_snapshot: false
 aws_ebs_csi_enable_volume_resizing: false
 aws_ebs_csi_controller_replicas: 1
 aws_ebs_csi_plugin_image_tag: latest
+
+# Add annotions to ebs_csi_controller. Useful if using kube2iam for role assumption
+# aws_ebs_csi_annotations:
+#   - key: iam.amazonaws.com/role
+#     value: your-ebs-role-arn
diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2 b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
index e0796765f..ffce40bd8 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
@@ -15,6 +15,12 @@ spec:
       labels:
         app: ebs-csi-controller
         app.kubernetes.io/name: aws-ebs-csi-driver
+{% if aws_ebs_csi_annotations is defined %}
+      annotations:
+{% for annotation in aws_ebs_csi_annotations %}
+        {{ annotation.key }}: {{ annotation.value }}
+{% endfor %}
+{% endif %}
     spec:
       nodeSelector:
         kubernetes.io/os: linux
-- 
GitLab