Consider adding annotations to the pod template

[ChristianCiach]

Hi! We've been using kbld for over two years now with huge success. Thanks! There is just a tiny thing that is bugging us:

Describe the problem/challenge you have
As it is usually done, we scrape our pods to collect metrics from them. When using kbld, the deployed image-tag cannot be retrieved just by looking at the pods. Unfortunately, kbld adds its annotations to the owning object (Deployment, StatefulSet, ...) only, but not to its pod template.

Concrete example: We have this manifest:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: opa
spec:
  template:
    spec:
      containers:
      - image: docker.io/openpolicyagent/opa:0.55.0
        name: opa

When feeding it to kbld, it resolves the tags and adds its annotations:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kbld.k14s.io/images: |
      - origins:
        - resolved:
            tag: 0.55.0
            url: docker.io/openpolicyagent/opa:0.55.0
        url: docker.io/openpolicyagent/opa@sha256:b40919fc5eaf22b70437e81e6575841ad1b034f46b1150873e55fa446cd9f0ca
  name: opa
spec:
  template:
    spec:
      containers:
      - image: docker.io/openpolicyagent/opa@sha256:b40919fc5eaf22b70437e81e6575841ad1b034f46b1150873e55fa446cd9f0ca
        name: opa

Instead, I would like to see the annotations also (or exclusively, maybe guarded by an option) added to the pod template:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kbld.k14s.io/images: |
      - origins:
        - resolved:
            tag: 0.55.0
            url: docker.io/openpolicyagent/opa:0.55.0
        url: docker.io/openpolicyagent/opa@sha256:b40919fc5eaf22b70437e81e6575841ad1b034f46b1150873e55fa446cd9f0ca
  name: opa
spec:
  template:
    metadata:
      annotations:
        kbld.k14s.io/images: |
          - origins:
            - resolved:
                tag: 0.55.0
                url: docker.io/openpolicyagent/opa:0.55.0
            url: docker.io/openpolicyagent/opa@sha256:b40919fc5eaf22b70437e81e6575841ad1b034f46b1150873e55fa446cd9f0ca
    spec:
      containers:
      - image: docker.io/openpolicyagent/opa@sha256:b40919fc5eaf22b70437e81e6575841ad1b034f46b1150873e55fa446cd9f0ca
        name: opa

I don't really care about the annotations on the outer Manifest. Maybe it should be an option to add the annotations to the pod-template only.

Describe the solution you'd like
I don't really care if this proposed behaviour gets enabled by default or if this would be opt-in using some kind of option. Maybe this could be configured using a new annotation on the outer manifest, like so:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kbld.k14s.io/add-pod-annotations: 'true'

---

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

[ChristianCiach]

It just occurred to me that you probably decided to add the annotations to the outer manifest because metadata.annotations is a valid attribute for all kinds of kubernetes api resources, while spec.template.metadata.annotations is only valid for a specific set of api resources.

[github-actions]

This issue is being marked as stale due to a long period of inactivity and will be closed in 5 days if there is no response.

[joaopapereira]

Hey
kbld has no understanding of Kubernetes at all. What kbld does is add to your yaml a field metadata.annotations with the build information. The majority of use cases we saw using kbld were in a scenario where k8s manifests are provided. I'm not sure how much we want to teach kbld about processing k8s resources.
@cppforlife do you have any reservations about this?

[ChristianCiach]

@joaopapereira Thanks. Your comment pretty much confirmed my assumption from my previous comment.

I think that's reasonable. If I absolutely need the annotations on the podSpec, I could probably write my own tooling to just move/copy the annotations around after kbld added them.