fix(helm-chart): introduce cert volumes to metrics and lifecycle oper…

…ators (#3247)

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

.github/scripts/.helm-tests/default/result.yaml

@@ -11543,6 +11543,9 @@ spec:
           runAsUser: 65532
           seccompProfile:
             type: RuntimeDefault
+        volumeMounts:
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         livenessProbe:
           httpGet:
             path: /healthz
@@ -11560,6 +11563,10 @@ spec:
         runAsNonRoot: true
       serviceAccountName: lifecycle-operator
       terminationGracePeriodSeconds: 10
+      volumes:
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 ---
 # Source: keptn/charts/lifecycleOperator/templates/deployment.yaml
 apiVersion: apps/v1
@@ -11736,6 +11743,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp/metrics-adapter/serving-certs
           name: adapter-certs-dir
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         livenessProbe:
           httpGet:
             path: /healthz
@@ -11756,6 +11765,9 @@ spec:
       volumes:
       - emptyDir: {}
         name: adapter-certs-dir
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 ---
 # Source: keptn/charts/metricsOperator/templates/v1beta1.custom.metrics.k8s.io.yaml
 apiVersion: apiregistration.k8s.io/v1

.github/scripts/.helm-tests/lifecycle-only/result.yaml

@@ -8953,6 +8953,9 @@ spec:
           runAsUser: 65532
           seccompProfile:
             type: RuntimeDefault
+        volumeMounts:
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         livenessProbe:
           httpGet:
             path: /healthz
@@ -8970,6 +8973,10 @@ spec:
         runAsNonRoot: true
       serviceAccountName: lifecycle-operator
       terminationGracePeriodSeconds: 10
+      volumes:
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 ---
 # Source: keptn/charts/lifecycleOperator/templates/deployment.yaml
 apiVersion: apps/v1

.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml

@@ -9267,6 +9267,9 @@ spec:
           runAsUser: 65532
           seccompProfile:
             type: RuntimeDefault
+        volumeMounts:
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         livenessProbe:
           httpGet:
             path: /healthz
@@ -9284,6 +9287,10 @@ spec:
         runAsNonRoot: true
       serviceAccountName: lifecycle-operator
       terminationGracePeriodSeconds: 10
+      volumes:
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 ---
 # Source: keptn/charts/lifecycleOperator/templates/deployment.yaml
 apiVersion: apps/v1

.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/result.yaml

@@ -2437,6 +2437,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp/metrics-adapter/serving-certs
           name: adapter-certs-dir
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         livenessProbe:
           httpGet:
             path: /healthz
@@ -2457,6 +2459,9 @@ spec:
       volumes:
       - emptyDir: {}
         name: adapter-certs-dir
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 ---
 # Source: keptn/charts/metricsOperator/templates/metrics-validating-webhook-configuration.yaml
 apiVersion: admissionregistration.k8s.io/v1

.github/scripts/.helm-tests/metrics-only/result.yaml

@@ -2460,6 +2460,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp/metrics-adapter/serving-certs
           name: adapter-certs-dir
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         livenessProbe:
           httpGet:
             path: /healthz
@@ -2480,6 +2482,9 @@ spec:
       volumes:
       - emptyDir: {}
         name: adapter-certs-dir
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 ---
 # Source: keptn/charts/metricsOperator/templates/v1beta1.custom.metrics.k8s.io.yaml
 apiVersion: apiregistration.k8s.io/v1

.github/scripts/.helm-tests/metrics-with-certs/result.yaml

@@ -2685,6 +2685,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp/metrics-adapter/serving-certs
           name: adapter-certs-dir
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         livenessProbe:
           httpGet:
             path: /healthz
@@ -2705,6 +2707,9 @@ spec:
       volumes:
       - emptyDir: {}
         name: adapter-certs-dir
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 ---
 # Source: keptn/charts/metricsOperator/templates/v1beta1.custom.metrics.k8s.io.yaml
 apiVersion: apiregistration.k8s.io/v1

lifecycle-operator/chart/templates/deployment.yaml

@@ -135,6 +135,9 @@ spec:
             }}
           seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.containerSecurityContext.seccompProfile
             "context" $) | nindent 12 }}
+        volumeMounts:
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/
         {{- if .Values.lifecycleOperator.livenessProbe }}
         livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.livenessProbe "context" $) | nindent 10 }}
          {{- else }}
@@ -160,6 +163,10 @@ spec:
         runAsNonRoot: true
       serviceAccountName: lifecycle-operator
       terminationGracePeriodSeconds: 10
+      volumes:
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 {{- if .Values.lifecycleOperator.topologySpreadConstraints }}
       topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.topologySpreadConstraints "context" $) | nindent 8 }}
 {{- end }}

lifecycle-operator/config/manager/manager.yaml

@@ -96,6 +96,9 @@ spec:
             capabilities:
               drop:
                 - "ALL"
+          volumeMounts:
+            - name: keptn-certs
+              mountPath: /tmp/webhook/certs/
           livenessProbe:
             httpGet:
               path: /healthz
@@ -119,3 +122,7 @@ spec:
               memory: 64Mi
       serviceAccountName: lifecycle-operator
       terminationGracePeriodSeconds: 10
+      volumes:
+        - name: keptn-certs
+          secret:
+            secretName: keptn-certs

metrics-operator/chart/templates/deployment.yaml

@@ -94,6 +94,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp/metrics-adapter/serving-certs
           name: adapter-certs-dir
+        - name: keptn-certs
+          mountPath: /tmp/webhook/certs/ 
         {{- if .Values.livenessProbe }}
         livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.livenessProbe "context" $) | nindent 10 }}
          {{- else }}
@@ -122,6 +124,9 @@ spec:
       volumes:
       - emptyDir: {}
         name: adapter-certs-dir
+      - name: keptn-certs
+        secret:
+          secretName: keptn-certs
 {{- if .Values.topologySpreadConstraints }}
       topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }}
 {{- end }}

metrics-operator/config/manager/manager.yaml

@@ -39,6 +39,9 @@ spec:
       volumes:
         - emptyDir: {}
           name: adapter-certs-dir
+        - name: keptn-certs
+          secret:
+            secretName: keptn-certs
       containers:
         - command:
             - /manager
@@ -116,5 +119,7 @@ spec:
           volumeMounts:
             - name: adapter-certs-dir
               mountPath: /tmp/metrics-adapter/serving-certs
+            - name: keptn-certs
+              mountPath: /tmp/webhook/certs/
       serviceAccountName: metrics-operator
       terminationGracePeriodSeconds: 10