Merge pull request #451 from truefoundry/added_env_support

added support for env and subPath
truefoundry · Jul 8, 2024 · f91ca3d · f91ca3d
2 parents e4ceca5 + caa3ed4
commit f91ca3d
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 18 deletions.
diff --git a/charts/tfy-kyverno-config/Chart.yaml b/charts/tfy-kyverno-config/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 name: tfy-kyverno-config
 description: A Helm chart for kyverno configuration
 type: application
-version: 0.1.2
+version: 0.1.3
diff --git a/charts/tfy-kyverno-config/README.md b/charts/tfy-kyverno-config/README.md
@@ -5,14 +5,16 @@ A Helm chart for kyverno configurations
 
 ### Configuration options for adding a CA certificate volume
 
-| Name                                               | Description                                                                    | Value         |
-| -------------------------------------------------- | ------------------------------------------------------------------------------ | ------------- |
-| `addCaCertificateVolume.enabled`                   | Enable or disable adding the CA certificate volume                             | `false`       |
-| `addCaCertificateVolume.sourceNamespace`           | The namespace where the source ConfigMap is located                            | `truefoundry` |
-| `addCaCertificateVolume.sourceConfigMap.name`      | The source ConfigMap name that contains the CA certificate                     | `ca-pemstore` |
-| `addCaCertificateVolume.destinationConfigMap.name` | The destination ConfigMap name where the CA certificate volume will be mounted | `ca-pemstore` |
-| `addCaCertificateVolume.excludeNamespaces`         | Namespaces to exclude from adding the CA certificate volume                    | `[]`          |
-| `addCaCertificateVolume.injectionConfigs`          | Configuration options for injecting the CA certificate volume                  | `[]`          |
+| Name                                               | Description                                                                    | Value   |
+| -------------------------------------------------- | ------------------------------------------------------------------------------ | ------- |
+| `addCaCertificateVolume.enabled`                   | Enable or disable adding the CA certificate volume                             | `false` |
+| `addCaCertificateVolume.sourceNamespace`           | The namespace where the source ConfigMap is located                            | `""`    |
+| `addCaCertificateVolume.sourceConfigMap.name`      | The source ConfigMap name that contains the CA certificate                     | `""`    |
+| `addCaCertificateVolume.sourceConfigMap.subPath`   | The subPath in the source ConfigMap where the CA certificate is located        | `""`    |
+| `addCaCertificateVolume.destinationConfigMap.name` | The destination ConfigMap name where the CA certificate volume will be mounted | `""`    |
+| `addCaCertificateVolume.excludeNamespaces`         | Namespaces to exclude from adding the CA certificate volume                    | `[]`    |
+| `addCaCertificateVolume.injectionConfigs`          | Configuration options for injecting the CA certificate volume                  | `[]`    |
+| `addCaCertificateVolume.envs`                      | Env variables to inject to the selected containers                             | `[]`    |
 
 ### replaceImageRegistry Configuration options for replacing the image registry
 

diff --git a/charts/tfy-kyverno-config/templates/add-cert-volume-cm.yaml b/charts/tfy-kyverno-config/templates/add-cert-volume-cm.yaml
@@ -51,28 +51,45 @@ spec:
           spec:
             containers:
             - name: {{`"{{element.name}}"`}}
+              env:
+                {{- range $index, $env := $.Values.addCaCertificateVolume.envs }}
+                - name: {{$env.name}}
+                  value: {{$env.value}}
+                {{- end }}
               volumeMounts:
               {{- range $index, $mountPath := $injectionConfig.mountPaths }}
-              - name: injected-ca-cert
+              - name: ca-bundle-cert
                 mountPath: {{$mountPath}}
+                {{- if $.Values.addCaCertificateVolume.sourceConfigMap.subPath }}
+                subPath: {{ $.Values.addCaCertificateVolume.sourceConfigMap.subPath }}
+                {{- end }}
               {{- end }}
             volumes:
-            - name: injected-ca-cert
+            - name: ca-bundle-cert
               configMap:
                 name: {{ $.Values.addCaCertificateVolume.destinationConfigMap.name }}
       - list: "request.object.spec.initContainers || []"
         patchStrategicMerge:
           spec:
             initContainers:
             - name: {{`"{{element.name}}"`}}
+              env:
+                {{- range $index, $env := $.Values.addCaCertificateVolume.envs }}
+                - name: {{$env.name}}
+                  value: {{$env.value}}
+                {{- end }}
               volumeMounts:
               {{- range $index, $mountPath := $injectionConfig.mountPaths }}
-              - name: injected-ca-cert
+              - name: ca-bundle-cert
                 mountPath: {{$mountPath}}
+                {{- if $.Values.addCaCertificateVolume.sourceConfigMap.subPath }}
+                subPath: {{ $.Values.addCaCertificateVolume.sourceConfigMap.subPath }}
+                {{- end }}
               {{- end }}
             volumes:
-            - name: etc-ssl-certs
+            - name: ca-bundle-cert
               configMap:
                 name: {{ $.Values.addCaCertificateVolume.destinationConfigMap.name }}
+                defaultMode: 420
   {{- end }}
 {{- end -}}
diff --git a/charts/tfy-kyverno-config/values.yaml b/charts/tfy-kyverno-config/values.yaml
@@ -5,23 +5,27 @@ addCaCertificateVolume:
   ## @param addCaCertificateVolume.enabled Enable or disable adding the CA certificate volume
   enabled: false
   ## @param addCaCertificateVolume.sourceNamespace The namespace where the source ConfigMap is located
-  sourceNamespace: truefoundry
+  sourceNamespace: ""
   sourceConfigMap:
     ## @param addCaCertificateVolume.sourceConfigMap.name The source ConfigMap name that contains the CA certificate
-    name: ca-pemstore
+    name: ""
+    ## @param addCaCertificateVolume.sourceConfigMap.subPath The subPath in the source ConfigMap where the CA certificate is located
+    subPath: ""
   destinationConfigMap:
     ## @param addCaCertificateVolume.destinationConfigMap.name The destination ConfigMap name where the CA certificate volume will be mounted
-    name: ca-pemstore
+    name: ""
+  ## @param addCaCertificateVolume.excludeNamespaces Namespaces to exclude from adding the CA certificate volume
+  excludeNamespaces: []
   ## Ex -
   ## - label: 
   ##     key: "app.kubernetes.io/instance"
   ##     value: "truefoundry"
   ##   mountPaths:
   ##     - /etc/ssl/certs
-  ## @param addCaCertificateVolume.excludeNamespaces Namespaces to exclude from adding the CA certificate volume
-  excludeNamespaces: []
   ## @param addCaCertificateVolume.injectionConfigs Configuration options for injecting the CA certificate volume
   injectionConfigs: []
+  ## @param addCaCertificateVolume.envs Env variables to inject to the selected containers
+  envs: []
 
 ## @section replaceImageRegistry Configuration options for replacing the image registry
 replaceImageRegistry: