From 04b80aa6a22a4a1be6964e23040716959f53cd47 Mon Sep 17 00:00:00 2001 From: Ishaan Mittal Date: Tue, 10 Dec 2024 19:46:30 +0530 Subject: [PATCH] add option for both secret and config map and template imagePullPolicy --- cost-analyzer/templates/NOTES.txt | 1 + cost-analyzer/templates/_helpers.tpl | 10 ++++++++++ .../templates/cost-analyzer-deployment-template.yaml | 11 ++++++++++- cost-analyzer/values.yaml | 1 + 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/cost-analyzer/templates/NOTES.txt b/cost-analyzer/templates/NOTES.txt index 5bed747ed..e653b3e71 100644 --- a/cost-analyzer/templates/NOTES.txt +++ b/cost-analyzer/templates/NOTES.txt @@ -10,6 +10,7 @@ {{- include "prometheusRetentionCheck" . -}} {{- include "clusterIDCheck" . -}} {{- include "kubeRBACProxyBearerTokenCheck" . -}} +{{- include "caCertsSecretConfigCheck" . -}} {{- $servicePort := .Values.service.port | default 9090 }} Kubecost {{ .Chart.Version }} has been successfully installed. diff --git a/cost-analyzer/templates/_helpers.tpl b/cost-analyzer/templates/_helpers.tpl index faf94e1b5..9a95031ca 100755 --- a/cost-analyzer/templates/_helpers.tpl +++ b/cost-analyzer/templates/_helpers.tpl @@ -1447,6 +1447,16 @@ for more information {{- end }} {{- end }} +{{- define "caCertsSecretConfigCheck" }} + {{- if .Values.kubecostModel.updateCaTrust.enabled }} + {{- if and .Values.kubecostModel.updateCaTrust.caCertsSecret .Values.kubecostModel.updateCaTrust.caCertsConfig }} + {{- fail "Both caCertsSecret and caCertsConfig are defined. Please specify only one." }} + {{- else if and (not .Values.kubecostModel.updateCaTrust.caCertsSecret) (not .Values.kubecostModel.updateCaTrust.caCertsConfig) }} + {{- fail "Neither caCertsSecret nor caCertsConfig is defined, but updateCaTrust is enabled. Please specify one." }} + {{- end }} + {{- end }} +{{- end }} + {{- define "clusterControllerEnabled" }} {{- if (.Values.clusterController).enabled }} {{- printf "true" -}} diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index a54754697..022b63ff1 100644 --- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -128,9 +128,14 @@ spec: {{- end }} {{- if .Values.kubecostModel.updateCaTrust.enabled }} - name: ca-certs-secret + {{- if .Values.kubecostModel.updateCaTrust.caCertsSecret }} secret: defaultMode: 420 secretName: {{ .Values.kubecostModel.updateCaTrust.caCertsSecret }} + {{- else }} + configMap: + name: {{ .Values.kubecostModel.updateCaTrust.caCertsConfig }} + {{- end }} - name: ssl-path emptyDir: {} {{- end }} @@ -356,7 +361,11 @@ spec: {{- if .Values.kubecostModel.updateCaTrust.enabled }} - name: update-ca-trust image: {{ include "cost-model.image" . | trim | quote}} - imagePullPolicy: IfNotPresent + {{- if .Values.kubecostModel.imagePullPolicy }} + imagePullPolicy: {{ .Values.kubecostModel.imagePullPolicy }} + {{- else }} + imagePullPolicy: Always + {{- end }} {{- with .Values.kubecostModel.updateCaTrust.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index fce97edd0..0ee49cf22 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -589,6 +589,7 @@ kubecostModel: seccompProfile: type: RuntimeDefault caCertsSecret: ca-certs-secret # The name of the Secret containing custom CA certificates to mount to the cost-model container. + # caCertsConfig: ca-certs-config # The name of the ConfigMap containing the CA trust configuration. resources: {} # Resource requests and limits for the init container. caCertsMountPath: /etc/pki/ca-trust/source/anchors # The path where the custom CA certificates will be mounted in the init container