From af7bbf0626aeec91f1cce5bbe9ab6aabf25b427e Mon Sep 17 00:00:00 2001
From: Ishaan Mittal <ishaanmittal123@gmail.com>
Date: Wed, 4 Dec 2024 19:54:13 +0530
Subject: [PATCH 1/4] add helm config option to mount ca certs to cost model
 container

---
 .../templates/cost-analyzer-deployment-template.yaml  | 11 +++++++++++
 cost-analyzer/values.yaml                             |  3 +++
 2 files changed, 14 insertions(+)

diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
index d1e6d6069..d777173ed 100644
--- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
+++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -126,6 +126,12 @@ spec:
            defaultMode: 420
            secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret | default "federated-store" }}
         {{- end }}
+        {{- if or .Values.kubecostModel.caCertsConfigMap }}
+        - name: ca-certs-config
+          secret:
+           defaultMode: 420
+           secretName: {{ .Values.kubecostModel.caCertsConfigMap}}
+        {{- end }}
         {{- if .Values.kubecostProductConfigs }}
         {{- if and ((.Values.kubecostProductConfigs).productKey).enabled ((.Values.kubecostProductConfigs).productKey).secretname }}
         - name: productkey-secret
@@ -615,6 +621,11 @@ spec:
               mountPath: /var/configs/etl/federated
               readOnly: true
             {{- end }}
+            {{- if or .Values.kubecostModel.caCertsConfigMap }}
+            - name: ca-certs-config
+              mountPath: /etc/pki/ca-trust/source/anchors
+              readOnly: true
+            {{- end }}
             {{- if .Values.kubecostAdmissionController }}
             {{- if .Values.kubecostAdmissionController.enabled }}
             {{- if .Values.kubecostAdmissionController.secretName }}
diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml
index 1f361c4f0..24a8d2f44 100644
--- a/cost-analyzer/values.yaml
+++ b/cost-analyzer/values.yaml
@@ -575,6 +575,9 @@ kubecostModel:
   #         "client_x509_cert_url": ""
   #       }
 
+  # the name of the ConfigMap containing custom CA certs to mount to cost model container
+  caCertsConfigMap: ca-certs-config
+
   # Installs Kubecost/OpenCost plugins
   plugins:
     enabled: false

From de689f80789caf514256e693aa93d80a170df567 Mon Sep 17 00:00:00 2001
From: Ishaan Mittal <ishaanmittal123@gmail.com>
Date: Wed, 4 Dec 2024 21:00:10 +0530
Subject: [PATCH 2/4] update it to be configmap

---
 .../templates/cost-analyzer-deployment-template.yaml         | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
index d777173ed..78af63f22 100644
--- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
+++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -128,9 +128,8 @@ spec:
         {{- end }}
         {{- if or .Values.kubecostModel.caCertsConfigMap }}
         - name: ca-certs-config
-          secret:
-           defaultMode: 420
-           secretName: {{ .Values.kubecostModel.caCertsConfigMap}}
+          configMap:
+           name: {{ .Values.kubecostModel.caCertsConfigMap}}
         {{- end }}
         {{- if .Values.kubecostProductConfigs }}
         {{- if and ((.Values.kubecostProductConfigs).productKey).enabled ((.Values.kubecostProductConfigs).productKey).secretname }}

From 9a7e007fd7bf918d24f4d9dc64170ce35f8ce09c Mon Sep 17 00:00:00 2001
From: Ishaan Mittal <ishaanmittal123@gmail.com>
Date: Wed, 4 Dec 2024 21:31:02 +0530
Subject: [PATCH 3/4] shift from config map tp secret

---
 .../cost-analyzer-deployment-template.yaml         | 14 +++++++-------
 cost-analyzer/values.yaml                          |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
index 78af63f22..3f3ca9b2a 100644
--- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
+++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -126,10 +126,11 @@ spec:
            defaultMode: 420
            secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret | default "federated-store" }}
         {{- end }}
-        {{- if or .Values.kubecostModel.caCertsConfigMap }}
-        - name: ca-certs-config
-          configMap:
-           name: {{ .Values.kubecostModel.caCertsConfigMap}}
+        {{- if or .Values.kubecostModel.caCertsSecret }}
+        - name: ca-certs-secret
+          secret:
+           defaultMode: 420
+           secretName: {{ .Values.kubecostModel.caCertsSecret}}
         {{- end }}
         {{- if .Values.kubecostProductConfigs }}
         {{- if and ((.Values.kubecostProductConfigs).productKey).enabled ((.Values.kubecostProductConfigs).productKey).secretname }}
@@ -620,10 +621,9 @@ spec:
               mountPath: /var/configs/etl/federated
               readOnly: true
             {{- end }}
-            {{- if or .Values.kubecostModel.caCertsConfigMap }}
-            - name: ca-certs-config
+            {{- if or .Values.kubecostModel.caCertsSecret }}
+            - name: ca-certs-secret
               mountPath: /etc/pki/ca-trust/source/anchors
-              readOnly: true
             {{- end }}
             {{- if .Values.kubecostAdmissionController }}
             {{- if .Values.kubecostAdmissionController.enabled }}
diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml
index 24a8d2f44..16dfe52f7 100644
--- a/cost-analyzer/values.yaml
+++ b/cost-analyzer/values.yaml
@@ -575,8 +575,8 @@ kubecostModel:
   #         "client_x509_cert_url": ""
   #       }
 
-  # the name of the ConfigMap containing custom CA certs to mount to cost model container
-  caCertsConfigMap: ca-certs-config
+  # the name of the Secret containing custom CA certs to mount to cost model container
+  # caCertsSecret: ca-certs-secret
 
   # Installs Kubecost/OpenCost plugins
   plugins:

From 6705eed5e382be7f527c281a926a99ab8b3801de Mon Sep 17 00:00:00 2001
From: Ishaan Mittal <ishaanmittal123@gmail.com>
Date: Thu, 5 Dec 2024 00:26:11 +0530
Subject: [PATCH 4/4] nit fix

---
 .../templates/cost-analyzer-deployment-template.yaml          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
index 3f3ca9b2a..5cbfdafd1 100644
--- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
+++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -126,7 +126,7 @@ spec:
            defaultMode: 420
            secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret | default "federated-store" }}
         {{- end }}
-        {{- if or .Values.kubecostModel.caCertsSecret }}
+        {{- if .Values.kubecostModel.caCertsSecret }}
         - name: ca-certs-secret
           secret:
            defaultMode: 420
@@ -621,7 +621,7 @@ spec:
               mountPath: /var/configs/etl/federated
               readOnly: true
             {{- end }}
-            {{- if or .Values.kubecostModel.caCertsSecret }}
+            {{- if .Values.kubecostModel.caCertsSecret }}
             - name: ca-certs-secret
               mountPath: /etc/pki/ca-trust/source/anchors
             {{- end }}