feat(chart): add ability to mount custom certs (#395)

* feat(chart): add ability to mount custom certs

* quote volume mount variables

* add configmap with embedded cert

* fix(templates): validate certificate fields and ensure accurate ConfigMap creation logic

* refactor(helm): simplify certificate configuration and clean up unused fields in values and templates

* fix: update configMap naming to include deployment-operator fullname prefix

Author: floreks

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23-alpine3.20 AS builder
+FROM golang:1.23-alpine3.21 AS builder
 
 ARG TARGETARCH
 
@@ -19,7 +19,7 @@ COPY /internal internal/
 # Build
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -a -o deployment-agent cmd/agent/*.go
 
-FROM alpine:3.20
+FROM alpine:3.21
 WORKDIR /workspace
 
 RUN mkdir /.kube && chown 65532:65532 /.kube

charts/deployment-operator/templates/configmap.yaml

@@ -8,3 +8,16 @@ metadata:
 data:
   ca.crt: {{ .Values.agentk.config.caCert | quote }}
 {{- end }}
+
+
+{{- range $cert := .Values.certs }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "deployment-operator.fullname" $ }}-{{ $cert.name }}
+  labels:
+    {{- include "deployment-operator.labels" $ | nindent 4 }}
+data:
+  {{ $cert.file }}: {{ $cert.data | quote }}
+{{- end }}

charts/deployment-operator/templates/deployment.yaml

@@ -63,6 +63,11 @@ spec:
           volumeMounts:
             - name: temp
               mountPath: /tmp
+          {{- range $cert := .Values.certs }}
+            - name: {{ $cert.name }}
+              mountPath: "/etc/ssl/certs/{{ $cert.file }}"
+              subPath: "{{ $cert.file }}"
+          {{- end }}
           {{ if .Values.additionalVolumeMounts }}
           {{ toYaml .Values.additionalVolumeMounts | nindent 12 }}
           {{ end }}
@@ -171,6 +176,11 @@ spec:
             defaultMode: 0444
             name: {{ include "deployment-operator.fullname" . }}
         {{- end }}
+        {{- range $cert := .Values.certs }}
+        - name: {{ $cert.name }}
+          configMap:
+            name: {{ include "deployment-operator.fullname" $ }}-{{ $cert.name }}
+        {{- end }}
         {{ if .Values.additionalVolumes }}
         {{ toYaml .Values.additionalVolumes | nindent 8 }}
         {{ end }}

charts/deployment-operator/values.yaml

@@ -5,6 +5,22 @@
 additionalVolumes: ~
 additionalVolumeMounts: ~
 
+# Allows mounting custom certs to deployment operator.
+# Certificates are mounted to the "/etc/ssl/certs" directory.
+# An array of files can be provided. Every file will be mounted
+# on a specific subpath to ensure that multiple files can be mounted
+# without overriding each other.
+#
+# In order to override default "ca-certificates.crt" simply
+# provide a "file: ca-certificates.crt" when providing custom certs.
+# It will be mounted on a subpath to override only this single file.
+#
+# Example usage:
+#  - name: ca-pemstore
+#    data: xyz
+#    file: my-cert.pem
+certs: []
+
 replicaCount: 1
 
 livenessProbe: