From 0ce3553e7f72d87ee870eefd341503b190105261 Mon Sep 17 00:00:00 2001
From: Aaron Aichlmayr <aaichlmayr@conquestcyber.com>
Date: Wed, 28 Dec 2022 18:31:48 -0600
Subject: [PATCH] Adding the ability to set volumes and volumeMounts to all
 pods

Signed-off-by: Aaron Aichlmayr <aaichlmayr@conquestcyber.com>
---
 .../templates/cainjector-deployment.yaml           |  8 ++++++++
 .../templates/startupapicheck-job.yaml             | 11 +++++++++++
 .../cert-manager/templates/webhook-deployment.yaml | 14 ++++++++++++--
 .../templates/webhook-psp-clusterrole.yaml         |  2 +-
 deploy/charts/cert-manager/values.yaml             | 12 ++++++++++++
 5 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml
index fbfed0fce..1275456fa 100644
--- a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml
+++ b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml
@@ -90,6 +90,10 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with .Values.cainjector.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
       {{- with .Values.cainjector.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -106,4 +110,8 @@ spec:
       topologySpreadConstraints:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.cainjector.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
 {{- end }}
diff --git a/deploy/charts/cert-manager/templates/startupapicheck-job.yaml b/deploy/charts/cert-manager/templates/startupapicheck-job.yaml
index f55b5fe15..9d9a090e0 100644
--- a/deploy/charts/cert-manager/templates/startupapicheck-job.yaml
+++ b/deploy/charts/cert-manager/templates/startupapicheck-job.yaml
@@ -34,6 +34,9 @@ spec:
     spec:
       restartPolicy: OnFailure
       serviceAccountName: {{ template "startupapicheck.serviceAccountName" . }}
+      {{- if hasKey .Values.startupapicheck "automountServiceAccountToken" }}
+      automountServiceAccountToken: {{ .Values.startupapicheck.automountServiceAccountToken }}
+      {{- end }}
       {{- with .Values.global.priorityClassName }}
       priorityClassName: {{ . | quote }}
       {{- end }}
@@ -62,6 +65,10 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with .Values.startupapicheck.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
       {{- with .Values.startupapicheck.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -74,4 +81,8 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.startupapicheck.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
 {{- end }}
diff --git a/deploy/charts/cert-manager/templates/webhook-deployment.yaml b/deploy/charts/cert-manager/templates/webhook-deployment.yaml
index 259a96c79..dac98504c 100644
--- a/deploy/charts/cert-manager/templates/webhook-deployment.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-deployment.yaml
@@ -146,10 +146,15 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-          {{- if .Values.webhook.config }}
+          {{- if or .Values.webhook.config (gt (len .Values.webhook.volumeMounts) 0) }}
           volumeMounts:
+            {{- if .Values.webhook.config }}
             - name: config
               mountPath: /var/cert-manager/config
+            {{- end }}
+            {{- if (gt (len .Values.webhook.volumeMounts) 0) }}
+            {{- toYaml .Values.webhook.volumeMounts | nindent 10 }}
+            {{- end }}
           {{- end }}
       {{- with .Values.webhook.nodeSelector }}
       nodeSelector:
@@ -167,9 +172,14 @@ spec:
       topologySpreadConstraints:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.webhook.config }}
+      {{- if or .Values.webhook.config (gt (len .Values.webhook.volumes) 0) }}
       volumes:
+        {{- if .Values.webhook.config }}
         - name: config
           configMap:
             name: {{ include "webhook.fullname" . }}
+        {{- end }}
+        {{- if (gt (len .Values.webhook.volumes) 0) }}
+        {{- toYaml .Values.webhook.volumes | nindent 8 }}
+        {{- end }}
       {{- end }}
diff --git a/deploy/charts/cert-manager/templates/webhook-psp-clusterrole.yaml b/deploy/charts/cert-manager/templates/webhook-psp-clusterrole.yaml
index 2a8808e7d..f6fa4c55e 100644
--- a/deploy/charts/cert-manager/templates/webhook-psp-clusterrole.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-psp-clusterrole.yaml
@@ -15,4 +15,4 @@ rules:
   verbs:     ['use']
   resourceNames:
   - {{ template "webhook.fullname" . }}
-{{- end }} 
+{{- end }}
diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml
index 1f2bee887..64b0b8d9d 100644
--- a/deploy/charts/cert-manager/values.yaml
+++ b/deploy/charts/cert-manager/values.yaml
@@ -424,6 +424,9 @@ webhook:
       - ipBlock:
           cidr: 0.0.0.0/0
 
+  volumes: []
+  volumeMounts: []
+
 cainjector:
   enabled: true
   replicaCount: 1
@@ -512,6 +515,9 @@ cainjector:
   # Automounting API credentials for a particular pod
   # automountServiceAccountToken: true
 
+  volumes: []
+  volumeMounts: []
+
 acmesolver:
   image:
     repository: quay.io/jetstack/cert-manager-acmesolver
@@ -609,6 +615,9 @@ startupapicheck:
       helm.sh/hook-weight: "-5"
       helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
 
+  # Automounting API credentials for a particular pod
+  # automountServiceAccountToken: true
+
   serviceAccount:
     # Specifies whether a service account should be created
     create: true
@@ -628,3 +637,6 @@ startupapicheck:
 
     # Optional additional labels to add to the startupapicheck's ServiceAccount
     # labels: {}
+
+  volumes: []
+  volumeMounts: []