From 382c8c4ca094ba00725f374e118920897dbad723 Mon Sep 17 00:00:00 2001
From: Brian Provenzano <bproven@gmail.com>
Date: Tue, 18 Oct 2022 00:52:57 -0600
Subject: [PATCH] Enable adding annotations to configmaps in the helm chart
 (#4984)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: add user info in admission request logs (#4969)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* fix: missing autogen rules in status (#4971)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* fix: config reloading not working correctly (#4951)

* fix: config reloading not working correctly

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* enable adding annotations to configmaps in the helm chart

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* add entry to artifacthub.io release notes in Chart.yaml

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* change name of annotation keys; codegen the readme docs

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* feat: Add container registry setting on Helm Chart (#4281)

To make the customization of the container registries easier, eg.
a custom private registry, this change adds a new property on the
images configuration to allow setting a custom image registry
without needing to customize the repository of the image.

Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>
Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Samuel Torres <samuelpirestorres@gmail.com>
---
 charts/kyverno/Chart.yaml                      | 6 ++++--
 charts/kyverno/README.md                       | 4 +++-
 charts/kyverno/templates/configmap.yaml        | 4 ++++
 charts/kyverno/templates/metricsconfigmap.yaml | 4 ++++
 charts/kyverno/values.yaml                     | 6 ++++++
 5 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
index 5ea58b5e9b..7258fc7b99 100644
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@@ -42,7 +42,9 @@ annotations:
       description: Extra args support for init container.
     - kind: added
       description: Allow overriding of test security context and resource block.
-    - kind: added
-      description: Add startup probes support
     - kind: added
       description: Added possibility to define custom image registries
+    - kind: added
+      description: Enable adding optional annotations to configmaps
+    - kind: added
+      description: Add startup probes support
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 1f02df15e4..7de085b28b 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -178,11 +178,13 @@ The command removes all the Kubernetes components associated with the chart and
 | resourceFiltersExcludeNamespaces | list | `[]` | resourceFilter namespace exclude Namespaces to exclude from the default resourceFilters |
 | config.resourceFilters | list | See [values.yaml](values.yaml) | Resource types to be skipped by the Kyverno policy engine. Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list. These are joined together without spaces, run through `tpl`, and the result is set in the config map. |
 | config.existingConfig | string | `""` | Name of an existing config map (ignores default/provided resourceFilters) |
+| config.annotations | object | `{}` | Additional annotations to add to the configmap |
 | config.excludeGroupRole | string | `nil` | Exclude group role |
 | config.excludeUsername | string | `nil` | Exclude username |
 | config.webhooks | string | `nil` | Defines the `namespaceSelector` in the webhook configurations. Note that it takes a list of `namespaceSelector` and/or `objectSelector` in the JSON format, and only the first element will be forwarded to the webhook configurations. The Kyverno namespace is excluded if `excludeKyvernoNamespace` is `true` (default) |
 | config.generateSuccessEvents | bool | `false` | Generate success events. |
-| config.metricsConfig | object | `{"namespaces":{"exclude":[],"include":[]}}` | Metrics config. |
+| config.metricsConfig | object | `{"annotations":{},"namespaces":{"exclude":[],"include":[]}}` | Metrics config. |
+| config.metricsConfig.annotations | object | `{}` | Additional annotations to add to the metricsconfigmap |
 | updateStrategy | object | See [values.yaml](values.yaml) | Deployment update strategy. Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy |
 | service.port | int | `443` | Service port. |
 | service.type | string | `"ClusterIP"` | Service type. |
diff --git a/charts/kyverno/templates/configmap.yaml b/charts/kyverno/templates/configmap.yaml
index 37c045e26c..4aa280a4fd 100644
--- a/charts/kyverno/templates/configmap.yaml
+++ b/charts/kyverno/templates/configmap.yaml
@@ -4,6 +4,10 @@ kind: ConfigMap
 metadata:
   labels: {{ include "kyverno.labels" . | nindent 4 }}
     app: kyverno
+  {{- with .Values.config.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   name: {{ template "kyverno.configMapName" . }}
   namespace: {{ template "kyverno.namespace" . }}
 data:
diff --git a/charts/kyverno/templates/metricsconfigmap.yaml b/charts/kyverno/templates/metricsconfigmap.yaml
index e9be52c08a..0e08473fa5 100644
--- a/charts/kyverno/templates/metricsconfigmap.yaml
+++ b/charts/kyverno/templates/metricsconfigmap.yaml
@@ -4,6 +4,10 @@ kind: ConfigMap
 metadata:
   labels: {{ include "kyverno.labels" . | nindent 4 }}
     app: kyverno
+  {{- with .Values.config.metricsConfig.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   name: {{ template "kyverno.metricsConfigMapName" . }}
   namespace: {{ template "kyverno.namespace" . }}
 {{- if .Values.config.metricsConfig }}
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index 1a548b6732..b4e05b9918 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -329,6 +329,9 @@ config:
 
   # -- Name of an existing config map (ignores default/provided resourceFilters)
   existingConfig: ''
+  # -- Additional annotations to add to the configmap
+  annotations: {}
+    # example.com/annotation: foo
   # -- Exclude group role
   excludeGroupRole:
   # - ''
@@ -358,6 +361,9 @@ config:
   generateSuccessEvents: false
   # -- Metrics config.
   metricsConfig:
+    # -- Additional annotations to add to the metricsconfigmap
+    annotations: {}
+      # example.com/annotation: foo
     namespaces: {
       "include": [],
       "exclude": []