From 87ef6f6f9b2a1012a8202f6693a2b3f8ac52961c Mon Sep 17 00:00:00 2001
From: treydock <tdockendorf@osc.edu>
Date: Thu, 2 May 2024 03:33:13 -0400
Subject: [PATCH] Ensure CA certificate ConfigMaps get defined (#10156)

Fixes #10141

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
---
 charts/kyverno/Chart.yaml                           |  2 ++
 charts/kyverno/ci/caCertsConfigMap-values.yaml      | 13 +++++++++++++
 .../templates/admission-controller/configmap.yaml   | 12 ++++++++++++
 .../templates/background-controller/configmap.yaml  | 12 ++++++++++++
 .../templates/reports-controller/configmap.yaml     | 12 ++++++++++++
 5 files changed, 51 insertions(+)
 create mode 100644 charts/kyverno/ci/caCertsConfigMap-values.yaml
 create mode 100644 charts/kyverno/templates/admission-controller/configmap.yaml
 create mode 100644 charts/kyverno/templates/background-controller/configmap.yaml
 create mode 100644 charts/kyverno/templates/reports-controller/configmap.yaml

diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
index 7ec9069b00..05e9073ff6 100644
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@@ -41,6 +41,8 @@ annotations:
       description: Add podLabels to the post-upgrade hook
     - kind: added
       description: Add podLabels to the pre-delete hook
+    - kind: fixed
+      description: Ensure CA certificate config maps are created when data is provided
 dependencies:
   - name: grafana
     version: v0.0.0
diff --git a/charts/kyverno/ci/caCertsConfigMap-values.yaml b/charts/kyverno/ci/caCertsConfigMap-values.yaml
new file mode 100644
index 0000000000..1897ef755e
--- /dev/null
+++ b/charts/kyverno/ci/caCertsConfigMap-values.yaml
@@ -0,0 +1,13 @@
+global:
+  caCertificates:
+    data: |
+      -----BEGIN CERTIFICATE-----
+      MIIBbzCCARWgAwIBAgIQK0Z1j0Q96/LIo4tNHxsPUDAKBggqhkjOPQQDAjAWMRQw
+      EgYDVQQDEwtab2xsZXJMYWJDQTAeFw0yMjA1MTgwODI2NTBaFw0zMjA1MTUwODI2
+      NTBaMBYxFDASBgNVBAMTC1pvbGxlckxhYkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+      AQcDQgAEJxGhyW26O77E7fqFcbzljYzlLq/G7yANNwerWnWUKlW9gcrcPqZwwrTX
+      yaJZpdCWTObvbOyaOxq5NsytC/ubLKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud
+      EwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFDoT1GEM8NYfxSKBkSzg4rpY+xdUMAoG
+      CCqGSM49BAMCA0gAMEUCIQDDLWFn/XJPqpNGXcyjlSJFxlQUJ5Cu/+nDvtbTeUGA
+      NAIgMsVwBafMtmLQFlfvZsE95UYoYUV4ayH+OLTTQaDQOPY=
+      -----END CERTIFICATE-----
diff --git a/charts/kyverno/templates/admission-controller/configmap.yaml b/charts/kyverno/templates/admission-controller/configmap.yaml
new file mode 100644
index 0000000000..d0b2bf66e4
--- /dev/null
+++ b/charts/kyverno/templates/admission-controller/configmap.yaml
@@ -0,0 +1,12 @@
+{{- if or .Values.admissionController.caCertificates.data .Values.global.caCertificates.data }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kyverno.admission-controller.caCertificatesConfigMapName" . }}
+  namespace: {{ template "kyverno.namespace" . }}
+  labels:
+    {{- include "kyverno.admission-controller.labels" . | nindent 4 }}
+data:
+  ca-certificates: |
+    {{ .Values.admissionController.caCertificates.data | default .Values.global.caCertificates.data | indent 4 | trim }}
+{{- end -}}
diff --git a/charts/kyverno/templates/background-controller/configmap.yaml b/charts/kyverno/templates/background-controller/configmap.yaml
new file mode 100644
index 0000000000..6979ca652a
--- /dev/null
+++ b/charts/kyverno/templates/background-controller/configmap.yaml
@@ -0,0 +1,12 @@
+{{- if or .Values.backgroundController.caCertificates.data .Values.global.caCertificates.data -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kyverno.background-controller.caCertificatesConfigMapName" . }}
+  namespace: {{ template "kyverno.namespace" . }}
+  labels:
+    {{- include "kyverno.admission-controller.labels" . | nindent 4 }}
+data:
+  ca-certificates: |
+    {{ .Values.backgroundController.caCertificates.data | default .Values.global.caCertificates.data | indent 4 | trim }}
+{{- end -}}
diff --git a/charts/kyverno/templates/reports-controller/configmap.yaml b/charts/kyverno/templates/reports-controller/configmap.yaml
new file mode 100644
index 0000000000..ad23aa802e
--- /dev/null
+++ b/charts/kyverno/templates/reports-controller/configmap.yaml
@@ -0,0 +1,12 @@
+{{- if or .Values.reportsController.caCertificates.data .Values.global.caCertificates.data -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kyverno.reports-controller.caCertificatesConfigMapName" . }}
+  namespace: {{ template "kyverno.namespace" . }}
+  labels:
+    {{- include "kyverno.admission-controller.labels" . | nindent 4 }}
+data:
+  ca-certificates: |
+    {{ .Values.reportsController.caCertificates.data | default .Values.global.caCertificates.data | indent 4 | trim }}
+{{- end -}}