From ff74071167649a58a75d5878fe380770d0d0771a Mon Sep 17 00:00:00 2001
From: Ishaan Mittal <ishaanmittal123@gmail.com>
Date: Thu, 5 Dec 2024 02:11:24 +0530
Subject: [PATCH] add helm config option to mount ca certs to cost model
 container (#3760)

* add helm config option to mount ca certs to cost model container

* update it to be configmap

* shift from config map tp secret

* nit fix
---
 .../templates/cost-analyzer-deployment-template.yaml   | 10 ++++++++++
 cost-analyzer/values.yaml                              |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
index d1e6d6069..5cbfdafd1 100644
--- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
+++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -126,6 +126,12 @@ spec:
            defaultMode: 420
            secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret | default "federated-store" }}
         {{- end }}
+        {{- if .Values.kubecostModel.caCertsSecret }}
+        - name: ca-certs-secret
+          secret:
+           defaultMode: 420
+           secretName: {{ .Values.kubecostModel.caCertsSecret}}
+        {{- end }}
         {{- if .Values.kubecostProductConfigs }}
         {{- if and ((.Values.kubecostProductConfigs).productKey).enabled ((.Values.kubecostProductConfigs).productKey).secretname }}
         - name: productkey-secret
@@ -615,6 +621,10 @@ spec:
               mountPath: /var/configs/etl/federated
               readOnly: true
             {{- end }}
+            {{- if .Values.kubecostModel.caCertsSecret }}
+            - name: ca-certs-secret
+              mountPath: /etc/pki/ca-trust/source/anchors
+            {{- end }}
             {{- if .Values.kubecostAdmissionController }}
             {{- if .Values.kubecostAdmissionController.enabled }}
             {{- if .Values.kubecostAdmissionController.secretName }}
diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml
index 1f361c4f0..16dfe52f7 100644
--- a/cost-analyzer/values.yaml
+++ b/cost-analyzer/values.yaml
@@ -575,6 +575,9 @@ kubecostModel:
   #         "client_x509_cert_url": ""
   #       }
 
+  # the name of the Secret containing custom CA certs to mount to cost model container
+  # caCertsSecret: ca-certs-secret
+
   # Installs Kubecost/OpenCost plugins
   plugins:
     enabled: false