From be7fdd061e1a485a02e83fc0a651d72a69781844 Mon Sep 17 00:00:00 2001
From: Erwan Vallienne <135604788+erwanval@users.noreply.github.com>
Date: Tue, 25 Jun 2024 16:40:21 +0200
Subject: [PATCH] Add secretTemplate annotations and labels to certificates,
 and annotations to lapi deploy and agent daemonset (#167)

---
 charts/crowdsec/templates/agent-daemonSet.yaml        |  4 ++++
 charts/crowdsec/templates/lapi-deployment.yaml        |  4 ++++
 charts/crowdsec/templates/tls/agent-certificate.yaml  |  7 +++++++
 .../crowdsec/templates/tls/bouncer-certificate.yaml   |  7 +++++++
 charts/crowdsec/templates/tls/lapi-certificate.yaml   | 11 +++++++++++
 charts/crowdsec/values.yaml                           | 10 ++++++++++
 6 files changed, 43 insertions(+)

diff --git a/charts/crowdsec/templates/agent-daemonSet.yaml b/charts/crowdsec/templates/agent-daemonSet.yaml
index 007cfdf..f14f645 100644
--- a/charts/crowdsec/templates/agent-daemonSet.yaml
+++ b/charts/crowdsec/templates/agent-daemonSet.yaml
@@ -9,6 +9,10 @@ metadata:
     k8s-app: {{ .Release.Name }}
     type: agent
     version: v1
+  {{- if .Values.agent.daemonsetAnnotations }}
+  annotations:
+  {{ toYaml .Values.agent.daemonsetAnnotations | trim | indent 4 }}
+  {{- end }}
 spec:
   selector:
     matchLabels:
diff --git a/charts/crowdsec/templates/lapi-deployment.yaml b/charts/crowdsec/templates/lapi-deployment.yaml
index ba68292..4d2fed7 100644
--- a/charts/crowdsec/templates/lapi-deployment.yaml
+++ b/charts/crowdsec/templates/lapi-deployment.yaml
@@ -9,6 +9,10 @@ metadata:
     k8s-app: {{ .Release.Name }}
     type: lapi
     version: v1
+  {{- if .Values.lapi.deployAnnotations }}
+  annotations:
+  {{ toYaml .Values.lapi.deployAnnotations | trim | indent 4 }}
+  {{- end }}
 spec:
   replicas: {{ .Values.lapi.replicas }}
   selector:
diff --git a/charts/crowdsec/templates/tls/agent-certificate.yaml b/charts/crowdsec/templates/tls/agent-certificate.yaml
index 336db30..08d0936 100644
--- a/charts/crowdsec/templates/tls/agent-certificate.yaml
+++ b/charts/crowdsec/templates/tls/agent-certificate.yaml
@@ -18,6 +18,13 @@ spec:
       reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: {{ join "," .Values.tls.agent.reflector.namespaces }}
       reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
       {{ end }}
+      {{ if .Values.tls.certManager.secretTemplate.annotations }}
+      {{ toYaml .Values.tls.certManager.secretTemplate.annotations | nindent 6 }}
+      {{ end }}
+    {{ if .Values.tls.certManager.secretTemplate.labels }}
+    labels:
+    {{ toYaml .Values.tls.certManager.secretTemplate.labels | nindent 6 }}
+    {{ end }}
   issuerRef:
     {{ if .Values.tls.certManager.issuerRef }}
     name: {{ .Values.tls.certManager.issuerRef.name }}
diff --git a/charts/crowdsec/templates/tls/bouncer-certificate.yaml b/charts/crowdsec/templates/tls/bouncer-certificate.yaml
index 47a7217..95f8f09 100644
--- a/charts/crowdsec/templates/tls/bouncer-certificate.yaml
+++ b/charts/crowdsec/templates/tls/bouncer-certificate.yaml
@@ -18,6 +18,13 @@ spec:
       reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: {{ join "," .Values.tls.bouncer.reflector.namespaces }}
       reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
       {{ end }}
+      {{ if .Values.tls.certManager.secretTemplate.annotations }}
+      {{ toYaml .Values.tls.certManager.secretTemplate.annotations | nindent 6 }}
+      {{ end }}
+    {{ if .Values.tls.certManager.secretTemplate.labels }}
+    labels:
+    {{ toYaml .Values.tls.certManager.secretTemplate.labels | nindent 6 }}
+    {{ end }}
   issuerRef:
     {{ if .Values.tls.certManager.issuerRef }}
     name: {{ .Values.tls.certManager.issuerRef.name }}
diff --git a/charts/crowdsec/templates/tls/lapi-certificate.yaml b/charts/crowdsec/templates/tls/lapi-certificate.yaml
index caaa4ef..a5156ab 100644
--- a/charts/crowdsec/templates/tls/lapi-certificate.yaml
+++ b/charts/crowdsec/templates/tls/lapi-certificate.yaml
@@ -21,4 +21,15 @@ spec:
     {{ else }}
     name: {{ .Release.Name }}-ca-issuer
     {{ end }}
+  {{ if or .Values.tls.certManager.secretTemplate.annotations .Values.tls.certManager.secretTemplate.labels }}
+  secretTemplate:
+    {{ if .Values.tls.certManager.secretTemplate.annotations }}
+    annotations:
+    {{ toYaml .Values.tls.certManager.secretTemplate.annotations | nindent 6 }}
+    {{ end }}
+    {{ if .Values.tls.certManager.secretTemplate.labels }}
+    labels:
+    {{ toYaml .Values.tls.certManager.secretTemplate.labels | nindent 6 }}
+    {{ end }}
+  {{ end }}
 {{ end }}
diff --git a/charts/crowdsec/values.yaml b/charts/crowdsec/values.yaml
index 5f34b8e..be63d93 100644
--- a/charts/crowdsec/values.yaml
+++ b/charts/crowdsec/values.yaml
@@ -113,6 +113,10 @@ tls:
     issuerRef: {}
       # name: ""
       # kind: "ClusterIssuer"
+    # -- Add annotations and/or labels to generated secret
+    secretTemplate:
+      annotations: {}
+      labels: {}
     # -- duration for Certificate resources
     duration: 2160h # 90d
     # -- renewBefore for Certificate resources
@@ -166,6 +170,9 @@ lapi:
   # -- pod priority class name
   priorityClassName: ""
 
+  # -- Annotations to be added to lapi deployment
+  deployAnnotations: {}
+
   # -- Annotations to be added to lapi pods, if global podAnnotations are not set
   podAnnotations: {}
 
@@ -310,6 +317,9 @@ agent:
   # -- pod priority class name
   priorityClassName: ""
 
+  # -- Annotations to be added to agent daemonset
+  daemonsetAnnotations: {}
+
   # -- Annotations to be added to agent pods, if global podAnnotations are not set
   podAnnotations: {}