From 9b21aede76bbe906ada50cbbcef1d67c2ff0a121 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hans=20M=C3=BCndelein?= <hans@oss.volkswagen.com>
Date: Tue, 30 Mar 2021 08:29:38 +0200
Subject: [PATCH] Add config options to streamline with k8s standards

Many K8s inegrations are controlled via annotations on the resources
e.g Prometheus discovery or load balancer behavior, making them
configurable adds more flexibility to the deployment.

Also the fields in the TLS secret are by default tls.crt and tls.key
making this configurable increases integration with tools like
cert-manager
---
 .../blackduck/templates/serviceaccount.yaml   |  7 ++++++-
 kubernetes/blackduck/templates/webserver.yaml | 21 ++++++++++++++++---
 kubernetes/blackduck/values.yaml              | 19 +++++++++++++++++
 3 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/kubernetes/blackduck/templates/serviceaccount.yaml b/kubernetes/blackduck/templates/serviceaccount.yaml
index de7ee25..d6e46ef 100644
--- a/kubernetes/blackduck/templates/serviceaccount.yaml
+++ b/kubernetes/blackduck/templates/serviceaccount.yaml
@@ -4,5 +4,10 @@ metadata:
   labels:
     {{- include "bd.labelsWithoutVersion" . | nindent 4 }}
     component: serviceaccount
+
+  {{- if .Values.serviceaccount.annotations }}
+  annotations:
+    {{ .Values.serviceaccount.annotations | toYaml}}
+  {{- end }}
   name: {{ .Release.Name }}-blackduck-service-account
-  namespace: {{ .Release.Namespace }}
\ No newline at end of file
+  namespace: {{ .Release.Namespace }}
diff --git a/kubernetes/blackduck/templates/webserver.yaml b/kubernetes/blackduck/templates/webserver.yaml
index be378a0..825a28d 100644
--- a/kubernetes/blackduck/templates/webserver.yaml
+++ b/kubernetes/blackduck/templates/webserver.yaml
@@ -6,6 +6,10 @@ metadata:
     component: webserver
   name: {{ .Release.Name }}-blackduck-webserver
   namespace: {{ .Release.Namespace }}
+  {{- if .Values.webserver.serviceAnnotations }}
+  annotations:
+    {{ .Values.webserver.serviceAnnotations | toYaml}}
+  {{- end }}
 spec:
   ports:
   - name: port-443
@@ -27,6 +31,10 @@ metadata:
     component: route
   name: {{ .Release.Name }}-blackduck
   namespace: {{ .Release.Namespace }}
+  {{- if .Values.webserver.exposedServiceAnnotations }}
+  annotations:
+    {{ .Values.webserver.exposedServiceAnnotations | toYaml}}
+  {{- end }}
 spec:
   host: ""
   port:
@@ -51,6 +59,10 @@ metadata:
     component: webserver-exposed
   name: {{ .Release.Name }}-blackduck-webserver-exposed
   namespace: {{ .Release.Namespace }}
+  {{- if .Values.webserver.exposedServiceAnnotations }}
+  annotations:
+    {{ .Values.webserver.exposedServiceAnnotations | toYaml}}
+  {{- end }}
 spec:
   ports:
     - name: port-443
@@ -95,6 +107,9 @@ spec:
       annotations:
         checksum/blackduck-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/postgres-config: {{ include (print $.Template.BasePath "/postgres-config.yaml") . | sha256sum }}
+        {{- if .Values.webserver.deploymentAnnotations }}
+        {{ .Values.webserver.deploymentAnnotations | toYaml }}
+        {{- end }}
       name: {{ .Release.Name }}-blackduck-webserver
     spec:
       {{- if .Values.enableInitContainer }}
@@ -176,13 +191,13 @@ spec:
         volumeMounts:
         - mountPath: /opt/blackduck/hub/webserver/security
           name: dir-webserver
-        {{- with .Values.tlsCertSecretName }}
+        {{- if .Values.tlsCertSecretName }}
         - mountPath: /tmp/secrets/WEBSERVER_CUSTOM_CERT_FILE
           name: certificate
-          subPath: WEBSERVER_CUSTOM_CERT_FILE
+          subPath: {{ .Values.tlsCertName | default "WEBSERVER_CUSTOM_CERT_FILE" | quote }}
         - mountPath: /tmp/secrets/WEBSERVER_CUSTOM_KEY_FILE
           name: certificate
-          subPath: WEBSERVER_CUSTOM_KEY_FILE
+          subPath: {{ .Values.tlsKeyName | default "WEBSERVER_CUSTOM_KEY_FILE" | quote }}
         {{- end }}
         {{- with .Values.certAuthCACertSecretName }}
         - mountPath: /tmp/secrets/AUTH_CUSTOM_CA
diff --git a/kubernetes/blackduck/values.yaml b/kubernetes/blackduck/values.yaml
index 14523db..2d3f039 100644
--- a/kubernetes/blackduck/values.yaml
+++ b/kubernetes/blackduck/values.yaml
@@ -63,6 +63,18 @@ enableIPV6: true
 # create a generic secret using the following command
 # kubectl create secret generic -n <namespace> <name>-blackduck-webserver-certificate --from-file=WEBSERVER_CUSTOM_CERT_FILE=tls.crt --from-file=WEBSERVER_CUSTOM_KEY_FILE=tls.key
 # tlsCertSecretName: <name>-blackduck-webserver-certificate
+#
+# For secrets generated by other tooling, e.g. cert-manager it might be necessary
+# to change the field names in the tls secret
+# The name of the tls field for the certificate 
+# defaults to WEBSERVER_CUSTOM_CERT_FILE
+# tlsCertName
+#
+# The name of the tls field for the key 
+# defaults to WEBSERVER_CUSTOM_KEY_FILE
+# tlsKeyName
+#
+#
 
 # Certificate Authentication Custom CA certificate for Black Duck (Not Mandatory)
 # create a generic secret using the following command
@@ -399,6 +411,9 @@ webserver:
   podSecurityContext: {}
   securityContext: {}
   resources: {}
+  serviceAnnotations: {}
+  exposedServiceAnnotations: {}
+  deploymentAnnotations: {}
 
 datadog:
   enabled: false
@@ -406,3 +421,7 @@ datadog:
   registry:
   imageTag: "1.0.1"
   imagePullPolicy: IfNotPresent
+
+
+serviceaccount:
+  annotations: {}