From ae11d33da056b1e881848784c96426bb549c8372 Mon Sep 17 00:00:00 2001
From: Peter <peter.fiddes@gmail.com>
Date: Thu, 20 Jun 2024 10:36:27 +0100
Subject: [PATCH 1/2] feat: enable volumes and volumeMounts to be passed to the
 jetstack-agent deployment

Signed-off-by: Peter <peter.fiddes@gmail.com>
---
 deploy/charts/jetstack-agent/README.md        |  7 ++++--
 .../jetstack-agent/templates/deployment.yaml  |  6 +++++
 .../jetstack-agent/tests/deployment_test.yaml | 24 +++++++++++++++++++
 .../tests/values/custom-volumes.yaml          | 11 +++++++++
 deploy/charts/jetstack-agent/values.yaml      | 16 ++++++++++---
 5 files changed, 59 insertions(+), 5 deletions(-)
 create mode 100644 deploy/charts/jetstack-agent/tests/values/custom-volumes.yaml

diff --git a/deploy/charts/jetstack-agent/README.md b/deploy/charts/jetstack-agent/README.md
index 4c1e8039..5988ab18 100644
--- a/deploy/charts/jetstack-agent/README.md
+++ b/deploy/charts/jetstack-agent/README.md
@@ -133,12 +133,13 @@ kubectl logs -n jetstack-secure $(kubectl get pod -n jetstack-secure -l app.kube
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
+| authentication | object | `{"createSecret":false,"secretKey":"credentials.json","secretName":"agent-credentials","secretValue":"","type":"file"}` | Authentication section for the agent |
 | authentication.createSecret | bool | `false` | Reccomend that you do not use this and instead creat the credential secret outside of helm |
 | authentication.secretKey | string | `"credentials.json"` | Key name in secret |
 | authentication.secretName | string | `"agent-credentials"` | Name of the secret containing agent credentials.json |
 | authentication.secretValue | string | `""` | Base64 encoded value from Jetstack Secure Dashboard - only required when createSecret is true |
 | authentication.type | string | `"file"` | Type can be "file"/"token" determining how the agent should authenticate the to the backend |
-| command | list | `[]` |  |
+| command | list | `[]` | Override the jetstack-agent entrypoint with command list |
 | config | object | `{"cluster":"","dataGatherers":{"custom":[],"default":true},"organisation":"","override":{"config":null,"configmap":{"key":null,"name":null},"enabled":false},"period":"0h1m0s","server":"https://platform.jetstack.io"}` | Configuration section for the Jetstack Agent itself |
 | config.cluster | string | `""` | REQUIRED - Your Jetstack Secure Cluster Name |
 | config.dataGatherers | object | `{"custom":[],"default":true}` | Configure data that is gathered from your cluster, for full details see https://platform.jetstack.io/documentation/configuration/jetstack-agent/configuration |
@@ -151,7 +152,7 @@ kubectl logs -n jetstack-secure $(kubectl get pod -n jetstack-secure -l app.kube
 | config.override.enabled | bool | `false` | Override disabled by default |
 | config.period | string | `"0h1m0s"` | Send data back to the platform every minute unless changed |
 | config.server | string | `"https://platform.jetstack.io"` | Overrides the server if using a proxy between agent and Jetstack Secure |
-| extraArgs | list | `[]` |  |
+| extraArgs | list | `[]` | Add additional arguments to the  |
 | fullnameOverride | string | `""` | Helm default setting, use this to shorten install name |
 | image.pullPolicy | string | `"IfNotPresent"` | Defaults to only pull if not already present |
 | image.repository | string | `"quay.io/jetstack/preflight"` | Default to Open Source image repository |
@@ -174,4 +175,6 @@ kubectl logs -n jetstack-secure $(kubectl get pod -n jetstack-secure -l app.kube
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created @default true |
 | serviceAccount.name | string | `""` |  |
 | tolerations | list | `[]` |  |
+| volumeMounts | list | `[]` | Additional volume mounts to add to the jetstack-agent container. |
+| volumes | list | `[]` | Additional volumes to add to the jetstack-agent pod. |
 
diff --git a/deploy/charts/jetstack-agent/templates/deployment.yaml b/deploy/charts/jetstack-agent/templates/deployment.yaml
index dc087e4f..64b0be22 100644
--- a/deploy/charts/jetstack-agent/templates/deployment.yaml
+++ b/deploy/charts/jetstack-agent/templates/deployment.yaml
@@ -75,6 +75,9 @@ spec:
               mountPath: "/etc/jetstack-secure/agent/credentials"
               readOnly: true
             {{- end }}
+            {{- with .Values.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -103,3 +106,6 @@ spec:
           secret:
             secretName: {{ default "agent-credentials" .Values.authentication.secretName }}
             optional: false
+        {{- with .Values.volumes }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
diff --git a/deploy/charts/jetstack-agent/tests/deployment_test.yaml b/deploy/charts/jetstack-agent/tests/deployment_test.yaml
index bd325a45..c056877c 100644
--- a/deploy/charts/jetstack-agent/tests/deployment_test.yaml
+++ b/deploy/charts/jetstack-agent/tests/deployment_test.yaml
@@ -90,3 +90,27 @@ tests:
       - contains:
           path: spec.template.spec.containers[0].command
           content: notpreflight
+
+  # Check the volumes and volumeMounts works correctly
+  - it: Volumes and VolumenMounts added correctly
+    set:
+      config.organisation: test_org
+      config.cluster: test_cluster
+    values:
+      - ./values/custom-volumes.yaml
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          # In template this comes after credentials and agent config volumeMounts
+          path: spec.template.spec.containers[0].volumeMounts[?(@.name == "cabundle")]
+          value:
+            mountPath: /etc/ssl/certs/
+            name: cabundle
+            readOnly: true     
+      - equal:
+          path: spec.template.spec.volumes[?(@.name == "cabundle")].configmap
+          value:
+            defaultMode: 420
+            name: cabundle
+            optional: true
diff --git a/deploy/charts/jetstack-agent/tests/values/custom-volumes.yaml b/deploy/charts/jetstack-agent/tests/values/custom-volumes.yaml
new file mode 100644
index 00000000..394222c7
--- /dev/null
+++ b/deploy/charts/jetstack-agent/tests/values/custom-volumes.yaml
@@ -0,0 +1,11 @@
+volumes:
+  - name: cabundle
+    configmap:
+      name: cabundle
+      optional: true
+      defaultMode: 0644
+
+volumeMounts:
+  - name: cabundle
+    readOnly: true
+    mountPath: /etc/ssl/certs/
diff --git a/deploy/charts/jetstack-agent/values.yaml b/deploy/charts/jetstack-agent/values.yaml
index 27dab30f..e5116d17 100644
--- a/deploy/charts/jetstack-agent/values.yaml
+++ b/deploy/charts/jetstack-agent/values.yaml
@@ -62,6 +62,19 @@ tolerations: []
 
 affinity: {}
 
+# -- Additional volumes to add to the jetstack-agent pod.
+volumes: []
+
+# -- Additional volume mounts to add to the jetstack-agent container.
+volumeMounts: []
+
+# -- Override the jetstack-agent entrypoint with command list
+command: []
+
+# -- Add additional arguments to the 
+extraArgs: []
+
+# -- Authentication section for the agent
 authentication:
   # -- Reccomend that you do not use this and instead creat the credential secret outside of helm
   createSecret: false 
@@ -74,9 +87,6 @@ authentication:
   # -- Base64 encoded value from Jetstack Secure Dashboard - only required when createSecret is true
   secretValue: ""
 
-command: []
-extraArgs: []
-
 # -- Configuration section for the Jetstack Agent itself
 config:
   # -- Overrides the server if using a proxy between agent and Jetstack Secure

From 294f6083be225b8d092725c1b5ceac03378fcd8b Mon Sep 17 00:00:00 2001
From: Peter <peter.fiddes@gmail.com>
Date: Thu, 20 Jun 2024 13:48:33 +0100
Subject: [PATCH 2/2] docs: Fnish doc string and correct typo

Signed-off-by: Peter <peter.fiddes@gmail.com>
---
 deploy/charts/jetstack-agent/README.md                  | 4 ++--
 deploy/charts/jetstack-agent/tests/deployment_test.yaml | 2 +-
 deploy/charts/jetstack-agent/values.yaml                | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/deploy/charts/jetstack-agent/README.md b/deploy/charts/jetstack-agent/README.md
index 5988ab18..76ca6433 100644
--- a/deploy/charts/jetstack-agent/README.md
+++ b/deploy/charts/jetstack-agent/README.md
@@ -139,7 +139,7 @@ kubectl logs -n jetstack-secure $(kubectl get pod -n jetstack-secure -l app.kube
 | authentication.secretName | string | `"agent-credentials"` | Name of the secret containing agent credentials.json |
 | authentication.secretValue | string | `""` | Base64 encoded value from Jetstack Secure Dashboard - only required when createSecret is true |
 | authentication.type | string | `"file"` | Type can be "file"/"token" determining how the agent should authenticate the to the backend |
-| command | list | `[]` | Override the jetstack-agent entrypoint with command list |
+| command | list | `[]` | Override the jetstack-agent entrypoint with specified command. |
 | config | object | `{"cluster":"","dataGatherers":{"custom":[],"default":true},"organisation":"","override":{"config":null,"configmap":{"key":null,"name":null},"enabled":false},"period":"0h1m0s","server":"https://platform.jetstack.io"}` | Configuration section for the Jetstack Agent itself |
 | config.cluster | string | `""` | REQUIRED - Your Jetstack Secure Cluster Name |
 | config.dataGatherers | object | `{"custom":[],"default":true}` | Configure data that is gathered from your cluster, for full details see https://platform.jetstack.io/documentation/configuration/jetstack-agent/configuration |
@@ -152,7 +152,7 @@ kubectl logs -n jetstack-secure $(kubectl get pod -n jetstack-secure -l app.kube
 | config.override.enabled | bool | `false` | Override disabled by default |
 | config.period | string | `"0h1m0s"` | Send data back to the platform every minute unless changed |
 | config.server | string | `"https://platform.jetstack.io"` | Overrides the server if using a proxy between agent and Jetstack Secure |
-| extraArgs | list | `[]` | Add additional arguments to the  |
+| extraArgs | list | `[]` | Add additional arguments to the default `agent` command. |
 | fullnameOverride | string | `""` | Helm default setting, use this to shorten install name |
 | image.pullPolicy | string | `"IfNotPresent"` | Defaults to only pull if not already present |
 | image.repository | string | `"quay.io/jetstack/preflight"` | Default to Open Source image repository |
diff --git a/deploy/charts/jetstack-agent/tests/deployment_test.yaml b/deploy/charts/jetstack-agent/tests/deployment_test.yaml
index c056877c..72ed79ea 100644
--- a/deploy/charts/jetstack-agent/tests/deployment_test.yaml
+++ b/deploy/charts/jetstack-agent/tests/deployment_test.yaml
@@ -92,7 +92,7 @@ tests:
           content: notpreflight
 
   # Check the volumes and volumeMounts works correctly
-  - it: Volumes and VolumenMounts added correctly
+  - it: Volumes and VolumeMounts added correctly
     set:
       config.organisation: test_org
       config.cluster: test_cluster
diff --git a/deploy/charts/jetstack-agent/values.yaml b/deploy/charts/jetstack-agent/values.yaml
index e5116d17..351b55a7 100644
--- a/deploy/charts/jetstack-agent/values.yaml
+++ b/deploy/charts/jetstack-agent/values.yaml
@@ -68,10 +68,10 @@ volumes: []
 # -- Additional volume mounts to add to the jetstack-agent container.
 volumeMounts: []
 
-# -- Override the jetstack-agent entrypoint with command list
+# -- Override the jetstack-agent entrypoint with specified command.
 command: []
 
-# -- Add additional arguments to the 
+# -- Add additional arguments to the default `agent` command.
 extraArgs: []
 
 # -- Authentication section for the agent