From a6cf1f6c14c38b61c6ae8096048aad7bdd15955d Mon Sep 17 00:00:00 2001
From: kota2and3kan <47254383+kota2and3kan@users.noreply.github.com>
Date: Fri, 5 Apr 2024 16:32:37 +0900
Subject: [PATCH 1/4] [scalar-admin-for-kubernetes] Support TLS in Scalar Admin
 for Kubernetes chart

---
 charts/scalar-admin-for-kubernetes/README.md          |  1 +
 .../templates/_helpers.tpl                            | 11 +++++++++++
 charts/scalar-admin-for-kubernetes/values.schema.json |  8 ++++++++
 charts/scalar-admin-for-kubernetes/values.yaml        |  4 ++++
 4 files changed, 24 insertions(+)

diff --git a/charts/scalar-admin-for-kubernetes/README.md b/charts/scalar-admin-for-kubernetes/README.md
index bb46f770..b4a73198 100644
--- a/charts/scalar-admin-for-kubernetes/README.md
+++ b/charts/scalar-admin-for-kubernetes/README.md
@@ -28,5 +28,6 @@ Current chart version is `2.0.0-SNAPSHOT`.
 | scalarAdminForKubernetes.securityContext.runAsNonRoot | bool | `true` | Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). |
 | scalarAdminForKubernetes.serviceAccount.automountServiceAccountToken | bool | `true` | Specify whether to mount a service account token or not. |
 | scalarAdminForKubernetes.serviceAccount.serviceAccountName | string | `""` | Name of the existing service account resource. |
+| scalarAdminForKubernetes.tls.caRootCertSecret | string | `""` | Name of the Secret containing the custom CA root certificate for TLS communication. |
 | scalarAdminForKubernetes.tolerations | list | `[]` | Tolerations are applied to pods and allow (but do not require) the pods to schedule onto nodes with matching taints. |
 | scalarAdminForKubernetes.ttlSecondsAfterFinished | int | `0` | ttlSecondsAfterFinished value for the job resource. |
diff --git a/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl b/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl
index c0f620a4..3a80918a 100644
--- a/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl
+++ b/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl
@@ -101,6 +101,17 @@ template:
           {{- range .Values.scalarAdminForKubernetes.commandArgs }}
           - {{ . | quote }}
           {{- end }}
+        {{- if .Values.scalarAdminForKubernetes.tls.caRootCertSecret }}
+        volumeMounts:
+          - name: tls-ca-root-volume
+            mountPath: /tls/certs
+        {{- end }}
+    {{- if .Values.scalarAdminForKubernetes.tls.caRootCertSecret }}
+    volumes:
+      - name: tls-ca-root-volume
+        secret:
+          secretName: {{ .Values.scalarAdminForKubernetes.tls.caRootCertSecret }}
+    {{- end }}
     {{- with .Values.scalarAdminForKubernetes.nodeSelector }}
     nodeSelector:
       {{- toYaml . | nindent 8 }}
diff --git a/charts/scalar-admin-for-kubernetes/values.schema.json b/charts/scalar-admin-for-kubernetes/values.schema.json
index ac0ff8a8..7df10aa2 100644
--- a/charts/scalar-admin-for-kubernetes/values.schema.json
+++ b/charts/scalar-admin-for-kubernetes/values.schema.json
@@ -111,6 +111,14 @@
                         }
                     }
                 },
+                "tls": {
+                    "type": "object",
+                    "properties": {
+                        "caRootCertSecret": {
+                            "type": "string"
+                        }
+                    }
+                },
                 "tolerations": {
                     "type": "array"
                 },
diff --git a/charts/scalar-admin-for-kubernetes/values.yaml b/charts/scalar-admin-for-kubernetes/values.yaml
index cb9df008..655553d7 100644
--- a/charts/scalar-admin-for-kubernetes/values.yaml
+++ b/charts/scalar-admin-for-kubernetes/values.yaml
@@ -89,3 +89,7 @@ scalarAdminForKubernetes:
 
   # -- ttlSecondsAfterFinished value for the job resource.
   ttlSecondsAfterFinished: 0
+
+  tls:
+    # -- Name of the Secret containing the custom CA root certificate for TLS communication.
+    caRootCertSecret: ""

From ee1e4c84ecc33f9ffe1012eee7f84d0ae40bb178 Mon Sep 17 00:00:00 2001
From: kota2and3kan <47254383+kota2and3kan@users.noreply.github.com>
Date: Fri, 5 Apr 2024 16:43:18 +0900
Subject: [PATCH 2/4] Update description

---
 charts/scalar-admin-for-kubernetes/README.md   | 2 +-
 charts/scalar-admin-for-kubernetes/values.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/scalar-admin-for-kubernetes/README.md b/charts/scalar-admin-for-kubernetes/README.md
index b4a73198..06ecdec3 100644
--- a/charts/scalar-admin-for-kubernetes/README.md
+++ b/charts/scalar-admin-for-kubernetes/README.md
@@ -28,6 +28,6 @@ Current chart version is `2.0.0-SNAPSHOT`.
 | scalarAdminForKubernetes.securityContext.runAsNonRoot | bool | `true` | Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). |
 | scalarAdminForKubernetes.serviceAccount.automountServiceAccountToken | bool | `true` | Specify whether to mount a service account token or not. |
 | scalarAdminForKubernetes.serviceAccount.serviceAccountName | string | `""` | Name of the existing service account resource. |
-| scalarAdminForKubernetes.tls.caRootCertSecret | string | `""` | Name of the Secret containing the custom CA root certificate for TLS communication. |
+| scalarAdminForKubernetes.tls.caRootCertSecret | string | `""` | Name of the Secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on /tls/certs/ directory. |
 | scalarAdminForKubernetes.tolerations | list | `[]` | Tolerations are applied to pods and allow (but do not require) the pods to schedule onto nodes with matching taints. |
 | scalarAdminForKubernetes.ttlSecondsAfterFinished | int | `0` | ttlSecondsAfterFinished value for the job resource. |
diff --git a/charts/scalar-admin-for-kubernetes/values.yaml b/charts/scalar-admin-for-kubernetes/values.yaml
index 655553d7..087f4268 100644
--- a/charts/scalar-admin-for-kubernetes/values.yaml
+++ b/charts/scalar-admin-for-kubernetes/values.yaml
@@ -91,5 +91,5 @@ scalarAdminForKubernetes:
   ttlSecondsAfterFinished: 0
 
   tls:
-    # -- Name of the Secret containing the custom CA root certificate for TLS communication.
+    # -- Name of the Secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on /tls/certs/ directory.
     caRootCertSecret: ""

From 3ba800893b33307b7f2eb35bbf02a6acdaf18c75 Mon Sep 17 00:00:00 2001
From: kota2and3kan <47254383+kota2and3kan@users.noreply.github.com>
Date: Thu, 11 Apr 2024 19:18:17 +0900
Subject: [PATCH 3/4] Apply suggestions from code review

Co-authored-by: Josh Wong <joshua.wong@scalar-labs.com>
---
 charts/scalar-admin-for-kubernetes/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/scalar-admin-for-kubernetes/README.md b/charts/scalar-admin-for-kubernetes/README.md
index 06ecdec3..6a4a4b94 100644
--- a/charts/scalar-admin-for-kubernetes/README.md
+++ b/charts/scalar-admin-for-kubernetes/README.md
@@ -28,6 +28,6 @@ Current chart version is `2.0.0-SNAPSHOT`.
 | scalarAdminForKubernetes.securityContext.runAsNonRoot | bool | `true` | Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). |
 | scalarAdminForKubernetes.serviceAccount.automountServiceAccountToken | bool | `true` | Specify whether to mount a service account token or not. |
 | scalarAdminForKubernetes.serviceAccount.serviceAccountName | string | `""` | Name of the existing service account resource. |
-| scalarAdminForKubernetes.tls.caRootCertSecret | string | `""` | Name of the Secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on /tls/certs/ directory. |
+| scalarAdminForKubernetes.tls.caRootCertSecret | string | `""` | Name of the secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on the /tls/certs/ directory. |
 | scalarAdminForKubernetes.tolerations | list | `[]` | Tolerations are applied to pods and allow (but do not require) the pods to schedule onto nodes with matching taints. |
 | scalarAdminForKubernetes.ttlSecondsAfterFinished | int | `0` | ttlSecondsAfterFinished value for the job resource. |

From 7284cae78c1a61600f39370dfd0ab6063fe05963 Mon Sep 17 00:00:00 2001
From: kota2and3kan <47254383+kota2and3kan@users.noreply.github.com>
Date: Thu, 11 Apr 2024 19:18:39 +0900
Subject: [PATCH 4/4] Update values.yaml

---
 charts/scalar-admin-for-kubernetes/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/scalar-admin-for-kubernetes/values.yaml b/charts/scalar-admin-for-kubernetes/values.yaml
index 087f4268..e9cee7fd 100644
--- a/charts/scalar-admin-for-kubernetes/values.yaml
+++ b/charts/scalar-admin-for-kubernetes/values.yaml
@@ -91,5 +91,5 @@ scalarAdminForKubernetes:
   ttlSecondsAfterFinished: 0
 
   tls:
-    # -- Name of the Secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on /tls/certs/ directory.
+    # -- Name of the secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on /tls/certs/ directory.
     caRootCertSecret: ""