From 19388a40523cd07985a91365d73b9d78d8c251e9 Mon Sep 17 00:00:00 2001
From: Ashera Silva <asherasilva100@gmail.com>
Date: Tue, 3 Oct 2023 19:54:14 +0530
Subject: [PATCH] Add truststore

---
 .../common-controller-deployment.yaml               | 13 ++++++++++++-
 .../gateway-runtime/gateway-runtime-deployment.yaml | 10 ++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/helm-charts/templates/data-plane/gateway-components/common-controller/common-controller-deployment.yaml b/helm-charts/templates/data-plane/gateway-components/common-controller/common-controller-deployment.yaml
index a1c80a0bc3..c7ac80df8a 100644
--- a/helm-charts/templates/data-plane/gateway-components/common-controller/common-controller-deployment.yaml
+++ b/helm-charts/templates/data-plane/gateway-components/common-controller/common-controller-deployment.yaml
@@ -42,6 +42,8 @@ spec:
           ports:
             - containerPort: 18005
               protocol: TCP
+            - containerPort: 18002
+              protocol: TCP
 {{ include "apk-helm.deployment.resources" .Values.wso2.apk.dp.commonController.deployment.resources | indent 10 }}
 {{ include "apk-helm.deployment.env" .Values.wso2.apk.dp.commonController.deployment.env | indent 10 }}
           - name: OPERATOR_POD_NAMESPACE
@@ -77,6 +79,8 @@ spec:
               subPath: ca.crt
             {{- end }}
         {{ if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.ratelimiter.enabled }}
+            - name: enforcer-truststore-secret-volume
+              mountPath: /home/wso2/security/truststore/enforcer.crt
             - name: ratelimiter-truststore-secret-volume
               mountPath: /home/wso2/security/truststore/ratelimiter.crt
             {{- if and .Values.wso2.apk.dp.ratelimiter.configs .Values.wso2.apk.dp.ratelimiter.configs.tls }}
@@ -122,7 +126,7 @@ spec:
         runAsNonRoot: true
         seccompProfile:
           type: "RuntimeDefault"
-      volumes: 
+      volumes:
         - name: common-controller-keystore-secret-volume
           secret:
           {{- if and .Values.wso2.apk.dp.commonController.configs .Values.wso2.apk.dp.commonController.configs.tls }}
@@ -138,6 +142,13 @@ spec:
           secret:
             secretName: {{ template "apk-helm.resource.prefix" . }}-webhook-server-cert
             defaultMode: 420
+        - name: enforcer-truststore-secret-volume
+          secret: 
+          {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }}
+            secretName: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls.secretName | default (printf "%s-enforcer-server-cert" (include "apk-helm.resource.prefix" .)) }}
+          {{- else }}
+            secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-server-cert
+          {{- end }}
       {{ if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.ratelimiter.enabled }}
         - name: ratelimiter-truststore-secret-volume
           secret:
diff --git a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml
index 869da2f4d7..0596e57025 100644
--- a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml
+++ b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml
@@ -146,6 +146,8 @@ spec:
             {{- end }}
             - name: adapter-truststore-secret-volume
               mountPath: /home/wso2/security/truststore/adapter.crt
+            - name: common-controller-truststore-secret-volume
+              mountPath: /home/wso2/security/truststore/adapter.pem
             {{- if and .Values.wso2.apk.dp.adapter.configs .Values.wso2.apk.dp.adapter.configs.tls }}
               subPath: {{ .Values.wso2.apk.dp.adapter.configs.tls.certFilename | default "tls.crt" }}
             {{- else }}
@@ -338,6 +340,14 @@ spec:
             secretName: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-server-cert
           {{- end }}
       {{ end }}
+        - name: common-controller-truststore-secret-volume
+          secret:
+          {{- if and .Values.wso2.apk.dp.commonController.configs .Values.wso2.apk.dp.commonController.configs.tls }}
+            secretName: {{ .Values.wso2.apk.dp.commonController.configs.tls.secretName | default (printf "%s-common-controller-server-cert" (include "apk-helm.resource.prefix" .)) }}
+          {{- else }}
+            secretName: {{ template "apk-helm.resource.prefix" . }}-common-controller-server-cert
+          {{- end }}
+            defaultMode: 420
         - name: enforcer-keystore-secret-volume
           secret: 
             {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }}