Mount cacert file in cinder-csi-nodeplugin ds

vexxhost · Sep 20, 2023 · 03d3baf · 03d3baf
1 parent cba602b
commit 03d3baf
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/magnum_cluster_api/manifests/cinder-csi/cinder-csi-nodeplugin.yaml b/magnum_cluster_api/manifests/cinder-csi/cinder-csi-nodeplugin.yaml
@@ -83,6 +83,9 @@ spec:
         - mountPath: /etc/config/cloud.conf
           name: secret-cinderplugin
           readOnly: true
+        - mountPath: /etc/config/ca.crt
+          name: cloud-ca-cert-volume
+          readOnly: true
       hostNetwork: true
       securityContext:
         runAsUser: 0
@@ -110,3 +113,7 @@ spec:
           path: /etc/kubernetes/cloud.conf
           type: File
         name: secret-cinderplugin
+      - hostPath:
+          path: /etc/kubernetes/cloud_ca.crt
+          type: File
+        name: cloud-ca-cert-volume
diff --git a/tools/sync-cinder-csi-manifests b/tools/sync-cinder-csi-manifests
@@ -84,6 +84,20 @@ for manifest in MANIFESTS:
             }
             del doc["spec"]["template"]["spec"]["volumes"][4]["secret"]
 
+            # NOTE(okozachenko1203): Add `/etc/kuberentes/cloud_ca.crt`.
+            doc["spec"]["template"]["spec"]["containers"][2]["volumeMounts"].append({
+                "name": "cloud-ca-cert-volume",
+                "readOnly": True,
+                "mountPath": "/etc/config/ca.crt",
+            })
+            doc["spec"]["template"]["spec"]["volumes"].append({
+                "name": "cloud-ca-cert-volume",
+                "hostPath": {
+                    "type": "File",
+                    "path": "/etc/kubernetes/cloud_ca.crt",
+                },
+            })
+
             # NOTE(mnaser): We need to run as root in order to read the `cloud.conf`
             #               file from the host.
             doc["spec"]["template"]["spec"]["securityContext"] = {