From 03d3bafb8bb8e309575881f9a39cf675723e8c9c Mon Sep 17 00:00:00 2001 From: okozachenko1203 Date: Tue, 19 Sep 2023 13:09:44 +0000 Subject: [PATCH] Mount cacert file in cinder-csi-nodeplugin ds --- .../cinder-csi/cinder-csi-nodeplugin.yaml | 7 +++++++ tools/sync-cinder-csi-manifests | 14 ++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/magnum_cluster_api/manifests/cinder-csi/cinder-csi-nodeplugin.yaml b/magnum_cluster_api/manifests/cinder-csi/cinder-csi-nodeplugin.yaml index d11189b9..89407465 100644 --- a/magnum_cluster_api/manifests/cinder-csi/cinder-csi-nodeplugin.yaml +++ b/magnum_cluster_api/manifests/cinder-csi/cinder-csi-nodeplugin.yaml @@ -83,6 +83,9 @@ spec: - mountPath: /etc/config/cloud.conf name: secret-cinderplugin readOnly: true + - mountPath: /etc/config/ca.crt + name: cloud-ca-cert-volume + readOnly: true hostNetwork: true securityContext: runAsUser: 0 @@ -110,3 +113,7 @@ spec: path: /etc/kubernetes/cloud.conf type: File name: secret-cinderplugin + - hostPath: + path: /etc/kubernetes/cloud_ca.crt + type: File + name: cloud-ca-cert-volume diff --git a/tools/sync-cinder-csi-manifests b/tools/sync-cinder-csi-manifests index 03ae8a9d..722384fe 100755 --- a/tools/sync-cinder-csi-manifests +++ b/tools/sync-cinder-csi-manifests @@ -84,6 +84,20 @@ for manifest in MANIFESTS: } del doc["spec"]["template"]["spec"]["volumes"][4]["secret"] + # NOTE(okozachenko1203): Add `/etc/kuberentes/cloud_ca.crt`. + doc["spec"]["template"]["spec"]["containers"][2]["volumeMounts"].append({ + "name": "cloud-ca-cert-volume", + "readOnly": True, + "mountPath": "/etc/config/ca.crt", + }) + doc["spec"]["template"]["spec"]["volumes"].append({ + "name": "cloud-ca-cert-volume", + "hostPath": { + "type": "File", + "path": "/etc/kubernetes/cloud_ca.crt", + }, + }) + # NOTE(mnaser): We need to run as root in order to read the `cloud.conf` # file from the host. doc["spec"]["template"]["spec"]["securityContext"] = {