Merge pull request #885 from slagle/service-name

Add EDPMRoleServiceName to OpenstackDataPlaneServiceCert
openstack-k8s-operators · May 22, 2024 · cfea5fc · cfea5fc
2 parents db0a1fe + 05539a6
commit cfea5fc
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 1 deletion.
diff --git a/api/bases/dataplane.openstack.org_openstackdataplaneservices.yaml b/api/bases/dataplane.openstack.org_openstackdataplaneservices.yaml
@@ -67,6 +67,8 @@ spec:
                       type: string
                     minItems: 1
                     type: array
+                  edpmRoleServiceName:
+                    type: string
                   issuer:
                     type: string
                   keyUsages:

diff --git a/api/v1beta1/openstackdataplaneservice_types.go b/api/v1beta1/openstackdataplaneservice_types.go
@@ -45,6 +45,15 @@ type OpenstackDataPlaneServiceCert struct {
 	// KeyUsages to be added to the issued cert
 	// +kubebuilder:validation:Optional
 	KeyUsages []certmgrv1.KeyUsage `json:"keyUsages,omitempty" yaml:"keyUsages,omitempty"`
+
+	// EDPMRoleServiceName is the value of the <role>_service_name variable from
+	// the edpm-ansible role where this certificate is used. For example if the
+	// certificate is for edpm_ovn from edpm-ansible, EDPMRoleServiceName must be
+	// ovn, which matches the edpm_ovn_service_name variable from the role.  If
+	// not set, OpenStackDataPlaneService.Spec.EDPMServiceName is used. If
+	// OpenStackDataPlaneService.Spec.EDPMServiceName is not set, then
+	// OpenStackDataPlaneService.Name is used.
+	EDPMRoleServiceName string `json:"edpmRoleServiceName,omitempty"`
 }
 
 // OpenStackDataPlaneServiceSpec defines the desired state of OpenStackDataPlaneService

diff --git a/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml b/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml
@@ -67,6 +67,8 @@ spec:
                       type: string
                     minItems: 1
                     type: array
+                  edpmRoleServiceName:
+                    type: string
                   issuer:
                     type: string
                   keyUsages:

diff --git a/docs/assemblies/custom_resources.adoc b/docs/assemblies/custom_resources.adoc
@@ -405,6 +405,11 @@ OpenstackDataPlaneServiceCert defines the property of a TLS cert issued for a da
 | KeyUsages to be added to the issued cert
 | []certmgrv1.KeyUsage
 | false
+
+| edpmRoleServiceName
+| EDPMRoleServiceName is the value of the +++<role>+++_service_name variable from the edpm-ansible role where this certificate is used. For example if the certificate is for edpm_ovn from edpm-ansible, EDPMRoleServiceName must be ovn, which matches the edpm_ovn_service_name variable from the role. If not set, OpenStackDataPlaneService.Spec.EDPMServiceName is used. If OpenStackDataPlaneService.Spec.EDPMServiceName is not set, then OpenStackDataPlaneService.Name is used.+++</role>+++
+| string
+| false
 |===
 
 <<custom-resources,Back to Custom Resources>>

diff --git a/pkg/deployment/deployment.go b/pkg/deployment/deployment.go
@@ -273,9 +273,15 @@ func (d *Deployer) addCertMounts(
 					Projected: &projectedVolumeSource,
 				},
 			}
+			certMountDir := service.Spec.TLSCert.EDPMRoleServiceName
+			if certMountDir == "" && service.Spec.EDPMServiceName != "" {
+				certMountDir = service.Spec.EDPMServiceName
+			} else {
+				certMountDir = service.Name
+			}
 			certVolumeMount := corev1.VolumeMount{
 				Name:      GetServiceCertsSecretName(d.NodeSet, service.Name, 0),
-				MountPath: path.Join(CertPaths, service.Name),
+				MountPath: path.Join(CertPaths, certMountDir),
 			}
 			volMounts.Volumes = append(volMounts.Volumes, certVolume)
 			volMounts.Mounts = append(volMounts.Mounts, certVolumeMount)