diff --git a/api/bases/dataplane.openstack.org_openstackdataplaneservices.yaml b/api/bases/dataplane.openstack.org_openstackdataplaneservices.yaml index c9555ddae..c55f2ff8d 100644 --- a/api/bases/dataplane.openstack.org_openstackdataplaneservices.yaml +++ b/api/bases/dataplane.openstack.org_openstackdataplaneservices.yaml @@ -67,6 +67,8 @@ spec: type: string minItems: 1 type: array + edpmRoleServiceName: + type: string issuer: type: string keyUsages: diff --git a/api/v1beta1/openstackdataplaneservice_types.go b/api/v1beta1/openstackdataplaneservice_types.go index 09ca40410..53b95437a 100644 --- a/api/v1beta1/openstackdataplaneservice_types.go +++ b/api/v1beta1/openstackdataplaneservice_types.go @@ -45,6 +45,15 @@ type OpenstackDataPlaneServiceCert struct { // KeyUsages to be added to the issued cert // +kubebuilder:validation:Optional KeyUsages []certmgrv1.KeyUsage `json:"keyUsages,omitempty" yaml:"keyUsages,omitempty"` + + // EDPMRoleServiceName is the value of the _service_name variable from + // the edpm-ansible role where this certificate is used. For example if the + // certificate is for edpm_ovn from edpm-ansible, EDPMRoleServiceName must be + // ovn, which matches the edpm_ovn_service_name variable from the role. If + // not set, OpenStackDataPlaneService.Spec.EDPMServiceName is used. If + // OpenStackDataPlaneService.Spec.EDPMServiceName is not set, then + // OpenStackDataPlaneService.Name is used. + EDPMRoleServiceName string `json:"edpmRoleServiceName,omitempty"` } // OpenStackDataPlaneServiceSpec defines the desired state of OpenStackDataPlaneService diff --git a/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml b/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml index c9555ddae..c55f2ff8d 100644 --- a/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml +++ b/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml @@ -67,6 +67,8 @@ spec: type: string minItems: 1 type: array + edpmRoleServiceName: + type: string issuer: type: string keyUsages: diff --git a/docs/assemblies/custom_resources.adoc b/docs/assemblies/custom_resources.adoc index e1e3741be..52404ffcf 100644 --- a/docs/assemblies/custom_resources.adoc +++ b/docs/assemblies/custom_resources.adoc @@ -405,6 +405,11 @@ OpenstackDataPlaneServiceCert defines the property of a TLS cert issued for a da | KeyUsages to be added to the issued cert | []certmgrv1.KeyUsage | false + +| edpmRoleServiceName +| EDPMRoleServiceName is the value of the ++++++_service_name variable from the edpm-ansible role where this certificate is used. For example if the certificate is for edpm_ovn from edpm-ansible, EDPMRoleServiceName must be ovn, which matches the edpm_ovn_service_name variable from the role. If not set, OpenStackDataPlaneService.Spec.EDPMServiceName is used. If OpenStackDataPlaneService.Spec.EDPMServiceName is not set, then OpenStackDataPlaneService.Name is used.++++++ +| string +| false |=== <> diff --git a/pkg/deployment/deployment.go b/pkg/deployment/deployment.go index 623822bfa..7d6be12f2 100644 --- a/pkg/deployment/deployment.go +++ b/pkg/deployment/deployment.go @@ -273,9 +273,15 @@ func (d *Deployer) addCertMounts( Projected: &projectedVolumeSource, }, } + certMountDir := service.Spec.TLSCert.EDPMRoleServiceName + if certMountDir == "" && service.Spec.EDPMServiceName != "" { + certMountDir = service.Spec.EDPMServiceName + } else { + certMountDir = service.Name + } certVolumeMount := corev1.VolumeMount{ Name: GetServiceCertsSecretName(d.NodeSet, service.Name, 0), - MountPath: path.Join(CertPaths, service.Name), + MountPath: path.Join(CertPaths, certMountDir), } volMounts.Volumes = append(volMounts.Volumes, certVolume) volMounts.Mounts = append(volMounts.Mounts, certVolumeMount)