UPSTREAM: <carry>: generate and mount service-ca server cert

Signed-off-by: Joe Lanford <[email protected]>

Author: joelanford

openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml

@@ -7,6 +7,10 @@ resources:
   - ../../../../../config/base/manager
 
 patches:
+  - target:
+      kind: Service
+      name: service
+    path: patches/manager_service.yaml
   - target:
       kind: ClusterRole
       name: manager-role
@@ -15,6 +19,10 @@ patches:
       kind: Deployment
       name: controller-manager
     path: patches/manager_deployment_ca.yaml
+  - target:
+      kind: Deployment
+      name: controller-manager
+    path: patches/manager_deployment_certs.yaml
   - target:
       kind: Deployment
       name: controller-manager

openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml

@@ -0,0 +1,12 @@
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"operator-controller-certs", "secret":{"optional":false,"secretName":"operator-controller-cert"}}
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"operator-controller-certs", "mountPath":"/var/certs"}
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: "--tls-cert=/var/certs/tls.crt"
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: "--tls-key=/var/certs/tls.key"

openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_service.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: /metadata/annotations
+  value:
+    service.beta.openshift.io/serving-cert-secret-name: operator-controller-cert