Set combined-ca-bundle as the default CACerts secret name

If one misses to add the CACerts parameter to an OpenStackDataPlaneService
the resulting deployment won't receive the cacert bundle. This
defaults to combined-ca-bundle, which is also set in all the default
services.

Signed-off-by: Martin Schuppert <[email protected]>

Author: stuggi

apis/bases/dataplane.openstack.org_openstackdataplaneservices.yaml

@@ -35,6 +35,7 @@ spec:
                 default: false
                 type: boolean
               caCerts:
+                default: combined-ca-bundle
                 maxLength: 253
                 type: string
               certsFrom:

apis/dataplane/v1beta1/openstackdataplaneservice_types.go

@@ -75,7 +75,8 @@ type OpenStackDataPlaneServiceSpec struct {
 	// CACerts - Secret containing the CA certificate chain
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:validation:MaxLength:=253
-	CACerts string `json:"caCerts,omitempty" yaml:"caCerts,omitempty"`
+	// +kubebuilder:default="combined-ca-bundle"
+	CACerts string `json:"caCerts" yaml:"caCerts"`
 
 	// OpenStackAnsibleEERunnerImage image to use as the ansibleEE runner image
 	// +kubebuilder:validation:Optional

config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml

@@ -35,6 +35,7 @@ spec:
                 default: false
                 type: boolean
               caCerts:
+                default: combined-ca-bundle
                 maxLength: 253
                 type: string
               certsFrom:

tests/kuttl/tests/dataplane-deploy-global-service-test/01-assert.yaml

@@ -805,6 +805,8 @@ spec:
           name: libvirt-combined-ca-bundle
         - mountPath: /var/lib/openstack/cacerts/nova
           name: nova-combined-ca-bundle
+        - mountPath: /var/lib/openstack/cacerts/custom-global-service
+          name: custom-global-service-combined-ca-bundle
         - mountPath: /runner/env/ssh_key
           name: ssh-key
           subPath: ssh_key
@@ -846,6 +848,10 @@ spec:
         secret:
           defaultMode: 420
           secretName: combined-ca-bundle
+      - name: custom-global-service-combined-ca-bundle
+        secret:
+          defaultMode: 420
+          secretName: combined-ca-bundle
       - name: ssh-key
         secret:
           defaultMode: 420

tests/kuttl/tests/dataplane-deploy-multiple-secrets/02-assert.yaml

@@ -179,6 +179,8 @@ spec:
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
         volumeMounts:
+        - mountPath: /var/lib/openstack/cacerts/install-certs-ovr
+          name: install-certs-ovr-combined-ca-bundle
         - mountPath: /var/lib/openstack/certs/generic-service1/default
           name: openstack-edpm-tls-generic-service1-default-certs-0
         - mountPath: /var/lib/openstack/cacerts/generic-service1
@@ -196,6 +198,10 @@ spec:
       serviceAccountName: openstack-edpm-tls
       terminationGracePeriodSeconds: 30
       volumes:
+      - name: install-certs-ovr-combined-ca-bundle
+        secret:
+          defaultMode: 420
+          secretName: combined-ca-bundle
       - name: openstack-edpm-tls-generic-service1-default-certs-0
         projected:
           defaultMode: 420

tests/kuttl/tests/dataplane-deploy-tls-test/02-assert.yaml

@@ -212,6 +212,8 @@ spec:
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
         volumeMounts:
+        - mountPath: /var/lib/openstack/cacerts/install-certs-ovrd
+          name: install-certs-ovrd-combined-ca-bundle
         - mountPath: /var/lib/openstack/certs/tls-dnsnames/default
           name: openstack-edpm-tls-tls-dnsnames-default-certs-0
         - mountPath: /var/lib/openstack/certs/tls-dnsnames/second
@@ -231,6 +233,10 @@ spec:
       serviceAccountName: openstack-edpm-tls
       terminationGracePeriodSeconds: 30
       volumes:
+      - name: install-certs-ovrd-combined-ca-bundle
+        secret:
+          defaultMode: 420
+          secretName: combined-ca-bundle
       - name: openstack-edpm-tls-tls-dnsnames-default-certs-0
         projected:
           defaultMode: 420