improve docs

Author: nikitka

api/v1alpha1/common_types.go

@@ -48,6 +48,9 @@ type RemoteSpec struct {
 
 // GenerateCABundleContainer configures the init container that builds
 // the built-in CA store with the user-provided CA bundle or CA from TLS-enabled services.
+// If enabled is false, the operator does not add this init container, but when certificates or
+// TLS-enabled services are configured it still mounts /etc/ssl/certs so users can provide their
+// own init container to populate the trust store.
 type GenerateCABundleContainer struct {
 	// (Optional) Enables the init container that builds the built-in CA store.
 	// If not specified, the init container is enabled.

api/v1alpha1/database_types.go

@@ -68,6 +68,8 @@ type DatabaseClusterSpec struct {
 
 	// (Optional) Configure the init container that builds the built-in CA store.
 	// When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+	// If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+	// mounted so you can provide your own init container to populate the trust store.
 	// If `enabled` is not specified, the init container is enabled.
 	// +optional
 	GenerateCABundleContainer *GenerateCABundleContainer `json:"generateCABundleContainer,omitempty"`

api/v1alpha1/storage_types.go

@@ -62,6 +62,8 @@ type StorageClusterSpec struct {
 
 	// (Optional) Configure the init container that builds the built-in CA store.
 	// When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+	// If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+	// mounted so you can provide your own init container to populate the trust store.
 	// If `enabled` is not specified, the init container is enabled.
 	// +optional
 	GenerateCABundleContainer *GenerateCABundleContainer `json:"generateCABundleContainer,omitempty"`

deploy/ydb-operator/crds/database.yaml

@@ -1040,6 +1040,8 @@ spec:
                 description: |-
                   (Optional) Configure the init container that builds the built-in CA store.
                   When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+                  If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+                  mounted so you can provide your own init container to populate the trust store.
                   If `enabled` is not specified, the init container is enabled.
                 properties:
                   enabled:

deploy/ydb-operator/crds/databasenodeset.yaml

@@ -1055,6 +1055,8 @@ spec:
                 description: |-
                   (Optional) Configure the init container that builds the built-in CA store.
                   When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+                  If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+                  mounted so you can provide your own init container to populate the trust store.
                   If `enabled` is not specified, the init container is enabled.
                 properties:
                   enabled:

deploy/ydb-operator/crds/remotedatabasenodeset.yaml

@@ -1056,6 +1056,8 @@ spec:
                 description: |-
                   (Optional) Configure the init container that builds the built-in CA store.
                   When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+                  If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+                  mounted so you can provide your own init container to populate the trust store.
                   If `enabled` is not specified, the init container is enabled.
                 properties:
                   enabled:

deploy/ydb-operator/crds/remotestoragenodeset.yaml

@@ -1210,6 +1210,8 @@ spec:
                 description: |-
                   (Optional) Configure the init container that builds the built-in CA store.
                   When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+                  If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+                  mounted so you can provide your own init container to populate the trust store.
                   If `enabled` is not specified, the init container is enabled.
                 properties:
                   enabled:

deploy/ydb-operator/crds/storage.yaml

@@ -1209,6 +1209,8 @@ spec:
                 description: |-
                   (Optional) Configure the init container that builds the built-in CA store.
                   When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+                  If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+                  mounted so you can provide your own init container to populate the trust store.
                   If `enabled` is not specified, the init container is enabled.
                 properties:
                   enabled:

deploy/ydb-operator/crds/storagenodeset.yaml

@@ -1209,6 +1209,8 @@ spec:
                 description: |-
                   (Optional) Configure the init container that builds the built-in CA store.
                   When any certificates or TLS-enabled services are configured, the shared cert volumes are added.
+                  If `enabled=false`, the operator does not add this init container, but /etc/ssl/certs is still
+                  mounted so you can provide your own init container to populate the trust store.
                   If `enabled` is not specified, the init container is enabled.
                 properties:
                   enabled: