diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
index 6bd671ade803fc7b1e2670895942eb6f54203c3d..a4db6421510ad85fea0717b6fdd6fe66dcb35a0c 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
@@ -133,6 +133,13 @@ spec:
- name: ca-certs
mountPath: /etc/ssl/certs
readOnly: true
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+ - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+ mountPath: {{ dir }}
+ readOnly: true
+{% endfor %}
+{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@@ -148,6 +155,14 @@ spec:
hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+ - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+ hostPath:
+ path: {{ dir }}
+ type: DirectoryOrCreate
+{% endfor %}
+{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
hostPath:
diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
index 3cdf9bb94442c333f4eb9da3cd6da5b9e8aab155..41f922a2fb7d8a221e7ed52c2bec56f4b33c318e 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
@@ -89,6 +89,13 @@ spec:
- name: ca-certs
mountPath: /etc/ssl/certs
readOnly: true
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+ - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+ mountPath: {{ dir }}
+ readOnly: true
+{% endfor %}
+{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@@ -118,6 +125,14 @@ spec:
hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+ - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+ hostPath:
+ path: {{ dir }}
+ type: DirectoryOrCreate
+{% endfor %}
+{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
hostPath:
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
index 5b0819d8ba7682aac4d3334643ff3eb5a9b58f46..6649a24ec9d596cad38c38a2b0428984df0e61be 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
@@ -57,6 +57,13 @@ spec:
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+ - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+ mountPath: {{ dir }}
+ readOnly: true
+{% endfor %}
+{% endif %}
- mountPath: /etc/config/cloud.conf
name: cloud-config-volume
readOnly: true
@@ -78,19 +85,27 @@ spec:
hostNetwork: true
volumes:
{% if kubelet_flexvolumes_plugins_dir is defined %}
- - hostPath:
+ - name: flexvolume-dir
+ hostPath:
path: "{{ kubelet_flexvolumes_plugins_dir }}"
type: DirectoryOrCreate
- name: flexvolume-dir
{% endif %}
- - hostPath:
+ - name: k8s-certs
+ hostPath:
path: /etc/kubernetes/pki
type: DirectoryOrCreate
- name: k8s-certs
- - hostPath:
+ - name: ca-certs
+ hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
- name: ca-certs
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+ - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+ hostPath:
+ path: {{ dir }}
+ type: DirectoryOrCreate
+{% endfor %}
+{% endif %}
- name: cloud-config-volume
secret:
secretName: external-openstack-cloud-config