From 09d876edad202962072fd00974e73b728d7001d0 Mon Sep 17 00:00:00 2001
From: Kevin Huang <git@kevin.huang.to>
Date: Fri, 7 Oct 2022 15:21:44 +0200
Subject: [PATCH] fix(external-openstack): Do not override /etc/ssl/certs

---
 .../cinder/templates/cinder-csi-controllerplugin.yml.j2    | 7 -------
 .../cinder/templates/cinder-csi-nodeplugin.yml.j2          | 7 -------
 .../external-openstack-cloud-controller-manager-ds.yml.j2  | 7 -------
 3 files changed, 21 deletions(-)

diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
index 6bd671ade..d5a808535 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
@@ -130,9 +130,6 @@ spec:
             - name: secret-cinderplugin
               mountPath: /etc/config
               readOnly: true
-            - name: ca-certs
-              mountPath: /etc/ssl/certs
-              readOnly: true
 {% if cinder_cacert is defined and cinder_cacert != "" %}
             - name: cinder-cacert
               mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@@ -144,10 +141,6 @@ spec:
         - name: secret-cinderplugin
           secret:
             secretName: cloud-config
-        - name: ca-certs
-          hostPath:
-            path: /etc/ssl/certs
-            type: DirectoryOrCreate
 {% if cinder_cacert is defined and cinder_cacert != "" %}
         - name: cinder-cacert
           hostPath:
diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
index d0a86bd9f..855c7f509 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
@@ -89,9 +89,6 @@ spec:
             - name: secret-cinderplugin
               mountPath: /etc/config
               readOnly: true
-            - name: ca-certs
-              mountPath: /etc/ssl/certs
-              readOnly: true
 {% if cinder_cacert is defined and cinder_cacert != "" %}
             - name: cinder-cacert
               mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@@ -121,10 +118,6 @@ spec:
         - name: secret-cinderplugin
           secret:
             secretName: cloud-config
-        - name: ca-certs
-          hostPath:
-            path: /etc/ssl/certs
-            type: DirectoryOrCreate
 {% if cinder_cacert is defined and cinder_cacert != "" %}
         - name: cinder-cacert
           hostPath:
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
index f191bbefa..9c1ea7fc8 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
@@ -54,9 +54,6 @@ spec:
             - mountPath: /etc/kubernetes/pki
               name: k8s-certs
               readOnly: true
-            - mountPath: /etc/ssl/certs
-              name: ca-certs
-              readOnly: true
             - mountPath: /etc/config/cloud.conf
               name: cloud-config-volume
               readOnly: true
@@ -87,10 +84,6 @@ spec:
           path: /etc/kubernetes/pki
           type: DirectoryOrCreate
         name: k8s-certs
-      - hostPath:
-          path: /etc/ssl/certs
-          type: DirectoryOrCreate
-        name: ca-certs
       - name: cloud-config-volume
         secret:
           secretName: external-openstack-cloud-config