Add apiserver.crt to service-catalog controller-manager deployment.

2 files changed, 21 insertions, 0 deletions

diff --git a/roles/openshift_service_catalog/tasks/generate_certs.yml b/roles/openshift_service_catalog/tasks/generate_certs.yml
index 5f17d2dbd..416bdac70 100644
--- a/roles/openshift_service_catalog/tasks/generate_certs.yml
+++ b/roles/openshift_service_catalog/tasks/generate_certs.yml
@@ -36,6 +36,15 @@
     - name: tls.key
       path: "{{ generated_certs_dir }}/apiserver.key"
 
+- name: Create service-catalog-ssl secret
+  oc_secret:
+    state: present
+    name: service-catalog-ssl
+    namespace: kube-service-catalog
+    files:
+    - name: tls.crt
+      path: "{{ generated_certs_dir }}/apiserver.crt"
+
 - slurp:
     src: "{{ generated_certs_dir }}/ca.crt"
   register: apiserver_ca
diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2
index da52558f3..2272cbb44 100644
--- a/roles/openshift_service_catalog/templates/controller_manager.j2
+++ b/roles/openshift_service_catalog/templates/controller_manager.j2
@@ -46,7 +46,19 @@ spec:
           protocol: TCP
         resources: {}
         terminationMessagePath: /dev/termination-log
+        volumeMounts:
+        - mountPath: /var/run/kubernetes-service-catalog
+          name: service-catalog-ssl
+          readOnly: true
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       securityContext: {}
       terminationGracePeriodSeconds: 30
+      volumes:
+      - name: service-catalog-ssl
+        secret:
+          defaultMode: 420
+          items:
+          - key: tls.crt
+            path: apiserver.crt
+          secretName: apiserver-ssl