From e8df2bcdd655ceb24eb039ebefb30d7140ba16a9 Mon Sep 17 00:00:00 2001
From: Roman Hros <roman.hros@dnation.cloud>
Date: Thu, 15 Aug 2024 08:33:30 +0200
Subject: [PATCH] Add cacert support for CSPO and CAPO

Helm '.Files' object cannot be used for files external to the chart

Signed-off-by: Roman Hros <roman.hros@dnation.cloud>
---
 README.md                   | 2 ++
 templates/cloud-secret.yaml | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 591d67e..72c9f0a 100644
--- a/README.md
+++ b/README.md
@@ -3,3 +3,5 @@ This chart can be used to create a new namespace and two secrets for the cluster
 ```
 helm upgrade -i <tenant>-credentials -n <tenant> --create-namespace https://github.com/SovereignCloudStack/openstack-csp-helper/releases/latest/download/openstack-csp-helper.tgz -f clouds.yaml
 ```
+
+If OpenStack API is protected by the certificate issued by custom CA, add `--set cacert="$(cat /path/to/cacert)"` to the helm command.
diff --git a/templates/cloud-secret.yaml b/templates/cloud-secret.yaml
index 53be3e3..eff0555 100644
--- a/templates/cloud-secret.yaml
+++ b/templates/cloud-secret.yaml
@@ -1,8 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cloud_name" . }} 
+  name: {{ include "cloud_name" . }}
 data:
   cloudName: {{ include "cloud_name" . | b64enc }}
   clouds.yaml: {{ toYaml .Values | b64enc }}
+  {{- if .Values.cacert }}
+  cacert: {{ .Values.cacert | b64enc }}
+  {{- end }}
 type: Opaque