From 4b3220bb2d6cfd04738d0bdb52f60816f99cd142 Mon Sep 17 00:00:00 2001
From: Jason Frey <fryguy9@gmail.com>
Date: Thu, 14 Dec 2023 09:49:12 -0500
Subject: [PATCH] Merge pull request #22773 from nasark/messaging_cert_default

Mount messaging cert if root not present

(cherry picked from commit 3baa1f3f5156b4fbc80f12697e935c0fe51bad8b)
---
 .../object_definition.rb                      | 19 +++++++++++++++++++
 spec/lib/container_orchestrator_spec.rb       |  4 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/lib/container_orchestrator/object_definition.rb b/lib/container_orchestrator/object_definition.rb
index 29e35ae6dd3..1811318cb02 100644
--- a/lib/container_orchestrator/object_definition.rb
+++ b/lib/container_orchestrator/object_definition.rb
@@ -111,6 +111,25 @@ def deployment_definition(name)
             ],
           }
         }
+      else
+        deployment[:spec][:template][:spec][:containers][0][:volumeMounts] ||= []
+        deployment[:spec][:template][:spec][:containers][0][:volumeMounts] << {
+          :mountPath => "/etc/pki/ca-trust/source/anchors",
+          :name      => "messaging-certificate",
+          :readOnly  => true,
+        }
+
+        deployment[:spec][:template][:spec][:volumes] ||= []
+        deployment[:spec][:template][:spec][:volumes] << {
+          :name   => "messaging-certificate",
+          :secret => {
+            :secretName => "manageiq-cluster-ca-cert",
+            :items      => [
+              :key  => "ca.crt",
+              :path => "ca.crt",
+            ],
+          }
+        }
       end
 
       deployment
diff --git a/spec/lib/container_orchestrator_spec.rb b/spec/lib/container_orchestrator_spec.rb
index 48c046becb7..4ef9d7fd3a5 100644
--- a/spec/lib/container_orchestrator_spec.rb
+++ b/spec/lib/container_orchestrator_spec.rb
@@ -139,8 +139,8 @@
 
       deployment_definition = subject.send(:deployment_definition, "test")
 
-      expect(deployment_definition.fetch_path(:spec, :template, :spec, :containers, 0, :volumeMounts).length).to eq(2)
-      expect(deployment_definition.fetch_path(:spec, :template, :spec, :volumes).length).to eq(2)
+      expect(deployment_definition.fetch_path(:spec, :template, :spec, :containers, 0, :volumeMounts).length).to eq(3)
+      expect(deployment_definition.fetch_path(:spec, :template, :spec, :volumes).length).to eq(3)
     end
 
     it "mounts the database root certificate" do