From 43510a18cb9b66e1c9e0fb938a6584668d8aa2a2 Mon Sep 17 00:00:00 2001
From: Akshay Saini <109056238+AkshaySainiDell@users.noreply.github.com>
Date: Wed, 8 Jan 2025 13:28:02 +0530
Subject: [PATCH] Update CSI-PowerMax to mount reverse proxy TLS secret within
 driver container (#588)

* Mount tls secret into driver container

* Update node.yaml

* Add IP to SAN
---
 .../charts/csireverseproxy/templates/certificate.yaml      | 2 ++
 charts/csi-powermax/templates/controller.yaml              | 4 ++++
 charts/csi-powermax/templates/node.yaml                    | 7 +++++++
 3 files changed, 13 insertions(+)

diff --git a/charts/csi-powermax/charts/csireverseproxy/templates/certificate.yaml b/charts/csi-powermax/charts/csireverseproxy/templates/certificate.yaml
index 7ef65ac3..e91882bd 100644
--- a/charts/csi-powermax/charts/csireverseproxy/templates/certificate.yaml
+++ b/charts/csi-powermax/charts/csireverseproxy/templates/certificate.yaml
@@ -59,6 +59,8 @@ spec:
     - powermax-reverseproxy
     - powermax-reverseproxy.powermax.svc.cluster.local
     - reverseproxy
+  ipAddresses:
+    - 0.0.0.0
   issuerRef:
   {{- if ne .Values.certManager.selfSignedCert true }}
     name: csirevproxy-issuer
diff --git a/charts/csi-powermax/templates/controller.yaml b/charts/csi-powermax/templates/controller.yaml
index d8b77471..fc96b1b9 100644
--- a/charts/csi-powermax/templates/controller.yaml
+++ b/charts/csi-powermax/templates/controller.yaml
@@ -497,6 +497,8 @@ spec:
             {{- end }}
             - name: X_CSI_PODMON_API_PORT
               value: "{{ .Values.podmon.podmonAPIPort }}"
+            - name: X_CSI_REVPROXY_TLS_CERT_DIR
+              value: /app/tls
           volumeMounts:
             - name: socket-dir
               mountPath: /var/run/csi
@@ -507,6 +509,8 @@ spec:
               mountPath: /powermax-config-params
             - name: powermax-array-config
               mountPath: /powermax-array-config
+            - name: tls-secret
+              mountPath: /app/tls
         {{- if eq .Values.csireverseproxy.deployAsSidecar true }}
         - name: reverseproxy
           image: {{ required "Must provided an image for reverseproxy container." .Values.images.csireverseproxy.image }}
diff --git a/charts/csi-powermax/templates/node.yaml b/charts/csi-powermax/templates/node.yaml
index 54bcbdb7..f753aec0 100644
--- a/charts/csi-powermax/templates/node.yaml
+++ b/charts/csi-powermax/templates/node.yaml
@@ -255,6 +255,8 @@ spec:
             {{- end }}
             - name: X_CSI_PODMON_API_PORT
               value: "{{ .Values.podmon.podmonAPIPort }}"
+            - name: X_CSI_REVPROXY_TLS_CERT_DIR
+              value: /app/tls
           volumeMounts:
             - name: driver-path
               mountPath: {{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com
@@ -285,6 +287,8 @@ spec:
               mountPath: /node-topology-config
             {{- end }}
             {{- end }}
+            - name: tls-secret
+              mountPath: /app/tls
         - name: registrar
           image: {{ required "Must provide the CSI node registrar container image." .Values.images.registrar.image }}
           args:
@@ -508,3 +512,6 @@ spec:
           hostPath:
             path: /var/run
             type: Directory
+        - name: tls-secret
+          secret:
+            secretName: {{ .Values.csireverseproxy.tlsSecret }}