From 4dc1ec1a8893819bc6315c73d7d565e9c4697fb8 Mon Sep 17 00:00:00 2001
From: Slawek Kaplonski <skaplons@redhat.com>
Date: Thu, 16 Apr 2026 16:31:46 +0200
Subject: [PATCH] Optionally mount "ovn-rbac-pki-ca" in the edpm_ovn service
 POD

This new secret is created by the ovn-operator with patch [1] and
contains OVN SB DB certificate which next is used to sign certificates
used by the ovn-controller on each of the edpm nodes.
This is required to use OVN RBAC for the connection between
ovn-controllers and ovn southband DB.

[1] https://github.com/openstack-k8s-operators/ovn-operator/pull/541

Related: #OSPRH-1921

Signed-off-by: Slawek Kaplonski <skaplons@redhat.com>
---
 .../dataplane_v1beta1_openstackdataplaneservice_ovn.yaml       | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/services/dataplane_v1beta1_openstackdataplaneservice_ovn.yaml b/config/services/dataplane_v1beta1_openstackdataplaneservice_ovn.yaml
index 7dbad97a9c..bab10621d9 100644
--- a/config/services/dataplane_v1beta1_openstackdataplaneservice_ovn.yaml
+++ b/config/services/dataplane_v1beta1_openstackdataplaneservice_ovn.yaml
@@ -7,6 +7,9 @@ spec:
   dataSources:
     - configMapRef:
         name: ovncontroller-config
+    - secretRef:
+        name: ovn-rbac-pki-ca
+        optional: true
   tlsCerts:
     default:
       contents: