Add custom root ca certificate via configmap

Signed-off-by: Brant Evans <bevans@redhat.com>

installer/roles/kubernetes/templates/deployment.yml.j2

@@ -171,6 +171,12 @@ spec:
               value: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 {% endif %}
           volumeMounts:
+{% if postgres_root_ca_cert is defined %}
+            - name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+              mountPath: {{ ca_trust_bundle }}
+              subPath: {{ postgres_root_ca_filename }}
+              readOnly: true
+{% endif %}
             - name: supervisor-socket
               mountPath: "/var/run/supervisor"
             - name: rsyslog-socket
@@ -258,6 +264,12 @@ spec:
             - /usr/bin/launch_awx_task.sh
           imagePullPolicy: Always
           volumeMounts:
+{% if postgres_root_ca_cert is defined %}
+            - name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+              mountPath: {{ ca_trust_bundle }}
+              subPath: {{ postgres_root_ca_filename }}
+              readOnly: true
+{% endif %}
             - name: supervisor-socket
               mountPath: "/var/run/supervisor"
             - name: rsyslog-socket
@@ -386,6 +398,14 @@ spec:
 {{ affinity | to_nice_yaml(indent=2) | indent(width=8, indentfirst=True) }}
 {% endif %}
       volumes:
+{% if postgres_root_ca_cert is defined %}
+        - name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+          configMap:
+            name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+            items:
+            - key: postgres_root_ca.crt
+              path: postgres_root_ca.crt
+{% endif %}
         - name: supervisor-socket
           emptyDir: {}
         - name: rsyslog-socket

installer/roles/kubernetes/templates/management-pod.yml.j2

@@ -25,7 +25,12 @@ spec:
           mountPath: "/etc/tower/settings.py"
           subPath: settings.py
           readOnly: true
-
+{% if postgres_root_ca_cert is defined %}
+        - name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+          mountPath: {{ ca_trust_bundle }}
+          subPath: {{ postgres_root_ca_filename }}
+          readOnly: true
+{% endif %}
         - name: "{{ kubernetes_deployment_name }}-application-credentials"
           mountPath: "/etc/tower/conf.d/"
           readOnly: true
@@ -70,7 +75,14 @@ spec:
         items:
           - key: {{ kubernetes_deployment_name }}_settings
             path: settings.py
-
+{% if postgres_root_ca_cert is defined %}
+    - name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+      configMap:
+        name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+        items:
+        - key: postgres_root_ca.crt
+          path: postgres_root_ca.crt
+{% endif %}
     - name: {{ kubernetes_deployment_name }}-secret-key
       secret:
         secretName: "{{ kubernetes_deployment_name }}-secrets"

installer/roles/kubernetes/templates/postgres_root_ca.yml.j2

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
+  namespace: {{ kubernetes_namespace }}
+data:
+  postgres_root_ca.crt: |
+    {{ postgres_root_ca_cert | indent(width=4) }}