store openstack external cloud controller ca.cert in a k8s secret instead of the host filesystem (#7603)

roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config-secret.yml.j2

@@ -8,3 +8,4 @@ metadata:
   namespace: kube-system
 data:
   cloud.conf: {{ external_openstack_cloud_config_secret.content }}
+  ca.cert: {{ external_openstack_cacert_b64.content | default("") }}

roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2

@@ -61,14 +61,14 @@ spec:
             - mountPath: /etc/ssl/certs
               name: ca-certs
               readOnly: true
-            - mountPath: /etc/config
+            - mountPath: /etc/config/cloud.conf
               name: cloud-config-volume
               readOnly: true
-{% if external_openstack_cacert is defined and external_openstack_cacert != "" %}
+              subPath: cloud.conf
             - mountPath: {{ kube_config_dir }}/external-openstack-cacert.pem
-              name: openstack-cacert
+              name: cloud-config-volume
               readOnly: true
-{% endif %}
+              subPath: ca.cert
 {% if kubelet_flexvolumes_plugins_dir is defined %}
             - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
               name: flexvolume-dir
@@ -98,9 +98,3 @@ spec:
       - name: cloud-config-volume
         secret:
           secretName: external-openstack-cloud-config
-{% if external_openstack_cacert is defined and external_openstack_cacert != "" %}
-      - hostPath:
-          path: {{ kube_config_dir }}/external-openstack-cacert.pem
-          type: FileOrCreate
-        name: openstack-cacert
-{% endif %}