From 9b182bb7471be4a38430ac118b1b7498725481dc Mon Sep 17 00:00:00 2001
From: Maxim Patlasov <mpt@redhat.com>
Date: Wed, 18 Mar 2026 15:56:21 -0700
Subject: [PATCH 1/3] STOR-2770: Mount metrics certs of azure-disk and
 azure-file CSI driver operator for Hypershift

This commit simply reverts https://github.com/openshift/cluster-storage-operator/pull/662/changes/5ea0443ecbdd4b0f062d7786af62cf243d3bd7c8 . It must be safe to revert it because Hypershift CPO generates metrics certs for us now.
---
 .../azure-disk/base/08_deployment.yaml                 |  6 ++++++
 ...s_v1_deployment_azure-disk-csi-driver-operator.yaml |  6 ++++++
 .../azure-disk/standalone/deployment.patch.yaml        | 10 ----------
 ...s_v1_deployment_azure-disk-csi-driver-operator.yaml | 10 +++++-----
 .../azure-file/base/08_deployment.yaml                 |  6 ++++++
 ...s_v1_deployment_azure-file-csi-driver-operator.yaml |  6 ++++++
 .../azure-file/standalone/deployment.patch.yaml        | 10 ----------
 ...s_v1_deployment_azure-file-csi-driver-operator.yaml | 10 +++++-----
 8 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/assets/csidriveroperators/azure-disk/base/08_deployment.yaml b/assets/csidriveroperators/azure-disk/base/08_deployment.yaml
index 822ebd5b3..56dad657d 100644
--- a/assets/csidriveroperators/azure-disk/base/08_deployment.yaml
+++ b/assets/csidriveroperators/azure-disk/base/08_deployment.yaml
@@ -69,6 +69,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp
           name: tmp
+        - mountPath: /var/run/secrets/serving-cert
+          name: serving-cert
       serviceAccountName: azure-disk-csi-driver-operator
       securityContext:
         runAsNonRoot: true
@@ -78,3 +80,7 @@ spec:
       - name: tmp
         emptyDir:
           medium: Memory
+      - name: serving-cert
+        secret:
+          defaultMode: 420
+          secretName: azure-disk-csi-driver-operator-serving-cert
diff --git a/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml b/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml
index 7e65c2afd..5b47683ad 100644
--- a/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml
+++ b/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml
@@ -108,6 +108,8 @@ spec:
           name: guest-kubeconfig
         - mountPath: /tmp
           name: tmp
+        - mountPath: /var/run/secrets/serving-cert
+          name: serving-cert
       priorityClassName: hypershift-control-plane
       securityContext:
         runAsNonRoot: true
@@ -132,3 +134,7 @@ spec:
       - emptyDir:
           medium: Memory
         name: tmp
+      - name: serving-cert
+        secret:
+          defaultMode: 420
+          secretName: azure-disk-csi-driver-operator-serving-cert
diff --git a/assets/csidriveroperators/azure-disk/standalone/deployment.patch.yaml b/assets/csidriveroperators/azure-disk/standalone/deployment.patch.yaml
index 29a3c23fc..b84f27219 100644
--- a/assets/csidriveroperators/azure-disk/standalone/deployment.patch.yaml
+++ b/assets/csidriveroperators/azure-disk/standalone/deployment.patch.yaml
@@ -14,13 +14,3 @@ spec:
         - key: node-role.kubernetes.io/master
           operator: Exists
           effect: "NoSchedule"
-      containers:
-      - name: azure-disk-csi-driver-operator
-        volumeMounts:
-        - mountPath: /var/run/secrets/serving-cert
-          name: serving-cert
-      volumes:
-      - name: serving-cert
-        secret:
-          defaultMode: 420
-          secretName: azure-disk-csi-driver-operator-serving-cert
diff --git a/assets/csidriveroperators/azure-disk/standalone/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml b/assets/csidriveroperators/azure-disk/standalone/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml
index 2ae2114a1..73eb7907d 100644
--- a/assets/csidriveroperators/azure-disk/standalone/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml
+++ b/assets/csidriveroperators/azure-disk/standalone/generated/apps_v1_deployment_azure-disk-csi-driver-operator.yaml
@@ -67,10 +67,10 @@ spec:
           readOnlyRootFilesystem: true
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
-        - mountPath: /var/run/secrets/serving-cert
-          name: serving-cert
         - mountPath: /tmp
           name: tmp
+        - mountPath: /var/run/secrets/serving-cert
+          name: serving-cert
       nodeSelector:
         node-role.kubernetes.io/master: ""
       priorityClassName: system-cluster-critical
@@ -86,10 +86,10 @@ spec:
         key: node-role.kubernetes.io/master
         operator: Exists
       volumes:
+      - emptyDir:
+          medium: Memory
+        name: tmp
       - name: serving-cert
         secret:
           defaultMode: 420
           secretName: azure-disk-csi-driver-operator-serving-cert
-      - emptyDir:
-          medium: Memory
-        name: tmp
diff --git a/assets/csidriveroperators/azure-file/base/08_deployment.yaml b/assets/csidriveroperators/azure-file/base/08_deployment.yaml
index a52c1f553..37593d078 100644
--- a/assets/csidriveroperators/azure-file/base/08_deployment.yaml
+++ b/assets/csidriveroperators/azure-file/base/08_deployment.yaml
@@ -69,6 +69,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp
           name: tmp
+        - mountPath: /var/run/secrets/serving-cert
+          name: serving-cert
       serviceAccountName: azure-file-csi-driver-operator
       securityContext:
         runAsNonRoot: true
@@ -78,3 +80,7 @@ spec:
       - name: tmp
         emptyDir:
           medium: Memory
+      - name: serving-cert
+        secret:
+          defaultMode: 420
+          secretName: azure-file-csi-driver-operator-serving-cert
diff --git a/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml b/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml
index acf3ce6a3..5f52ce230 100644
--- a/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml
+++ b/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml
@@ -108,6 +108,8 @@ spec:
           name: guest-kubeconfig
         - mountPath: /tmp
           name: tmp
+        - mountPath: /var/run/secrets/serving-cert
+          name: serving-cert
       priorityClassName: hypershift-control-plane
       securityContext:
         runAsNonRoot: true
@@ -132,3 +134,7 @@ spec:
       - emptyDir:
           medium: Memory
         name: tmp
+      - name: serving-cert
+        secret:
+          defaultMode: 420
+          secretName: azure-file-csi-driver-operator-serving-cert
diff --git a/assets/csidriveroperators/azure-file/standalone/deployment.patch.yaml b/assets/csidriveroperators/azure-file/standalone/deployment.patch.yaml
index d986bc075..f57ccd226 100644
--- a/assets/csidriveroperators/azure-file/standalone/deployment.patch.yaml
+++ b/assets/csidriveroperators/azure-file/standalone/deployment.patch.yaml
@@ -14,13 +14,3 @@ spec:
         - key: node-role.kubernetes.io/master
           operator: Exists
           effect: "NoSchedule"
-      containers:
-      - name: azure-file-csi-driver-operator
-        volumeMounts:
-        - mountPath: /var/run/secrets/serving-cert
-          name: serving-cert
-      volumes:
-      - name: serving-cert
-        secret:
-          defaultMode: 420
-          secretName: azure-file-csi-driver-operator-serving-cert
diff --git a/assets/csidriveroperators/azure-file/standalone/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml b/assets/csidriveroperators/azure-file/standalone/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml
index c4394c03d..45d6c607f 100644
--- a/assets/csidriveroperators/azure-file/standalone/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml
+++ b/assets/csidriveroperators/azure-file/standalone/generated/apps_v1_deployment_azure-file-csi-driver-operator.yaml
@@ -67,10 +67,10 @@ spec:
           readOnlyRootFilesystem: true
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
-        - mountPath: /var/run/secrets/serving-cert
-          name: serving-cert
         - mountPath: /tmp
           name: tmp
+        - mountPath: /var/run/secrets/serving-cert
+          name: serving-cert
       nodeSelector:
         node-role.kubernetes.io/master: ""
       priorityClassName: system-cluster-critical
@@ -86,10 +86,10 @@ spec:
         key: node-role.kubernetes.io/master
         operator: Exists
       volumes:
+      - emptyDir:
+          medium: Memory
+        name: tmp
       - name: serving-cert
         secret:
           defaultMode: 420
           secretName: azure-file-csi-driver-operator-serving-cert
-      - emptyDir:
-          medium: Memory
-        name: tmp

From ee8266b09970def7df76ca064b6833749bf2f958 Mon Sep 17 00:00:00 2001
From: Maxim Patlasov <mpt@redhat.com>
Date: Tue, 3 Mar 2026 18:48:38 -0800
Subject: [PATCH 2/3] hypershift: remove `serving-cert-secret-name` annotation
 from azure-disk operator Service for hypershift mgmt cluster

---
 .../v1_service_azure-disk-csi-driver-operator-metrics.yaml    | 2 --
 .../azure-disk/hypershift/mgmt/hypershift_service.patch.yaml  | 2 ++
 .../azure-disk/hypershift/mgmt/kustomization.yaml             | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 assets/csidriveroperators/azure-disk/hypershift/mgmt/hypershift_service.patch.yaml

diff --git a/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/v1_service_azure-disk-csi-driver-operator-metrics.yaml b/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/v1_service_azure-disk-csi-driver-operator-metrics.yaml
index 2aefd68ba..33f94a018 100644
--- a/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/v1_service_azure-disk-csi-driver-operator-metrics.yaml
+++ b/assets/csidriveroperators/azure-disk/hypershift/mgmt/generated/v1_service_azure-disk-csi-driver-operator-metrics.yaml
@@ -1,8 +1,6 @@
 apiVersion: v1
 kind: Service
 metadata:
-  annotations:
-    service.beta.openshift.io/serving-cert-secret-name: azure-disk-csi-driver-operator-serving-cert
   labels:
     app: azure-disk-csi-driver-operator
   name: azure-disk-csi-driver-operator-metrics
diff --git a/assets/csidriveroperators/azure-disk/hypershift/mgmt/hypershift_service.patch.yaml b/assets/csidriveroperators/azure-disk/hypershift/mgmt/hypershift_service.patch.yaml
new file mode 100644
index 000000000..0d16e39fb
--- /dev/null
+++ b/assets/csidriveroperators/azure-disk/hypershift/mgmt/hypershift_service.patch.yaml
@@ -0,0 +1,2 @@
+- op: "remove"
+  path: "/metadata/annotations/service.beta.openshift.io~1serving-cert-secret-name"
diff --git a/assets/csidriveroperators/azure-disk/hypershift/mgmt/kustomization.yaml b/assets/csidriveroperators/azure-disk/hypershift/mgmt/kustomization.yaml
index daddceaca..d0af7545d 100644
--- a/assets/csidriveroperators/azure-disk/hypershift/mgmt/kustomization.yaml
+++ b/assets/csidriveroperators/azure-disk/hypershift/mgmt/kustomization.yaml
@@ -10,6 +10,10 @@ patches:
     target:
       kind: Role
       version: v1
+  - path: hypershift_service.patch.yaml
+    target:
+      kind: Service
+      version: v1
   - path: deployment.patch.yaml
     target:
       kind: Deployment

From c1a8d27e919c1471cdfc37c00770f880df886d26 Mon Sep 17 00:00:00 2001
From: Maxim Patlasov <mpt@redhat.com>
Date: Tue, 3 Mar 2026 18:53:55 -0800
Subject: [PATCH 3/3] hypershift: remove `serving-cert-secret-name` annotation
 from azure-file operator Service for hypershift mgmt cluster

---
 .../v1_service_azure-file-csi-driver-operator-metrics.yaml    | 2 --
 .../azure-file/hypershift/mgmt/hypershift_service.patch.yaml  | 2 ++
 .../azure-file/hypershift/mgmt/kustomization.yaml             | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 assets/csidriveroperators/azure-file/hypershift/mgmt/hypershift_service.patch.yaml

diff --git a/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/v1_service_azure-file-csi-driver-operator-metrics.yaml b/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/v1_service_azure-file-csi-driver-operator-metrics.yaml
index 3466f00da..8e1e0c2b7 100644
--- a/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/v1_service_azure-file-csi-driver-operator-metrics.yaml
+++ b/assets/csidriveroperators/azure-file/hypershift/mgmt/generated/v1_service_azure-file-csi-driver-operator-metrics.yaml
@@ -1,8 +1,6 @@
 apiVersion: v1
 kind: Service
 metadata:
-  annotations:
-    service.beta.openshift.io/serving-cert-secret-name: azure-file-csi-driver-operator-serving-cert
   labels:
     app: azure-file-csi-driver-operator
   name: azure-file-csi-driver-operator-metrics
diff --git a/assets/csidriveroperators/azure-file/hypershift/mgmt/hypershift_service.patch.yaml b/assets/csidriveroperators/azure-file/hypershift/mgmt/hypershift_service.patch.yaml
new file mode 100644
index 000000000..0d16e39fb
--- /dev/null
+++ b/assets/csidriveroperators/azure-file/hypershift/mgmt/hypershift_service.patch.yaml
@@ -0,0 +1,2 @@
+- op: "remove"
+  path: "/metadata/annotations/service.beta.openshift.io~1serving-cert-secret-name"
diff --git a/assets/csidriveroperators/azure-file/hypershift/mgmt/kustomization.yaml b/assets/csidriveroperators/azure-file/hypershift/mgmt/kustomization.yaml
index daddceaca..d0af7545d 100644
--- a/assets/csidriveroperators/azure-file/hypershift/mgmt/kustomization.yaml
+++ b/assets/csidriveroperators/azure-file/hypershift/mgmt/kustomization.yaml
@@ -10,6 +10,10 @@ patches:
     target:
       kind: Role
       version: v1
+  - path: hypershift_service.patch.yaml
+    target:
+      kind: Service
+      version: v1
   - path: deployment.patch.yaml
     target:
       kind: Deployment