STOR-2770: Generate Azure Disk and File CSI Driver Operator metrics serving certs by HCP controller

control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go

@@ -1731,6 +1731,20 @@ func (r *HostedControlPlaneReconciler) reconcilePKI(ctx context.Context, hcp *hy
 			return fmt.Errorf("failed to reconcile %s secret: %w", azureWorkloadIdentityWebhookServingCert.Name, err)
 		}
 
+		// Azure-disk CSI driver Operator metrics Serving Cert
+		AzureDiskCsiDriverOperatorServingCert := manifests.AzureDiskCSIDriverOperatorServingCertSecret(hcp.Namespace)
+		AzureDiskCsiDriverOperatorService := manifests.AzureDiskCSIDriverOperatorMetricsService(hcp.Namespace)
+		err := removeServiceCAAnnotationAndSecret(ctx, r.Client, AzureDiskCsiDriverOperatorService, AzureDiskCsiDriverOperatorServingCert)
+		if err != nil {
+			r.Log.Error(err, "failed to remove service ca annotation and secret: %w")
+		}
+		if _, err = createOrUpdate(ctx, r, AzureDiskCsiDriverOperatorServingCert, func() error {
+			z := pki.ReconcileAzureDiskCsiDriverOperatorMetricsServingCertSecret(AzureDiskCsiDriverOperatorServingCert, rootCASecret, p.OwnerRef)
+			return z
+		}); err != nil {
+			return fmt.Errorf("failed to reconcile azure-disk csi driver operator serving cert: %w", err)
+		}
+
 		azureDiskCsiDriverControllerMetricsService := manifests.AzureDiskCsiDriverControllerMetricsService(hcp.Namespace)
 		if err = r.Get(ctx, client.ObjectKeyFromObject(azureDiskCsiDriverControllerMetricsService), azureDiskCsiDriverControllerMetricsService); err != nil {
 			if !apierrors.IsNotFound(err) {
@@ -1753,6 +1767,20 @@ func (r *HostedControlPlaneReconciler) reconcilePKI(ctx context.Context, hcp *hy
 			}
 		}
 
+		// Azure-file CSI driver Operator metrics Serving Cert
+		AzureFileCsiDriverOperatorServingCert := manifests.AzureFileCSIDriverOperatorServingCertSecret(hcp.Namespace)
+		AzureFileCsiDriverOperatorService := manifests.AzureFileCSIDriverOperatorMetricsService(hcp.Namespace)
+		err = removeServiceCAAnnotationAndSecret(ctx, r.Client, AzureFileCsiDriverOperatorService, AzureFileCsiDriverOperatorServingCert)
+		if err != nil {
+			r.Log.Error(err, "failed to remove service ca annotation and secret: %w")
+		}
+		if _, err = createOrUpdate(ctx, r, AzureFileCsiDriverOperatorServingCert, func() error {
+			z := pki.ReconcileAzureFileCsiDriverOperatorMetricsServingCertSecret(AzureFileCsiDriverOperatorServingCert, rootCASecret, p.OwnerRef)
+			return z
+		}); err != nil {
+			return fmt.Errorf("failed to reconcile azure-file csi driver operator serving cert: %w", err)
+		}
+
 		azureFileCsiDriverControllerMetricsService := manifests.AzureFileCsiDriverControllerMetricsService(hcp.Namespace)
 		if err = r.Get(ctx, client.ObjectKeyFromObject(azureFileCsiDriverControllerMetricsService), azureFileCsiDriverControllerMetricsService); err != nil {
 			if !apierrors.IsNotFound(err) {

control-plane-operator/controllers/hostedcontrolplane/manifests/azure_disk_csi_driver_operator.go

@@ -0,0 +1,19 @@
+package manifests
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Metrics
+func AzureDiskCSIDriverOperatorMetricsService(namespace string) *corev1.Service {
+	return &corev1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "azure-disk-csi-driver-operator",
+			Namespace: namespace,
+		},
+		Spec: corev1.ServiceSpec{
+			ClusterIP: "None",
+		},
+	}
+}

control-plane-operator/controllers/hostedcontrolplane/manifests/azure_file_csi_driver_operator.go

@@ -0,0 +1,19 @@
+package manifests
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Metrics
+func AzureFileCSIDriverOperatorMetricsService(namespace string) *corev1.Service {
+	return &corev1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "azure-file-csi-driver-operator",
+			Namespace: namespace,
+		},
+		Spec: corev1.ServiceSpec{
+			ClusterIP: "None",
+		},
+	}
+}

control-plane-operator/controllers/hostedcontrolplane/manifests/pki.go

@@ -324,6 +324,14 @@ func ClusterNodeTuningOperatorServingCertSecret(ns string) *corev1.Secret {
 	return secretFor(ns, "node-tuning-operator-tls")
 }
 
+func AzureDiskCSIDriverOperatorServingCertSecret(ns string) *corev1.Secret {
+	return secretFor(ns, "azure-disk-csi-driver-operator-serving-cert")
+}
+
+func AzureFileCSIDriverOperatorServingCertSecret(ns string) *corev1.Secret {
+	return secretFor(ns, "azure-file-csi-driver-operator-serving-cert")
+}
+
 func OLMPackageServerCertSecret(ns string) *corev1.Secret { return secretFor(ns, "packageserver-cert") }
 
 func OLMOperatorServingCertSecret(ns string) *corev1.Secret {

control-plane-operator/controllers/hostedcontrolplane/pki/azure_disk_csi_driver_operator.go

@@ -0,0 +1,19 @@
+package pki
+
+import (
+	"fmt"
+
+	"github.com/openshift/hypershift/support/config"
+
+	corev1 "k8s.io/api/core/v1"
+)
+
+func ReconcileAzureDiskCsiDriverOperatorMetricsServingCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error {
+	dnsNames := []string{
+		fmt.Sprintf("azure-disk-csi-driver-operator.%s.svc", secret.Namespace),
+		fmt.Sprintf("azure-disk-csi-driver-operator.%s.svc.cluster.local", secret.Namespace),
+		"azure-disk-csi-driver-operator",
+		"localhost",
+	}
+	return reconcileSignedCertWithAddresses(secret, ca, ownerRef, "azure-disk-csi-driver-operator", []string{"openshift"}, X509UsageClientServerAuth, dnsNames, nil)
+}

control-plane-operator/controllers/hostedcontrolplane/pki/azure_file_csi_driver_operator.go

@@ -0,0 +1,19 @@
+package pki
+
+import (
+	"fmt"
+
+	"github.com/openshift/hypershift/support/config"
+
+	corev1 "k8s.io/api/core/v1"
+)
+
+func ReconcileAzureFileCsiDriverOperatorMetricsServingCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error {
+	dnsNames := []string{
+		fmt.Sprintf("azure-file-csi-driver-operator.%s.svc", secret.Namespace),
+		fmt.Sprintf("azure-file-csi-driver-operator.%s.svc.cluster.local", secret.Namespace),
+		"azure-file-csi-driver-operator",
+		"localhost",
+	}
+	return reconcileSignedCertWithAddresses(secret, ca, ownerRef, "azure-file-csi-driver-operator", []string{"openshift"}, X509UsageClientServerAuth, dnsNames, nil)
+}