Add apiserver.crt to service-catalog controller-manager deployment.

roles/openshift_service_catalog/tasks/generate_certs.yml

@@ -36,6 +36,15 @@
     - name: tls.key
       path: "{{ generated_certs_dir }}/apiserver.key"
 
+- name: Create service-catalog-ssl secret
+  oc_secret:
+    state: present
+    name: service-catalog-ssl
+    namespace: kube-service-catalog
+    files:
+    - name: tls.crt
+      path: "{{ generated_certs_dir }}/apiserver.crt"
+
 - slurp:
     src: "{{ generated_certs_dir }}/ca.crt"
   register: apiserver_ca

roles/openshift_service_catalog/templates/controller_manager.j2

@@ -46,7 +46,19 @@ spec:
           protocol: TCP
         resources: {}
         terminationMessagePath: /dev/termination-log
+        volumeMounts:
+        - mountPath: /var/run/kubernetes-service-catalog
+          name: service-catalog-ssl
+          readOnly: true
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       securityContext: {}
       terminationGracePeriodSeconds: 30
+      volumes:
+      - name: service-catalog-ssl
+        secret:
+          defaultMode: 420
+          items:
+          - key: tls.crt
+            path: apiserver.crt
+          secretName: apiserver-ssl