Fix bug 1571 - Keystone charm needs to pass CA SSL certificate

[osm/devops.git] / installers / charm / keystone / src / charm.py

diff --git a/installers/charm/keystone/src/charm.py b/installers/charm/keystone/src/charm.py
index b5ce0cc..8300b88 100755 (executable)
--- a/installers/charm/keystone/src/charm.py
+++ b/installers/charm/keystone/src/charm.py
@@ -343,6 +343,11 @@ class KeystoneCharm(CharmedOsmBase):
                     {"LDAP_GROUP_TREE_DN": config_ldap.ldap_group_tree_dn}
                 )
 
+            if config_ldap.ldap_tls_cacert_base64:
+                container_builder.add_envs(
+                    {"LDAP_TLS_CACERT_BASE64": config_ldap.ldap_tls_cacert_base64}
+                )
+
             if config_ldap.ldap_use_starttls:
                 container_builder.add_envs(
                     {
@@ -365,6 +370,7 @@ class KeystoneCharm(CharmedOsmBase):
                     if config.max_file_size > 0
                     else config.max_file_size
                 ),
+                "kubernetes.io/ingress.class": "public",
             }
             ingress_resource_builder = IngressResourceV3Builder(
                 f"{self.app.name}-ingress", annotations