Description of problem:

The CA certificate defined in LokiStack CR at "lokistack.spec.storage.tls.caName"  is not injected in loki-ruler pods but is injected in loki-ingester pods.

Version-Release number of selected component (if applicable):

Loki Operator 5.8

How reproducible:

100%

Steps to Reproduce:

1. Create LokiStack CR and inject a custom CA of the object storage at "lokistack.spec.storage.tls.caName"
2. Enable lokistack.spec.rules and let the pods spin up
3. Check the logs of logging-loki-ruler pods:

level=error ts=2023-11-17T16:18:04.95523774Z caller=compat.go:78 user=infrastructure rule_name=k8spspallowedusers rule_type=alerting query="(sum(count_over_time({log_type=\"infrastructure\", kubernetes_namespace_name=\"openshift-gatekeeper-system\"} | openshift_labels_cluster_name=\"tenant-10\" | message=_{\".allowed-user-ranges.\" | message=}\".K8sPSPAllowedUsers.\"[5m])) > 5)" query_hash=383797106 msg="rule evaluation failed" err="failed to load chunk 'infrastructure/1ce7e214bf1b9dfb/18bdda184da:18bde1043d2:d8ac40e2': failed to get s3 object: RequestError: send request failed\ncaused by: Get \"
https://abc.dev.s3.example.int:443/observability-observability/infrastructure/1ce7e214bf1b9dfb/18bdda184da%3A18bde1043d2%3Ad8ac40e2
\": tls: failed to verify certificate: x509: certificate signed by unknown authority"

Actual results:

The rule evaluation failed as ruler pods are unable to connect to object storage because of certificate verification failure.

Expected results:

The CA certificate should get injected in logging-loki-ruler pods and the rule evaluation should succeed.

Additional info:

As the CA certificate is injected in ingester pods at /etc/storage/ca, if the CA certificate is manually made available in /etc/storage/ca inside logging-loki-ruler pods, then it doesn't work.