It it generally necessary to provide a CA file to OpenStack clients in order to communicate with a cloud that uses self-signed certificates. The cloud-credential-operator syncs clouds.yaml files to various namespaces so that serivces running in those namespaces are able to communicate with the cloud, it does not sync the CA file. Instead, this must be managed using another mechanism. This has led to some odd situations, such as the Cinder CSI driver operator inspecting cloud-provider configuration to pull out this file.

We should start syncing not only the clouds.yaml file but also the CA file to anyone that requests it via a CredentialsRequest. Once we've done this, we can modify other components such as the Installer, CSI Driver Operators, and CCM Operator to pull the CA file from the same secrets that they pull the clouds.yaml from, rather than the litany of places they currently use.