When configuring a TempoStack instance to connect to an external MinIO storage using TLS, the TempoStack deployment requires a trusted CA bundle to establish the secure connection. The CA bundle can be provided through a ConfigMap referenced by the spec.storage.tls.caName field.

Currently, TempoStack expects the certificate to be stored under the key service-ca.crt in that ConfigMap.
However, when using OpenShift’s built-in mechanism to automatically inject the cluster’s trusted CA bundle (by labeling the ConfigMap with config.openshift.io/inject-trusted-cabundle: "true"), the injected key is named ca-bundle.crt instead.

Because of this mismatch, the automatically injected CA bundle cannot be directly consumed by TempoStack without manual intervention — administrators must copy or rename the key each time the CA rotates.

Enhance TempoStack to support either of the following:

1. Allow the spec.storage.tls.caName field to accept a ConfigMap containing a key named ca-bundle.crt (in addition to service-ca.crt).
   or

1. Provide an option or annotation to generate a CA bundle ConfigMap with the label config.openshift.io/inject-trusted-cabundle: "true" but using the key service-ca.crt instead of ca-bundle.crt.