Copy external_openstack_cacert to control-planes from host

roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml

@@ -3,9 +3,30 @@
   include_tasks: openstack-credential-check.yml
   tags: external-openstack
 
+- name: External OpenStack Cloud Controller | Test if external_openstack_cacert is a base64 string
+  set_fact:
+    external_openstack_cacert_is_base64: "{% if external_openstack_cacert is search('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}= | [A-Za-z0-9+/]{2}==)?$') %}true{% else %}false{% endif %}"
+  when:
+    - external_openstack_cacert is defined
+    - external_openstack_cacert | length > 0
+  tags: external-openstack
+
+- name: External OpenStack Cloud Controller | Write cacert file
+  copy:
+    src: "{{ external_openstack_cacert if not external_openstack_cacert_is_base64 else omit }}"
+    content: "{{ external_openstack_cacert | b64decode if external_openstack_cacert_is_base64 else omit }}"
+    dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - external_openstack_cacert is defined
+    - external_openstack_cacert | length > 0
+  tags: external-openstack
+
 - name: External OpenStack Cloud Controller | Get base64 cacert
   slurp:
-    src: "{{ external_openstack_cacert }}"
+    src: "{{ kube_config_dir }}/external-openstack-cacert.pem"
   register: external_openstack_cacert_b64
   when:
     - inventory_hostname == groups['kube_control_plane'][0]