chore: bump Barbican to 0.3.10 (#1136)

diff --git a/.charts.yml b/.charts.yml
index cecb75d..a03428a 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -10,7 +10,7 @@
 
 charts:
   - name: barbican
-    version: 0.3.6
+    version: 0.3.10
     repository: *openstack_helm_repository
     dependencies: *openstack_helm_dependencies
   - name: ceph-csi-rbd
diff --git a/charts/barbican/Chart.yaml b/charts/barbican/Chart.yaml
index 3c47288..f025cbe 100644
--- a/charts/barbican/Chart.yaml
+++ b/charts/barbican/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/barbican
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.6
+version: 0.3.10
diff --git a/charts/barbican/templates/certificates.yaml b/charts/barbican/templates/certificates.yaml
new file mode 100644
index 0000000..6df861d
--- /dev/null
+++ b/charts/barbican/templates/certificates.yaml
@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.certificates -}}
+{{  dict "envAll" . "service" "key_manager" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
+{{- end -}}
diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml
index 4e281d9..d777f42 100644
--- a/charts/barbican/templates/deployment-api.yaml
+++ b/charts/barbican/templates/deployment-api.yaml
@@ -43,6 +43,7 @@
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "barbican_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
 {{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
@@ -118,9 +119,9 @@
               mountPath: /tmp/barbican.sh
               subPath: barbican.sh
               readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
 
 {{ if $mounts_barbican_api.volumeMounts }}{{ toYaml $mounts_barbican_api.volumeMounts | indent 12 }}{{ end }}
       volumes:
@@ -136,9 +137,9 @@
           configMap:
             name: barbican-bin
             defaultMode: 0555
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
 
 {{ if $mounts_barbican_api.volumes }}{{ toYaml $mounts_barbican_api.volumes | indent 8 }}{{ end }}
 {{- end }}
diff --git a/charts/barbican/templates/job-rabbit-init.yaml b/charts/barbican/templates/job-rabbit-init.yaml
index 75bb5fc..0f9839e 100644
--- a/charts/barbican/templates/job-rabbit-init.yaml
+++ b/charts/barbican/templates/job-rabbit-init.yaml
@@ -21,6 +21,9 @@
 
 {{- if .Values.manifests.job_rabbit_init }}
 {{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
+{{- if and .Values.tls.oslo_messaging .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
+{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
+{{- end -}}
 {{- if .Values.pod.tolerations.barbican.enabled -}}
 {{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
 {{- end -}}
diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml
index 09e2198..9e6f406 100644
--- a/charts/barbican/values.yaml
+++ b/charts/barbican/values.yaml
@@ -570,7 +570,12 @@
       default: barbican-api
       public: barbican
     host_fqdn_override:
-      default: null
+      default:
+        tls:
+          secretName: barbican-tls-internal
+          issuerRef:
+            kind: ClusterIssuer
+            name: ca-clusterissuer
     path:
       default: /
     scheme: