Add correct CA cert to JDBC

trustyai-explainability · Oct 16, 2024 · 98bb7cf · 98bb7cf
1 parent 4893d79
commit 98bb7cf
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/controllers/deployment.go b/controllers/deployment.go
@@ -74,13 +74,13 @@ func (r *TrustyAIServiceReconciler) createDeploymentObject(ctx context.Context,
 	}
 
 	if instance.Spec.Storage.IsStorageDatabase() {
-		_, err := r.getSecret(ctx, instance.Name+"-db-tls", instance.Namespace)
+		_, err := r.getSecret(ctx, instance.Name+"-db-ca", instance.Namespace)
 		if err != nil {
 			deploymentConfig.UseDBTLSCerts = false
-			log.FromContext(ctx).Info("Using insecure database connection. Certificates " + instance.Name + "-db-tls not found")
+			log.FromContext(ctx).Info("Using insecure database connection. Certificates " + instance.Name + "-db-ca not found")
 		} else {
 			deploymentConfig.UseDBTLSCerts = true
-			log.FromContext(ctx).Info("Using secure database connection with certificates " + instance.Name + "-db-tls")
+			log.FromContext(ctx).Info("Using secure database connection with certificates " + instance.Name + "-db-ca")
 		}
 	} else {
 		deploymentConfig.UseDBTLSCerts = false

diff --git a/controllers/templates/service/deployment.tmpl.yaml b/controllers/templates/service/deployment.tmpl.yaml
@@ -100,7 +100,7 @@ spec:
                   key: databaseName
             - name: QUARKUS_DATASOURCE_JDBC_URL
             {{ if .UseDBTLSCerts }}
-              value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}?sslMode=verify-ca&serverSslCert=/etc/tls/db/tls.crt"
+              value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}?sslMode=verify-ca&serverSslCert=/etc/tls/db/ca.crt"
             {{ else }}
               value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}"
             {{ end }}
@@ -146,7 +146,7 @@ spec:
               readOnly: false
             {{ end }}
             {{ if .UseDBTLSCerts }}
-            - name: db-tls-certs
+            - name: db-ca-cert
               mountPath: /etc/tls/db
               readOnly: true
             {{ end }}
@@ -238,8 +238,8 @@ spec:
             secretName: {{ .Instance.Name }}-internal
             defaultMode: 420
         {{ if .UseDBTLSCerts }}
-        - name: db-tls-certs
+        - name: db-ca-cert
           secret:
-            secretName: {{ .Instance.Name }}-db-tls
+            secretName: {{ .Instance.Name }}-db-ca
             defaultMode: 420
         {{ end }}