fix: tls CA cert not working (#6031)

(cherry picked from commit 03046f7)
apecloud · May 6, 2024 · 7a036f7 · 7a036f7
1 parent 251f11f
commit 7a036f7
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/controllers/apps/component_controller_test.go b/controllers/apps/component_controller_test.go
@@ -1496,7 +1496,8 @@ var _ = Describe("Component Controller", func() {
 						{Key: constant.CertName, Path: constant.CertName},
 						{Key: constant.KeyName, Path: constant.KeyName},
 					},
-					Optional: func() *bool { o := false; return &o }(),
+					Optional:    func() *bool { o := false; return &o }(),
+					DefaultMode: func() *int32 { m := int32(0600); return &m }(),
 				},
 			},
 		}

diff --git a/controllers/apps/transformer_component_tls.go b/controllers/apps/transformer_component_tls.go
@@ -206,6 +206,7 @@ func composeTLSVolume(clusterName string, synthesizeComp component.SynthesizedCo
 		cert = tls.Issuer.SecretRef.Cert
 		key = tls.Issuer.SecretRef.Key
 	}
+	mode := int32(0600)
 	volume := corev1.Volume{
 		Name: constant.VolumeName,
 		VolumeSource: corev1.VolumeSource{
@@ -216,7 +217,8 @@ func composeTLSVolume(clusterName string, synthesizeComp component.SynthesizedCo
 					{Key: cert, Path: constant.CertName},
 					{Key: key, Path: constant.KeyName},
 				},
-				Optional: func() *bool { o := false; return &o }(),
+				Optional:    func() *bool { o := false; return &o }(),
+				DefaultMode: &mode,
 			},
 		},
 	}

diff --git a/pkg/controller/plan/tls_utils.go b/pkg/controller/plan/tls_utils.go
@@ -49,7 +49,7 @@ func ComposeTLSSecret(namespace, clusterName, componentName string) (*v1.Secret,
 		SetStringData(map[string]string{}).
 		GetObject()
 
-	const tpl = `{{- $cert := genSelfSignedCert "KubeBlocks" nil nil 365 }}
+	const tpl = `{{- $cert := genCA "KubeBlocks" 3650 }}
 {{ $cert.Cert }}
 {{ $cert.Key }}
 `