mount only TLS certs, not key

cryostatio · Jan 21, 2025 · 699743e · 699743e
1 parent bfe99e4
commit 699743e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/internal/controllers/common/resource_definitions/resource_definitions.go b/internal/controllers/common/resource_definitions/resource_definitions.go
@@ -549,6 +549,16 @@ func NewPodForCR(cr *model.CryostatInstance, specs *ServiceSpecs, imageTags *Ima
 				Secret: &corev1.SecretVolumeSource{
 					SecretName:  tls.DatabaseSecret,
 					DefaultMode: &readOnlyMode,
+					Items: []corev1.KeyToPath{
+						{
+							Key:  "tls.crt",
+							Path: "tls.crt",
+						},
+						{
+							Key:  "ca.crt",
+							Path: "ca.crt",
+						},
+					},
 				},
 			},
 		}

diff --git a/internal/test/resources.go b/internal/test/resources.go
@@ -2998,6 +2998,16 @@ func (r *TestResources) newVolumes(certProjections []corev1.VolumeProjection) []
 					Secret: &corev1.SecretVolumeSource{
 						SecretName:  r.Name + "-database-tls",
 						DefaultMode: &readOnlymode,
+						Items: []corev1.KeyToPath{
+							{
+								Key:  "tls.crt",
+								Path: "tls.crt",
+							},
+							{
+								Key:  "ca.crt",
+								Path: "ca.crt",
+							},
+						},
 					},
 				},
 			},