wait for ca certs

percona · Aug 21, 2023 · fc1c9f7 · fc1c9f7
1 parent b889932
commit fc1c9f7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/pkg/controller/perconaservermongodb/ssl.go b/pkg/controller/perconaservermongodb/ssl.go
@@ -66,6 +66,11 @@ func (r *ReconcilePerconaServerMongoDB) createSSLByCertManager(ctx context.Conte
 		if err != nil && !k8serr.IsAlreadyExists(err) {
 			return errors.Wrap(err, "create ca certificate")
 		}
+
+		err = c.WaitForCerts(ctx, cr, tls.CACertificateSecretName(cr))
+		if err != nil {
+			return errors.Wrap(err, "failed to wait for ca cert")
+		}
 	}
 
 	err := c.CreateIssuer(ctx, cr)

diff --git a/pkg/psmdb/tls/certmanager.go b/pkg/psmdb/tls/certmanager.go
@@ -56,7 +56,7 @@ func caIssuerName(cr *api.PerconaServerMongoDB) string {
 	return cr.Name + "-psmdb-ca-issuer"
 }
 
-func caSecretName(cr *api.PerconaServerMongoDB) string {
+func CACertificateSecretName(cr *api.PerconaServerMongoDB) string {
 	return cr.Name + "-ca-cert"
 }
 
@@ -76,7 +76,7 @@ func (c *CertManagerController) CreateIssuer(ctx context.Context, cr *api.Percon
 		Spec: cm.IssuerSpec{
 			IssuerConfig: cm.IssuerConfig{
 				CA: &cm.CAIssuer{
-					SecretName: caSecretName(cr),
+					SecretName: CACertificateSecretName(cr),
 				},
 			},
 		},
@@ -142,11 +142,11 @@ func (c *CertManagerController) CreateCertificate(ctx context.Context, cr *api.P
 func (c *CertManagerController) CreateCACertificate(ctx context.Context, cr *api.PerconaServerMongoDB) error {
 	cert := &cm.Certificate{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      caSecretName(cr),
+			Name:      CACertificateSecretName(cr),
 			Namespace: cr.Namespace,
 		},
 		Spec: cm.CertificateSpec{
-			SecretName: caSecretName(cr),
+			SecretName: CACertificateSecretName(cr),
 			CommonName: cr.Name + "-ca",
 			IsCA:       true,
 			IssuerRef: cmmeta.ObjectReference{