Udpate path for operator cert for backwards compatibility

IBM-Security · Oct 11, 2024 · 17f5efe · 17f5efe
1 parent 27123fe
commit 17f5efe
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/src/internal/controller/constants.go b/src/internal/controller/constants.go
@@ -17,7 +17,7 @@ const k8sNamespaceFile string = "/var/run/secrets/kubernetes.io/serviceaccount/n
  * THe name of the kubernetes file which is used to mount the CA X509 for the
  * operator's snapshot management service.
  */
-const k8sSnapMgrCertDir string = "/var/run/secrets/kubernetes.io/verify-access-operator"
+const k8sSnapMgrCertFile string = "/tmp/verify-access-operator.crt"
 
 /*
  * The name which is given to our operator.  This same name will also be

diff --git a/src/internal/controller/ibmsecurityverifyaccess_controller.go b/src/internal/controller/ibmsecurityverifyaccess_controller.go
@@ -549,6 +549,9 @@ func (r *IBMSecurityVerifyAccessReconciler) deploymentForVerifyAccess(
 			Name:  "CONFIG_SERVICE_TLS_CACERT",
 			Value: m.Spec.SnapshotTLSCacert,
 		})
+		if m.Spec.SnapshotTLSCacert == "operator" {
+			addSnapMgrCert = true
+		}
 
 	} else {
 		addSnapMgrCert = true
@@ -604,7 +607,7 @@ func (r *IBMSecurityVerifyAccessReconciler) deploymentForVerifyAccess(
 		volMnts = append(volMnts, corev1.VolumeMount{
 			Name:      operatorName,
 			ReadOnly:  true,
-			MountPath: k8sSnapMgrCertDir,
+			MountPath: k8sSnapMgrCertFile,
 			SubPath:   certFieldName,
 		})
 		vols = append(vols, corev1.Volume{
@@ -622,7 +625,6 @@ func (r *IBMSecurityVerifyAccessReconciler) deploymentForVerifyAccess(
 			},
 		})
 	}
-	r.Log.V(1).Info(fmt.Printf("%#v\n", maxVolMnts))
 	/*
 	 * Set up the rest of the deployment descriptor.
 	 */