Currently the connection details for databases indicate that sslmode should be required. But, as the CA certificate securing these databases is self-signed, doing so properly is not possible without the CA certificate. A user could download this certificate out-of-band from the operator, but doing so is inconvenient and cumbersome.
Where applicable, the operator should include the CA certificate data in the credentials secret.
Currently the connection details for databases indicate that
sslmodeshould berequired. But, as the CA certificate securing these databases is self-signed, doing so properly is not possible without the CA certificate. A user could download this certificate out-of-band from the operator, but doing so is inconvenient and cumbersome.Where applicable, the operator should include the CA certificate data in the credentials secret.