refactor: Unify cert-manager annotations

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>
kedacore · Jan 24, 2024 · 8acf125 · 8acf125
1 parent ec01f01
commit 8acf125
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 20 deletions.
diff --git a/keda/templates/metrics-server/apiservice.yaml b/keda/templates/metrics-server/apiservice.yaml
@@ -4,12 +4,10 @@ metadata:
   {{- if or .Values.certificates.certManager.enabled .Values.additionalAnnotations }}
   annotations:
     {{- if .Values.certificates.certManager.enabled }}
-    {{- if .Values.certificates.certManager.generateCA }}
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-ca
-    {{- else if not .Values.certificates.certManager.issuer.generate }}
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates
-    {{- else }}
+    {{- if and (not .Values.certificates.certManager.generateCA) .Values.certificates.certManager.issuer.generate }}
     cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.certificates.certManager.caSecretName }}
+    {{- else }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates
     {{- end }}
     {{- end }}
     {{- if .Values.additionalAnnotations }}

diff --git a/keda/templates/webhooks/validatingconfiguration.yaml b/keda/templates/webhooks/validatingconfiguration.yaml
@@ -5,12 +5,10 @@ metadata:
   {{- if or .Values.certificates.certManager.enabled .Values.additionalAnnotations }}
   annotations:
     {{- if .Values.certificates.certManager.enabled }}
-    {{- if .Values.certificates.certManager.generateCA }}
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-ca
-    {{- else if not .Values.certificates.certManager.issuer.generate }}
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates
-    {{- else }}
+    {{- if and (not .Values.certificates.certManager.generateCA) .Values.certificates.certManager.issuer.generate }}
     cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.certificates.certManager.caSecretName }}
+    {{- else }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates
     {{- end }}
     {{- end }}
     {{- if .Values.additionalAnnotations }}

diff --git a/keda/values.yaml b/keda/values.yaml
@@ -736,16 +736,6 @@ certificates:
     # If generateCA is false, the secret with the CA
     # has to be annotated with `cert-manager.io/allow-direct-injection: "true"`
     generateCA: true
-    # -- Reference to custom Issuer.
-    issuer:
-      # -- Generates an Issuer resource with Cert-manager
-      generate: true
-      # -- Custom Issuer name. Required when generate: false
-      name: foo-org-ca
-      # -- Custom Issuer kind. Required when generate: false
-      kind: ClusterIssuer
-      # -- Custom Issuer group. Required when generate: false
-      group: cert-manager.io
     # -- Secret name where the CA is stored (generatedby cert-manager or user given)
     caSecretName: "kedaorg-ca"
     # -- Add labels/annotations to secrets created by Certificate resources
@@ -756,6 +746,16 @@ certificates:
       #   my-secret-annotation-2: "bar"
       # labels:
       #   my-secret-label: foo
+    # -- Reference to custom Issuer.
+    issuer:
+      # -- Generates an Issuer resource with Cert-manager
+      generate: true
+      # -- Custom Issuer name. Required when generate: false
+      name: foo-org-ca
+      # -- Custom Issuer kind. Required when generate: false
+      kind: ClusterIssuer
+      # -- Custom Issuer group. Required when generate: false
+      group: cert-manager.io
 
 permissions:
   metricServer: