From 8acf125aebfd347cde584ed8c7b3f9cb6ef13dae Mon Sep 17 00:00:00 2001 From: Dmytro Kovalenko Date: Wed, 24 Jan 2024 17:26:51 +0200 Subject: [PATCH] refactor: Unify cert-manager annotations Signed-off-by: Dmytro Kovalenko --- keda/templates/metrics-server/apiservice.yaml | 8 +++----- .../webhooks/validatingconfiguration.yaml | 8 +++----- keda/values.yaml | 20 +++++++++---------- 3 files changed, 16 insertions(+), 20 deletions(-) diff --git a/keda/templates/metrics-server/apiservice.yaml b/keda/templates/metrics-server/apiservice.yaml index 77d88137..ec44d6b2 100644 --- a/keda/templates/metrics-server/apiservice.yaml +++ b/keda/templates/metrics-server/apiservice.yaml @@ -4,12 +4,10 @@ metadata: {{- if or .Values.certificates.certManager.enabled .Values.additionalAnnotations }} annotations: {{- if .Values.certificates.certManager.enabled }} - {{- if .Values.certificates.certManager.generateCA }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-ca - {{- else if not .Values.certificates.certManager.issuer.generate }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates - {{- else }} + {{- if and (not .Values.certificates.certManager.generateCA) .Values.certificates.certManager.issuer.generate }} cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.certificates.certManager.caSecretName }} + {{- else }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates {{- end }} {{- end }} {{- if .Values.additionalAnnotations }} diff --git a/keda/templates/webhooks/validatingconfiguration.yaml b/keda/templates/webhooks/validatingconfiguration.yaml index ae7947c7..0b462309 100644 --- a/keda/templates/webhooks/validatingconfiguration.yaml +++ b/keda/templates/webhooks/validatingconfiguration.yaml @@ -5,12 +5,10 @@ metadata: {{- if or .Values.certificates.certManager.enabled .Values.additionalAnnotations }} annotations: {{- if .Values.certificates.certManager.enabled }} - {{- if .Values.certificates.certManager.generateCA }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-ca - {{- else if not .Values.certificates.certManager.issuer.generate }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates - {{- else }} + {{- if and (not .Values.certificates.certManager.generateCA) .Values.certificates.certManager.issuer.generate }} cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.certificates.certManager.caSecretName }} + {{- else }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates {{- end }} {{- end }} {{- if .Values.additionalAnnotations }} diff --git a/keda/values.yaml b/keda/values.yaml index 9f2459dd..1e915135 100644 --- a/keda/values.yaml +++ b/keda/values.yaml @@ -736,16 +736,6 @@ certificates: # If generateCA is false, the secret with the CA # has to be annotated with `cert-manager.io/allow-direct-injection: "true"` generateCA: true - # -- Reference to custom Issuer. - issuer: - # -- Generates an Issuer resource with Cert-manager - generate: true - # -- Custom Issuer name. Required when generate: false - name: foo-org-ca - # -- Custom Issuer kind. Required when generate: false - kind: ClusterIssuer - # -- Custom Issuer group. Required when generate: false - group: cert-manager.io # -- Secret name where the CA is stored (generatedby cert-manager or user given) caSecretName: "kedaorg-ca" # -- Add labels/annotations to secrets created by Certificate resources @@ -756,6 +746,16 @@ certificates: # my-secret-annotation-2: "bar" # labels: # my-secret-label: foo + # -- Reference to custom Issuer. + issuer: + # -- Generates an Issuer resource with Cert-manager + generate: true + # -- Custom Issuer name. Required when generate: false + name: foo-org-ca + # -- Custom Issuer kind. Required when generate: false + kind: ClusterIssuer + # -- Custom Issuer group. Required when generate: false + group: cert-manager.io permissions: metricServer: