Skip to content

Commit

Permalink
chore: Simplify cert-manager certs and support existingIssuer
Browse files Browse the repository at this point in the history 
Signed-off-by: Marco Kilchhofer <[email protected]>
  • Loading branch information
@mkilchhofer
mkilchhofer committed May 15, 2023
1 parent 0c6ab99 commit 84d5c43
Show file tree
Hide file tree
Showing 8 changed files with 18 additions and 53 deletions.
5 changes: 3 additions & 2 deletions keda/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,8 +215,9 @@ their default values.
| `certificates.secretName` | Secret name to be mounted with KEDA TLS certificates | `kedaorg-certs` |
| `certificates.mountPath` | Path where KEDA TLS certificates are mounted | `/certs` |
| `certificates.certManager.enabled` | Enables Cert-manager for certificate management | `false` |
| `certificates.certManager.generateCA` | Generates a self-signed CA with Cert-manager | `true` |
| `certificates.certManager.caSecretName` | Secret name where the CA is stored (generatedby cert-manager or user given) | `kedaorg-ca` |
| `certificates.certManager.existingIssuer.enabled` | Use an existing cert-manager issuer | `false` |
| `certificates.certManager.existingIssuer.kind` | Kind of the existing cert-manager issuer | `ClusterIssuer` |
| `certificates.certManager.existingIssuer.name` | Name of the existing cert-manager issuer | `""` |
| `certificates.certManager.secretTemplate` | [Labels or annotations to add to the secret generated](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) by cert-manager | `{}` |


Expand Down
11 changes: 0 additions & 11 deletions keda/templates/40-cert-manager-self-issuer.yaml
View file

This file was deleted.

22 changes: 0 additions & 22 deletions keda/templates/41-cert-manager-self-ca.yaml
View file

This file was deleted.

7 changes: 3 additions & 4 deletions keda/templates/42-cert-manager-keda-issuer.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.certificates.certManager.enabled }}
{{- if and .Values.certificates.certManager.enabled (not .Values.certificates.certManager.existingIssuer.enabled) }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
Expand All @@ -7,6 +7,5 @@ metadata:
name: {{ .Values.operator.name }}-issuer
namespace: {{ .Release.Namespace }}
spec:
ca:
secretName: {{ .Values.certificates.certManager.caSecretName }}
{{- end }}
selfSigned: {}
{{- end }}
5 changes: 5 additions & 0 deletions keda/templates/43-cert-manager-keda-tls-certificate.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,12 @@ spec:
duration: 8760h0m0s # 1 year
renewBefore: 5840h0m0s # 8 months
issuerRef:
{{- if .Values.certificates.certManager.existingIssuer.enabled }}
name: {{ .Values.certificates.certManager.existingIssuer.name }}
kind: {{ .Values.certificates.certManager.existingIssuer.kind }}
{{- else }}
name: {{ .Values.operator.name }}-issuer
kind: Issuer
{{- end }}
group: cert-manager.io
{{- end }}
6 changes: 1 addition & 5 deletions keda/templates/metrics-server/apiservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,7 @@ kind: APIService
metadata:
annotations:
{{- if .Values.certificates.certManager.enabled }}
{{- if .Values.certificates.certManager.generateCA }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-ca
{{- else }}
cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.certificates.certManager.caSecretName }}
{{- end }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates
{{- end }}
{{- if .Values.additionalAnnotations }}
{{- toYaml .Values.additionalAnnotations | nindent 4 }}
Expand Down
6 changes: 1 addition & 5 deletions keda/templates/webhooks/validatingconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,7 @@ kind: ValidatingWebhookConfiguration
metadata:
annotations:
{{- if .Values.certificates.certManager.enabled }}
{{- if .Values.certificates.certManager.generateCA }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-ca
{{- else }}
cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.certificates.certManager.caSecretName }}
{{- end }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.operator.name }}-tls-certificates
{{- end }}
{{- if .Values.additionalAnnotations }}
{{- toYaml .Values.additionalAnnotations | nindent 4 }}
Expand Down
9 changes: 5 additions & 4 deletions keda/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -451,17 +451,18 @@ certificates:
mountPath: /certs
certManager:
enabled: false
# If generateCA is false, the secret with the CA
# has to be annotated with 'cert-manager.io/allow-direct-injection: "true"'
generateCA: true
caSecretName: "kedaorg-ca"
# Add labels/annotations to secrets created by Certificate resources
secretTemplate: {}
# annotations:
# my-secret-annotation-1: "foo"
# my-secret-annotation-2: "bar"
# labels:
# my-secret-label: foo
# Use an existing cert-manager issuer.
existingIssuer:
enabled: false
kind: ClusterIssuer
name: ""

permissions:
metricServer:
Expand Down

0 comments on commit 84d5c43

Please sign in to comment.