Skip to content

operator cert auto-management: make APIService cert injections optional#832

Merged
wozniakjan merged 2 commits into
kedacore:mainfrom
wozniakjan:cert_rotation_make_apiservice_cert_rotations_optional
Mar 18, 2026
Merged

operator cert auto-management: make APIService cert injections optional#832
wozniakjan merged 2 commits into
kedacore:mainfrom
wozniakjan:cert_rotation_make_apiservice_cert_rotations_optional

Conversation

@wozniakjan

@wozniakjan wozniakjan commented Mar 18, 2026
edited
Loading

Copy link
Copy Markdown
Member

Checklist

@wozniakjan wozniakjan requested a review from a team as a code owner March 18, 2026 15:25
@wozniakjan wozniakjan mentioned this pull request Mar 18, 2026
Merged
4 tasks
@wozniakjan
operator cert auto-management: make APIService cert injections optional
d2916df 
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
@wozniakjan wozniakjan force-pushed the cert_rotation_make_apiservice_cert_rotations_optional branch from d659206 to d2916df Compare March 18, 2026 15:29
@wozniakjan wozniakjan requested review from a team and Copilot and removed request for a team March 18, 2026 15:29
Copilot AI reviewed Mar 18, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a Helm value to make the KEDA operator’s APIService CA/cert injection behavior configurable when using self-generated certificates, and wires that value into the operator Deployment plus documentation.

Changes:

  • Add certificates.operator.apiServicePatching.enabled (default true) to values.yaml.
  • Pass --enable-apiservice-patching=... to the operator container args (when certificates.autoGenerated is enabled).
  • Document the new value in the chart README.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
keda/values.yaml Introduces the new apiServicePatching.enabled configuration under certificates.operator.
keda/templates/manager/deployment.yaml Adds a new operator CLI flag derived from the new Helm value.
keda/README.md Documents the new Helm value in the generated values table.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread keda/templates/manager/deployment.yaml Outdated
Comment thread keda/templates/manager/deployment.yaml Outdated
Comment thread keda/values.yaml Outdated
Comment thread keda/README.md Outdated
@wozniakjan wozniakjan requested a review from Copilot March 18, 2026 15:55
@wozniakjan wozniakjan force-pushed the cert_rotation_make_apiservice_cert_rotations_optional branch from 46d52b1 to 0025708 Compare March 18, 2026 15:56

This comment was marked as resolved.

Sign in to view

@wozniakjan
address review: improve gating condition and documentation for apiSer…
6b0394d 
…vicePatching

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
@wozniakjan wozniakjan force-pushed the cert_rotation_make_apiservice_cert_rotations_optional branch from 0025708 to 6b0394d Compare March 18, 2026 15:59
@wozniakjan wozniakjan requested a review from Copilot March 18, 2026 16:01
@wozniakjan wozniakjan merged commit 94566c7 into kedacore:main Mar 18, 2026
31 checks passed
Copilot AI reviewed Mar 18, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds an optional Helm value to control whether the KEDA operator patches the Metrics API APIService CA bundle when using auto-generated certificates (non–cert-manager), exposing the operator’s new --enable-apiservice-patching flag through the chart.

Changes:

  • Document a new optional value certificates.operator.apiServicePatching.enabled (default unset) in values.yaml and README.md.
  • Conditionally pass --enable-apiservice-patching to the operator Deployment when the value is configured and auto-generated certs are in use.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
keda/values.yaml Adds commented configuration/docs for optional APIService patching control under certificates.operator.
keda/templates/manager/deployment.yaml Conditionally appends the new operator CLI flag based on cert settings and the new value.
keda/README.md Documents the new value and its implications (especially for metricsServer.enabled=true).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread keda/templates/manager/deployment.yaml
Comment thread keda/values.yaml
@wozniakjan wozniakjan mentioned this pull request Jun 10, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zroubalik zroubalik zroubalik approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wozniakjan @zroubalik