From b72ccb7f06e56ff825bb2e92ab1b3231df5fcf89 Mon Sep 17 00:00:00 2001 From: John Zammit Date: Wed, 6 May 2026 16:07:17 +0200 Subject: [PATCH] fix(keda): don't gate cert rotation on metrics server being enabled PR #819 added .Values.metricsServer.enabled to the --enable-cert-rotation gate, which means setting metricsServer.enabled=false also disables cert rotation for the operator and admission webhooks. The kedaorg-certs secret is then never created, leaving the operator crashlooping on missing /certs/ca.crt and webhooks stuck in ContainerCreating. Restore the pre-#819 expression so cert rotation is gated only on autoGenerated and !certManager.enabled, independent of the metrics server. Fixes #849 Signed-off-by: John Zammit --- keda/templates/manager/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keda/templates/manager/deployment.yaml b/keda/templates/manager/deployment.yaml index b1a7c5ef6..178ca9470 100644 --- a/keda/templates/manager/deployment.yaml +++ b/keda/templates/manager/deployment.yaml @@ -94,7 +94,7 @@ spec: - "--zap-stacktrace-level=error" {{- end }} - "--cert-dir={{ .Values.certificates.mountPath }}" - - "--enable-cert-rotation={{ and .Values.metricsServer.enabled .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }}" + - "--enable-cert-rotation={{ and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }}" - "--cert-secret-name={{ .Values.certificates.secretName }}" - "--operator-service-name={{ .Values.operator.name }}" - "--metrics-server-service-name={{ .Values.operator.name }}-metrics-apiserver"