From 3ccfab6e78a79edb9a7719b7ee06b694a8ac05f0 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Wed, 23 Jul 2025 09:57:03 -0400 Subject: [PATCH] Clear cert warning during deployments This removes the following warning by explicitly setting the value to the default: ``` Warning: spec.privateKey.rotationPolicy: In cert-manager >= v1.18.0, the default value changed from `Never` to `Always`. ``` Signed-off-by: Todd Short --- config/components/cert-manager/ca/issuers.yaml | 1 + .../cert-manager/catalogd/resources/certificate.yaml | 1 + .../operator-controller/resources/manager_cert.yaml | 1 + manifests/experimental-e2e.yaml | 3 +++ manifests/experimental.yaml | 3 +++ manifests/standard-e2e.yaml | 3 +++ manifests/standard.yaml | 3 +++ testdata/build-test-registry.sh | 1 + 8 files changed, 16 insertions(+) diff --git a/config/components/cert-manager/ca/issuers.yaml b/config/components/cert-manager/ca/issuers.yaml index 00e149d56..7725ebff0 100644 --- a/config/components/cert-manager/ca/issuers.yaml +++ b/config/components/cert-manager/ca/issuers.yaml @@ -19,6 +19,7 @@ spec: annotations: cert-manager.io/allow-direct-injection: "true" privateKey: + rotationPolicy: Always algorithm: ECDSA size: 256 issuerRef: diff --git a/config/components/cert-manager/catalogd/resources/certificate.yaml b/config/components/cert-manager/catalogd/resources/certificate.yaml index 63375760c..561dbe44e 100644 --- a/config/components/cert-manager/catalogd/resources/certificate.yaml +++ b/config/components/cert-manager/catalogd/resources/certificate.yaml @@ -10,6 +10,7 @@ spec: - catalogd-service.olmv1-system.svc - catalogd-service.olmv1-system.svc.cluster.local privateKey: + rotationPolicy: Always algorithm: ECDSA size: 256 issuerRef: diff --git a/config/components/cert-manager/operator-controller/resources/manager_cert.yaml b/config/components/cert-manager/operator-controller/resources/manager_cert.yaml index c001d946a..cbea2243e 100644 --- a/config/components/cert-manager/operator-controller/resources/manager_cert.yaml +++ b/config/components/cert-manager/operator-controller/resources/manager_cert.yaml @@ -9,6 +9,7 @@ spec: - operator-controller-service.olmv1-system.svc - operator-controller-service.olmv1-system.svc.cluster.local privateKey: + rotationPolicy: Always algorithm: ECDSA size: 256 issuerRef: diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index d3adf46e5..a91833bd7 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -1863,6 +1863,7 @@ spec: name: self-sign-issuer privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-ca secretTemplate: @@ -1887,6 +1888,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: catalogd-service-cert-git-version --- @@ -1907,6 +1909,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-cert --- diff --git a/manifests/experimental.yaml b/manifests/experimental.yaml index 7b0d2b9a3..00dc14153 100644 --- a/manifests/experimental.yaml +++ b/manifests/experimental.yaml @@ -1816,6 +1816,7 @@ spec: name: self-sign-issuer privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-ca secretTemplate: @@ -1840,6 +1841,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: catalogd-service-cert-git-version --- @@ -1860,6 +1862,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-cert --- diff --git a/manifests/standard-e2e.yaml b/manifests/standard-e2e.yaml index a8aff9838..1f46a03d4 100644 --- a/manifests/standard-e2e.yaml +++ b/manifests/standard-e2e.yaml @@ -1858,6 +1858,7 @@ spec: name: self-sign-issuer privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-ca secretTemplate: @@ -1882,6 +1883,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: catalogd-service-cert-git-version --- @@ -1902,6 +1904,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-cert --- diff --git a/manifests/standard.yaml b/manifests/standard.yaml index fa2546305..b4c70c252 100644 --- a/manifests/standard.yaml +++ b/manifests/standard.yaml @@ -1811,6 +1811,7 @@ spec: name: self-sign-issuer privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-ca secretTemplate: @@ -1835,6 +1836,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: catalogd-service-cert-git-version --- @@ -1855,6 +1857,7 @@ spec: name: olmv1-ca privateKey: algorithm: ECDSA + rotationPolicy: Always size: 256 secretName: olmv1-cert --- diff --git a/testdata/build-test-registry.sh b/testdata/build-test-registry.sh index 3d92a726f..e2dcc0914 100755 --- a/testdata/build-test-registry.sh +++ b/testdata/build-test-registry.sh @@ -45,6 +45,7 @@ spec: - ${name}-controller-manager-metrics-service.${namespace}.svc - ${name}-controller-manager-metrics-service.${namespace}.svc.cluster.local privateKey: + rotationPolicy: Always algorithm: ECDSA size: 256 issuerRef: