From 8d04e563539ec34f4be18fdf9e0755c41b5749ab Mon Sep 17 00:00:00 2001
From: Pierangelo Di Pilato <pierdipi@redhat.com>
Date: Wed, 11 Oct 2023 16:32:24 +0200
Subject: [PATCH 1/2] Workaround for cert-manager update spec issue (#3390)

I'm setting the fields to what cert-manager expects so that
we don't run into this issue https://github.com/cert-manager/cert-manager/issues/6408

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
---
 .../config/broker-tls/broker-ingress-tls-certificate.yaml   | 6 +++---
 .../config/channel-tls/channel-ingress-tls-certificate.yaml | 6 +++---
 .../config/sink-tls/sink-ingress-tls-certificate.yaml       | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml b/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml
index e00754ce9d..8b298cd29e 100644
--- a/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml
+++ b/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml
@@ -26,12 +26,12 @@ spec:
       app.kubernetes.io/component: kafka-broker-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
diff --git a/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml b/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml
index 4971a7d34d..0896ca68b7 100644
--- a/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml
+++ b/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml
@@ -26,12 +26,12 @@ spec:
       app.kubernetes.io/component: kafka-channel-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
diff --git a/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml b/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml
index baf6a6ec73..ef20921431 100644
--- a/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml
+++ b/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml
@@ -26,12 +26,12 @@ spec:
       app.kubernetes.io/component: kafka-sink-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1

From 70836feb4d89b7a554b6fae6aab4844d6700f70e Mon Sep 17 00:00:00 2001
From: Pierangelo Di Pilato <pierdipi@redhat.com>
Date: Thu, 12 Oct 2023 08:13:12 +0200
Subject: [PATCH 2/2] Run make generate-release

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
---
 .../eventing-kafka-tls-networking.yaml         | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/openshift/release/artifacts/eventing-kafka-tls-networking.yaml b/openshift/release/artifacts/eventing-kafka-tls-networking.yaml
index a8bbad5d21..fed8dd218c 100644
--- a/openshift/release/artifacts/eventing-kafka-tls-networking.yaml
+++ b/openshift/release/artifacts/eventing-kafka-tls-networking.yaml
@@ -27,12 +27,12 @@ spec:
       app.kubernetes.io/component: kafka-broker-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
@@ -76,12 +76,12 @@ spec:
       app.kubernetes.io/component: kafka-channel-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
@@ -126,12 +126,12 @@ spec:
       app.kubernetes.io/component: kafka-sink-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1