Skip to content

keda: auto-derive multitenant tenant names from release name#510

Merged
wozniakjan merged 1 commit into
kedify:mainfrom
kedifybot:agent/keda-mt-autoderive-names
Jun 15, 2026
Merged

keda: auto-derive multitenant tenant names from release name#510
wozniakjan merged 1 commit into
kedify:mainfrom
kedifybot:agent/keda-mt-autoderive-names

Conversation

@kedifybot

@kedifybot kedifybot commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

In multitenant mode: tenant, the operator name, its ServiceAccount and the operator TLS Secret are suffixed with the Helm release name, so tenants sharing a namespace no longer collide and no longer need manual unique-name overrides.

  • New helpers in templates/_kedify-helpers.tpl (a dedicated file, kept separate from upstream _helpers.tpl to avoid rebase conflicts): keda.operator.name / keda.operator.serviceAccountName / keda.certificates.secretName. In tenant mode they return <value>-<release> (e.g. keda-operator-bar, kedaorg-certs-bar); in default / non-multitenant mode they return the configured value unchanged.
  • serviceAccount.operator.name now tracks the operator name via the same suffixing. Previously the SA kept the fixed default keda-operator even when operator.name was overridden — that mismatch is what made a second same-namespace tenant install fail on ServiceAccount ownership.
  • No values.yaml, values.schema.json or _helpers.tpl changes — those upstream files are untouched. Defaults stay keda-operator / kedaorg-certs, read as-is and only suffixed at render time in tenant mode.
  • A tenant now installs with just kedify.multitenant.mode: tenant + watchNamespace.

Backward compatible: default and mode: default renders are byte-identical to before, verified with helm template diffs across default, cert-manager, network-policy, prometheus, PDB and azure-workload-identity value sets.

@kedifybot kedifybot added the enhancement New feature or request label Jun 15, 2026
@kedifybot kedifybot requested a review from a team June 15, 2026 09:49
@kedifybot kedifybot force-pushed the agent/keda-mt-autoderive-names branch from 0fecb09 to 4e39930 Compare June 15, 2026 10:11
In multitenant "tenant" mode, the operator name, its ServiceAccount and the
operator TLS Secret are suffixed with the Helm release name, so tenants sharing
a namespace no longer collide and no longer need manual unique-name overrides.

- New helpers in templates/_kedify-helpers.tpl (kept separate from the upstream
  _helpers.tpl to avoid rebase conflicts): keda.operator.name /
  keda.operator.serviceAccountName / keda.certificates.secretName. In "tenant"
  mode they return <value>-<release> (e.g. keda-operator-bar, kedaorg-certs-bar);
  in default / non-multitenant mode they return the configured value unchanged.
- serviceAccount.operator.name now tracks the operator name via the same
  suffixing. Previously the SA kept the fixed default "keda-operator" even when
  operator.name was overridden, which is what made a second same-namespace
  tenant install fail on ServiceAccount ownership.
- No values.yaml, values.schema.json or _helpers.tpl changes: defaults stay
  keda-operator / kedaorg-certs and are read as-is, only suffixed at render time
  in tenant mode.

A tenant now installs with just kedify.multitenant.mode=tenant + watchNamespace.

Backward compatible: default and mode=default renders are byte-identical to
before (verified with helm template diff across default, cert-manager,
network-policy, prometheus, PDB and azure-workload-identity value sets).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kedifybot kedifybot force-pushed the agent/keda-mt-autoderive-names branch from 4e39930 to 1362f92 Compare June 15, 2026 10:25
@wozniakjan wozniakjan merged commit 48865dc into kedify:main Jun 15, 2026
25 checks passed
@github-actions github-actions Bot added this to the keda/next milestone Jun 15, 2026
@github-actions github-actions Bot modified the milestones: keda/next, keda/v2.20.1-2 Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants