apply suggestions

thongdk8 · thongdk8 · commit f391c9a864d6 · 2025-07-04T19:42:41.000+09:00
diff --git a/charts/scalar-manager/templates/scalar-manager/deployment.yaml b/charts/scalar-manager/templates/scalar-manager/deployment.yaml
@@ -128,15 +128,17 @@ spec:
             - name: TLS_OUTBOUND_API_CA_ROOT_CERT_PATH
               {{- if .Values.scalarManager.tls.downstream.caRootCertSecret }}
               value: "/tls/ca/certs/ca.crt"
-              {{- else if and .Values.scalarManager.tls.certManager.enabled (not .Values.scalarManager.tls.certManager.selfSigned.enabled) }}
-              # For CA-based cert-manager issuers, we assume ca.crt is present in the secret.
-              value: "/tls/scalar-manager/certs/ca.crt"
-              {{- else if and .Values.scalarManager.tls.certManager.enabled .Values.scalarManager.tls.certManager.selfSigned.enabled (eq .Values.scalarManager.tls.certManager.selfSigned.type "selfSigned") }}
+              {{- else if .Values.scalarManager.tls.certManager.enabled }}
+                {{- if and .Values.scalarManager.tls.certManager.selfSigned.enabled (eq .Values.scalarManager.tls.certManager.selfSigned.type "selfSigned") }}
               # If using a self-signed cert (not from a CA), the cert itself is the trust anchor.
               value: "/tls/scalar-manager/certs/tls.crt"
-              {{- else }}
-              # Default fallback, though this case might need further review based on expected configurations.
+                {{- else }}
+              # For CA-based cert-manager issuers (self-signed or not), we assume ca.crt is present in the secret.
               value: "/tls/scalar-manager/certs/ca.crt"
+                {{- end }}
+              {{- else }}
+              # Manual mode without a caRootCertSecret, assume the server cert is the trust anchor.
+              value: "/tls/scalar-manager/certs/tls.crt"
               {{- end }}
             {{- end }}
             {{- if .Values.scalarManager.tls.upstream.grafana.enabled }}
@@ -171,7 +173,7 @@ spec:
         - name: api-application-properties-volume
           configMap:
             name: {{ include "scalar-manager.fullname" . }}-api-application-properties
-        {{- if and .Values.scalarManager.tls.downstream.enabled (not .Values.scalarManager.tls.certManager.enabled) }}
+        {{- if and .Values.scalarManager.tls.downstream.enabled (not .Values.scalarManager.tls.certManager.enabled) .Values.scalarManager.tls.downstream.certChainSecret .Values.scalarManager.tls.downstream.privateKeySecret }}
         - name: scalar-manager-tls-volume
           projected:
             sources:
