fix(helm): move rotationPolicy under privateKey for cert-manager compatibility

[waleedlatif1]

Summary

• Move rotationPolicy from spec.rotationPolicy to spec.privateKey.rotationPolicy
• Fixes compatibility with cert-manager v1.16 through v1.19

Type of Change

• Bug fix

Testing

Tested with helm template - Certificate renders correctly

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
docs	Ready	Preview, Comment	Jan 28, 2026 6:43pm

[greptile-apps]

Greptile Overview

Greptile Summary

This PR includes two separate changes:

1. cert-manager Compatibility Fix (Primary)

• Moved rotationPolicy from spec.rotationPolicy to spec.privateKey.rotationPolicy in the PostgreSQL Certificate resource
• Fixes compatibility with cert-manager v1.16 through v1.19 (the API schema changed)
• The fix is correct and aligns with cert-manager's current API specification

2. Branding ConfigMap Feature (Secondary)

• Added new configmap-branding.yaml template for custom branding assets
• Updated deployment-app.yaml to conditionally mount branding ConfigMap as a volume
• Added comprehensive branding configuration section in values.yaml with clear documentation
• Supports both text files (CSS, JSON) via data and binary files (images) via binaryData

Key Changes:

• certificate-postgresql.yaml: Fixed rotationPolicy location (lines 17-19)
• configmap-branding.yaml: New file for branding assets
• deployment-app.yaml: Added conditional volume/volumeMount for branding (lines 113-133)
• values.yaml: Added branding configuration block (lines 741-765)

Notes:

• The PR title and description only mention the cert-manager fix, but the commit range includes branding changes from commit dfe48a44
• Both changes are well-implemented and backward compatible (both features are opt-in via flags)

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• Both changes are well-implemented, tested, and backward compatible. The cert-manager fix addresses a real API compatibility issue, and the branding feature is properly gated behind a feature flag. All Helm templating is correct with appropriate conditionals.
• No files require special attention

Important Files Changed

Filename	Overview
helm/sim/templates/certificate-postgresql.yaml	Correctly moved rotationPolicy under privateKey for cert-manager v1.16+ compatibility
helm/sim/templates/configmap-branding.yaml	Added new ConfigMap for branding assets with proper support for text and binary files
helm/sim/templates/deployment-app.yaml	Added conditional volume and volumeMount for branding ConfigMap with appropriate conditions
helm/sim/values.yaml	Added well-documented branding configuration with clear examples for text and binary files

Sequence Diagram

sequenceDiagram
    participant User as User/Helm
    participant Values as values.yaml
    participant CertTemplate as certificate-postgresql.yaml
    participant BrandingCM as configmap-branding.yaml
    participant Deployment as deployment-app.yaml
    participant CertManager as cert-manager
    participant K8s as Kubernetes

    User->>Values: Configure branding.enabled=true
    User->>Values: Set postgresql.tls.rotationPolicy
    
    Note over Values,Deployment: Helm Template Rendering
    
    Values->>BrandingCM: branding.enabled? Create ConfigMap
    BrandingCM->>K8s: Create branding ConfigMap resource
    
    Values->>CertTemplate: postgresql.tls.enabled? Create Certificate
    Note over CertTemplate: rotationPolicy now under<br/>spec.privateKey.rotationPolicy<br/>(cert-manager v1.16+ compatible)
    CertTemplate->>CertManager: Submit Certificate resource
    CertManager->>K8s: Generate TLS certificate secret
    
    Values->>Deployment: Configure app deployment
    alt branding.enabled
        Deployment->>K8s: Mount branding ConfigMap as volume
        K8s->>Deployment: Files available at /app/public/branding
    end
    
    Note over Deployment,K8s: Application pod starts with<br/>branding assets and TLS config

Loading

[greptile-apps]

_{4 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}