diff --git a/pkg/controller/cainjector/indexers.go b/pkg/controller/cainjector/indexers.go
index 0cd000c78e1..cefb46dc2e2 100644
--- a/pkg/controller/cainjector/indexers.go
+++ b/pkg/controller/cainjector/indexers.go
@@ -52,7 +52,7 @@ func certFromSecretToInjectableMapFuncBuilder(cl client.Reader, log logr.Logger,
 		if certName == nil {
 			return nil
 		}
-		log = log.WithValues("type", config.resourceName, "secret", secretName, "certificate", *certName)
+		log := log.WithValues("type", config.resourceName, "secret", secretName, "certificate", *certName)
 
 		// confirm that a service owns this cert
 		var cert cmapi.Certificate
@@ -97,7 +97,7 @@ func certFromSecretToInjectableMapFuncBuilder(cl client.Reader, log logr.Logger,
 func certToInjectableMapFuncBuilder(cl client.Reader, log logr.Logger, config setup) handler.MapFunc {
 	return func(ctx context.Context, obj client.Object) []ctrl.Request {
 		certName := types.NamespacedName{Namespace: obj.GetNamespace(), Name: obj.GetName()}
-		log = log.WithValues("type", config.resourceName, "certificate", certName)
+		log := log.WithValues("type", config.resourceName, "certificate", certName)
 		objs := config.listType.DeepCopyObject().(client.ObjectList)
 		if err := cl.List(ctx, objs, client.MatchingFields{injectFromPath: certName.String()}); err != nil {
 			log.Error(err, "unable to fetch injectables associated with certificate")
@@ -134,7 +134,7 @@ func certToInjectableMapFuncBuilder(cl client.Reader, log logr.Logger, config se
 func secretForInjectableMapFuncBuilder(cl client.Reader, log logr.Logger, config setup) handler.MapFunc {
 	return func(ctx context.Context, obj client.Object) []ctrl.Request {
 		secretName := types.NamespacedName{Namespace: obj.GetNamespace(), Name: obj.GetName()}
-		log = log.WithValues("type", config.resourceName, "secret", secretName)
+		log := log.WithValues("type", config.resourceName, "secret", secretName)
 		objs := config.listType.DeepCopyObject().(client.ObjectList)
 		// TODO: ensure that this is cache lister, not a direct client
 		if err := cl.List(ctx, objs, client.MatchingFields{injectFromSecretPath: secretName.String()}); err != nil {