cert-manager to argo kustomize helm

2025-06-18 17:41:50 +03:00
parent 28daa56bad
commit aab40b012d
9 changed files with 41 additions and 25 deletions
--- a/cert-manager/.gitignore
+++ b/cert-manager/.gitignore
@@ -1 +0,0 @@
-cert-manager.yaml
--- a/cert-manager/README.md
+++ b/cert-manager/README.md
@@ -7,7 +7,7 @@ Refer to the [Bind primary Ansible playbook](https://git.k-space.ee/k-space/ansi
 [Bind namespace on Kubernetes cluster](https://git.k-space.ee/k-space/kube/src/branch/master/bind)
 for more details

-# For user
+# For developer

 Use `Certificate` CRD of cert-manager, refer to
 [official documentation](https://cert-manager.io/docs/usage/certificate/).
@@ -15,23 +15,14 @@ Use `Certificate` CRD of cert-manager, refer to
 To find usage examples in this repository use
 `grep -r -A10 "^kind: Certificate" .`

-# For administrator
+# Deployment
+With ArgoCD. Render it locally:

-Deployed with:
-
-```
-curl -L https://github.com/jetstack/cert-manager/releases/download/v1.15.1/cert-manager.yaml -O
-kubectl apply -f cert-manager.yaml
-```
-
-To update the issuer configuration or TSIG secret:
-
-```
-kubectl apply -f default-issuer.yml
- kubectl -n cert-manager create secret generic tsig-secret \
-    --from-literal=TSIG_SECRET=<secret>
+```sh
+kustomize build . --enable-helm
 ```

+## Webhook timeout
 Workaround for webhook timeout issue https://github.com/jetstack/cert-manager/issues/2602
 It's not very clear why this is happening, deserves further investigation - presumably Calico related somehow:

--- a/cert-manager/default-cluster-cert-issuer.yaml
+++ b/cert-manager/default-cluster-cert-issuer.yaml
@@ -9,7 +9,7 @@ spec:
    email: info@k-space.ee
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
-      name: default-cluster-cert-issuer-accountKey # auto-generated by cert-manager
+      name: example-issuer-account-key # auto-generated by cert-manager
    solvers:
      - dns01:
          rfc2136:
--- a/cert-manager/kustomization.yaml
+++ b/cert-manager/kustomization.yaml
@@ -9,7 +9,12 @@ helmCharts:
  name: &name cert-manager
  releaseName: *name
  repo: https://charts.jetstack.io
-  version: v1.15.1
+  valuesInline:
+    namespace: *name
+    global:
+      leaderElection:
+        namespace: *name
+  version: v1.18.1

 resources:
 - ssh://git@git.k-space.ee/secretspace/kube/cert-manager # secrets (.env): tsig-secret