feat: Add cert-manager as dependency for Rancher

Rancher requires cert-manager when managing its own TLS (not tls:external). Added cert-manager HelmRelease with CRDs enabled.
2026-03-29 22:36:30 +00:00
parent afb1782d38
commit 22ce5fd6f4
7 changed files with 71 additions and 0 deletions
--- a/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml
+++ b/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml
@@ -0,0 +1,34 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 10m
+  targetNamespace: cert-manager
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.17.2"
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    crds:
+      enabled: true
+    replicaCount: 1
+    resources:
+      requests:
+        cpu: 50m
+        memory: 128Mi
+      limits:
+        cpu: 250m
+        memory: 256Mi
--- a/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml
+++ b/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io
--- a/infrastructure/addons/cert-manager/kustomization.yaml
+++ b/infrastructure/addons/cert-manager/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - helmrepository-cert-manager.yaml
+  - helmrelease-cert-manager.yaml
--- a/infrastructure/addons/cert-manager/namespace.yaml
+++ b/infrastructure/addons/cert-manager/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
--- a/infrastructure/addons/kustomization-cert-manager.yaml
+++ b/infrastructure/addons/kustomization-cert-manager.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: addon-cert-manager
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: platform
+  path: ./infrastructure/addons/cert-manager
+  wait: true
+  timeout: 10m
+  suspend: false
--- a/infrastructure/addons/kustomization-rancher.yaml
+++ b/infrastructure/addons/kustomization-rancher.yaml
@@ -17,3 +17,4 @@ spec:
    - name: addon-tailscale-operator
    - name: addon-tailscale-proxyclass
    - name: addon-external-secrets
+    - name: addon-cert-manager
--- a/infrastructure/addons/kustomization.yaml
+++ b/infrastructure/addons/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
  - kustomization-ccm.yaml
  - kustomization-csi.yaml
  - kustomization-external-secrets.yaml
+  - kustomization-cert-manager.yaml
  - kustomization-tailscale-operator.yaml
  - kustomization-tailscale-proxyclass.yaml
  - traefik