From 22ce5fd6f4e82b4f3bfa9e9d8f465e36786ab590 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sun, 29 Mar 2026 22:36:30 +0000
Subject: [PATCH] feat: Add cert-manager as dependency for Rancher

Rancher requires cert-manager when managing its own TLS (not tls:external).
Added cert-manager HelmRelease with CRDs enabled.
---
 .../helmrelease-cert-manager.yaml             | 34 +++++++++++++++++++
 .../helmrepository-cert-manager.yaml          |  8 +++++
 .../addons/cert-manager/kustomization.yaml    |  6 ++++
 .../addons/cert-manager/namespace.yaml        |  6 ++++
 .../addons/kustomization-cert-manager.yaml    | 15 ++++++++
 .../addons/kustomization-rancher.yaml         |  1 +
 infrastructure/addons/kustomization.yaml      |  1 +
 7 files changed, 71 insertions(+)
 create mode 100644 infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml
 create mode 100644 infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml
 create mode 100644 infrastructure/addons/cert-manager/kustomization.yaml
 create mode 100644 infrastructure/addons/cert-manager/namespace.yaml
 create mode 100644 infrastructure/addons/kustomization-cert-manager.yaml

diff --git a/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml b/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml
new file mode 100644
index 0000000..040b77d
--- /dev/null
+++ b/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml
@@ -0,0 +1,34 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 10m
+  targetNamespace: cert-manager
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.17.2"
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    crds:
+      enabled: true
+    replicaCount: 1
+    resources:
+      requests:
+        cpu: 50m
+        memory: 128Mi
+      limits:
+        cpu: 250m
+        memory: 256Mi
diff --git a/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml b/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml
new file mode 100644
index 0000000..e842402
--- /dev/null
+++ b/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io
diff --git a/infrastructure/addons/cert-manager/kustomization.yaml b/infrastructure/addons/cert-manager/kustomization.yaml
new file mode 100644
index 0000000..8241aa2
--- /dev/null
+++ b/infrastructure/addons/cert-manager/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - helmrepository-cert-manager.yaml
+  - helmrelease-cert-manager.yaml
diff --git a/infrastructure/addons/cert-manager/namespace.yaml b/infrastructure/addons/cert-manager/namespace.yaml
new file mode 100644
index 0000000..af4446e
--- /dev/null
+++ b/infrastructure/addons/cert-manager/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/infrastructure/addons/kustomization-cert-manager.yaml b/infrastructure/addons/kustomization-cert-manager.yaml
new file mode 100644
index 0000000..26784ee
--- /dev/null
+++ b/infrastructure/addons/kustomization-cert-manager.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: addon-cert-manager
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: platform
+  path: ./infrastructure/addons/cert-manager
+  wait: true
+  timeout: 10m
+  suspend: false
diff --git a/infrastructure/addons/kustomization-rancher.yaml b/infrastructure/addons/kustomization-rancher.yaml
index e27a983..77e8911 100644
--- a/infrastructure/addons/kustomization-rancher.yaml
+++ b/infrastructure/addons/kustomization-rancher.yaml
@@ -17,3 +17,4 @@ spec:
     - name: addon-tailscale-operator
     - name: addon-tailscale-proxyclass
     - name: addon-external-secrets
+    - name: addon-cert-manager
diff --git a/infrastructure/addons/kustomization.yaml b/infrastructure/addons/kustomization.yaml
index 4e28573..5deb9b0 100644
--- a/infrastructure/addons/kustomization.yaml
+++ b/infrastructure/addons/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
   - kustomization-ccm.yaml
   - kustomization-csi.yaml
   - kustomization-external-secrets.yaml
+  - kustomization-cert-manager.yaml
   - kustomization-tailscale-operator.yaml
   - kustomization-tailscale-proxyclass.yaml
   - traefik