Skip to content

cert-manager

Certificate management operator installation and site-specific cert-manager configuration.

Deployment Scope

  • Cluster scope: global or site
  • Values keys: global.cert_manager, site.cert_manager
  • ArgoCD Application template: charts/argocd-understack/templates/application-cert-manager.yaml

How ArgoCD Builds It

  • ArgoCD renders Helm chart cert-manager.
  • The current template does not read a deploy-repo values.yaml for this component.
  • The current template does not apply a deploy-repo overlay directory for this component.

How to Enable

Enable this component by setting one or both options under the scope that matches your deployment model:

$CLUSTER_NAME/deploy.yaml
global:
  cert_manager:
    installApp: true
site:
  cert_manager:
    installApp: true

Options

Key Default Description
installApp false Deploy the cert-manager Helm chart
installConfigs false Deploy site-specific cert-manager configs from the deploy repo

To use an externally-managed cert-manager installation while still deploying your site's cert-manager resources:

$CLUSTER_NAME/deploy.yaml
global:
  cert_manager:
    installApp: false
    installConfigs: true

Deployment Repo Content

Use any secret delivery mechanism you prefer. The contract that matters is the final Kubernetes Secret or manifest shape described below.

When installConfigs: true, the Application reads from:

$DEPLOY_REPO/<cluster-name>/cert-manager/

Required or commonly required items:

  • None required. With installApp: true the chart is installed with inline values and does not consume deploy-repo content.

Optional additions:

  • For ClusterIssuer and Issuer resources, prefer the dedicated cluster-issuer component.
  • Other cert-manager configuration resources can be placed in the cert-manager/ deploy-repo path when installConfigs: true.