feat(cert-manager): upgrade to v1.20.2 and enable Gateway API support (#150)

## Summary

- Upgrades cert-manager from v1.19.2 to v1.20.2
- Enables `enableGatewayAPI: true` via the `ControllerConfiguration` config block

## Why

cert-manager's Gateway API integration was not enabled. Without it, `cert-manager.io/*` annotations on Gateway resources are ignored and no certificates are issued. This is required for the consul and vault PRs (#148, #149) to have their TLS certs automatically provisioned from their Gateway annotations.

In v1.20.2, `ExperimentalGatewayAPISupport` is BETA and defaults to true — enabling `enableGatewayAPI` in the controller config activates the gateway-shim controller.

## Test plan

- [ ] cert-manager rolls out cleanly (v1.20.2 pods become Ready)
- [ ] After rollout, existing Gateway-annotated services (artifactapi, puppet, litellm) retain valid certs
- [ ] New Gateway resources with `cert-manager.io/cluster-issuer` annotations trigger Certificate creation

Reviewed-on: #150
This commit was merged in pull request #150.
This commit is contained in:
2026-05-23 22:38:39 +10:00
parent 6d9530b1ee
commit bcd4c1a722
2 changed files with 6 additions and 1 deletions
@@ -8,7 +8,7 @@ resources:
helmCharts:
- name: cert-manager
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
version: "v1.19.2"
version: "v1.20.2"
releaseName: cert-manager
namespace: cert-manager
valuesFile: values.yaml
@@ -1,6 +1,11 @@
crds:
enabled: true
config:
apiVersion: controller.config.cert-manager.io/v1alpha1
kind: ControllerConfiguration
enableGatewayAPI: true
replicaCount: 2
resources: