From bcd4c1a7227a4d8083536e2cc186d64672edede5 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 23 May 2026 22:38:39 +1000 Subject: [PATCH] feat(cert-manager): upgrade to v1.20.2 and enable Gateway API support (#150) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary - Upgrades cert-manager from v1.19.2 to v1.20.2 - Enables `enableGatewayAPI: true` via the `ControllerConfiguration` config block ## Why cert-manager's Gateway API integration was not enabled. Without it, `cert-manager.io/*` annotations on Gateway resources are ignored and no certificates are issued. This is required for the consul and vault PRs (#148, #149) to have their TLS certs automatically provisioned from their Gateway annotations. In v1.20.2, `ExperimentalGatewayAPISupport` is BETA and defaults to true — enabling `enableGatewayAPI` in the controller config activates the gateway-shim controller. ## Test plan - [ ] cert-manager rolls out cleanly (v1.20.2 pods become Ready) - [ ] After rollout, existing Gateway-annotated services (artifactapi, puppet, litellm) retain valid certs - [ ] New Gateway resources with `cert-manager.io/cluster-issuer` annotations trigger Certificate creation Reviewed-on: https://git.unkin.net/unkin/argocd-apps/pulls/150 --- apps/overlays/au-syd1/cert-manager/kustomization.yaml | 2 +- apps/overlays/au-syd1/cert-manager/values.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/overlays/au-syd1/cert-manager/kustomization.yaml b/apps/overlays/au-syd1/cert-manager/kustomization.yaml index 4e75143..32bba4c 100644 --- a/apps/overlays/au-syd1/cert-manager/kustomization.yaml +++ b/apps/overlays/au-syd1/cert-manager/kustomization.yaml @@ -8,7 +8,7 @@ resources: helmCharts: - name: cert-manager repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm - version: "v1.19.2" + version: "v1.20.2" releaseName: cert-manager namespace: cert-manager valuesFile: values.yaml diff --git a/apps/overlays/au-syd1/cert-manager/values.yaml b/apps/overlays/au-syd1/cert-manager/values.yaml index 16a91a0..7dd96da 100644 --- a/apps/overlays/au-syd1/cert-manager/values.yaml +++ b/apps/overlays/au-syd1/cert-manager/values.yaml @@ -1,6 +1,11 @@ crds: enabled: true +config: + apiVersion: controller.config.cert-manager.io/v1alpha1 + kind: ControllerConfiguration + enableGatewayAPI: true + replicaCount: 2 resources: