bcd4c1a722
## Summary - Upgrades cert-manager from v1.19.2 to v1.20.2 - Enables `enableGatewayAPI: true` via the `ControllerConfiguration` config block ## Why cert-manager's Gateway API integration was not enabled. Without it, `cert-manager.io/*` annotations on Gateway resources are ignored and no certificates are issued. This is required for the consul and vault PRs (#148, #149) to have their TLS certs automatically provisioned from their Gateway annotations. In v1.20.2, `ExperimentalGatewayAPISupport` is BETA and defaults to true — enabling `enableGatewayAPI` in the controller config activates the gateway-shim controller. ## Test plan - [ ] cert-manager rolls out cleanly (v1.20.2 pods become Ready) - [ ] After rollout, existing Gateway-annotated services (artifactapi, puppet, litellm) retain valid certs - [ ] New Gateway resources with `cert-manager.io/cluster-issuer` annotations trigger Certificate creation Reviewed-on: #150
35 lines
485 B
YAML
35 lines
485 B
YAML
crds:
|
|
enabled: true
|
|
|
|
config:
|
|
apiVersion: controller.config.cert-manager.io/v1alpha1
|
|
kind: ControllerConfiguration
|
|
enableGatewayAPI: true
|
|
|
|
replicaCount: 2
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 0
|
|
maxUnavailable: 1
|
|
|
|
webhook:
|
|
replicaCount: 2
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
|
|
cainjector:
|
|
replicaCount: 2
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|