To interact with your cluster externally, you'll almost certainly be using a web browser, and you'll almost certainly be wanting your browsing session to be SSL-secured. Some Ingress Controllers (i.e. Traefik) will include a default, self-signed, nasty old cert which will permit you to use SSL, but it's faaaar better to use valid certs.

This is a companion discussion topic for the original entry at https://geek-cookbook.funkypenguin.co.nz/kubernetes/ssl-certificates/cert-manager/

Thanks for this, there’s a display error with the last yaml file on the site but I managed to figure it out.

Unfortuntely for me, it just won’t deploy, I think it’s to do with the configmap-cert-manager-helm-chart-value-overrides.yaml file. I’ve copied the values in, but I get a security context error upon deployment.

Sorry about the delayed response - can you paste the error you get?

I’m loving these articles on Flux it has opened up a whole new way of working with K8s and k3s for me thanks.

However I am really struggling with turning values.yaml into configmaps. I needed several attempts with external-dns before I got things working.

I have now helm uninstalled cert-manager from my test cluster and I am trying to migrate to a flux based setup. Flux is telling me:

cert-manager helmrelease/cert-manager False False unable to read values from key ‘values.yaml’ in ConfigMap ‘cert-manager/cert-manager-helm-chart-value-overrides’: error converting YAML to JSON: yaml: line 230: did not find expected key

I have been using yamllint to check my yaml files but I cannot for the life of me find the problem with cert-manager ConfigMaps.

I can view the ConfigMaps that flux has created with lens. Line 230 according to lens is the annotations: {}, I simply took the raw GitHub of values.yaml for the helm chart and pasted it in to your template:

  ## @param service.type Sealed Secret service type
  type: ClusterIP
  ## @param service.port Sealed Secret service HTTP port
  port: 8080
  ## @param service.nodePort Node port for HTTP
  ## Specify the nodePort value for the LoadBalancer and NodePort service types
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
  ## NOTE: choose port between <30000-32767>
  nodePort: ""
  ## @param service.annotations [object] Additional custom annotations for Sealed Secret service
  annotations: {}
## Sealed Secret ingress parameters
## ref: http://kubernetes.io/docs/user-guide/ingress/

Is there an easy way to insert values.yaml into a ConfigMap for this to work?