# infrastructure/cert-manager/helmrelease.yaml apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager namespace: cert-manager spec: interval: 30m chart: spec: chart: cert-manager version: v1.17.0 sourceRef: kind: HelmRepository name: jetstack namespace: flux-system install: crds: CreateReplace remediation: { retries: 3 } timeout: 10m upgrade: crds: CreateReplace remediation: retries: 3 remediateLastFailure: true cleanupOnFail: true timeout: 10m values: installCRDs: true extraArgs: - --acme-http01-solver-nameservers=1.1.1.1:53,8.8.8.8:53 nodeSelector: node-role.kubernetes.io/worker: "true" affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: atlas.bstein.dev/spillover operator: DoesNotExist - weight: 95 preference: matchExpressions: - key: kubernetes.io/hostname operator: NotIn values: - titan-13 - titan-15 - titan-17 - titan-19 - weight: 90 preference: matchExpressions: - key: hardware operator: In values: - rpi5 - weight: 50 preference: matchExpressions: - key: hardware operator: In values: - rpi4 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: - rpi5 - rpi4 webhook: nodeSelector: node-role.kubernetes.io/worker: "true" affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: atlas.bstein.dev/spillover operator: DoesNotExist - weight: 95 preference: matchExpressions: - key: kubernetes.io/hostname operator: NotIn values: - titan-13 - titan-15 - titan-17 - titan-19 - weight: 90 preference: matchExpressions: - key: hardware operator: In values: - rpi5 - weight: 50 preference: matchExpressions: - key: hardware operator: In values: - rpi4 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: - rpi5 - rpi4 cainjector: nodeSelector: node-role.kubernetes.io/worker: "true" affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: atlas.bstein.dev/spillover operator: DoesNotExist - weight: 95 preference: matchExpressions: - key: kubernetes.io/hostname operator: NotIn values: - titan-13 - titan-15 - titan-17 - titan-19 - weight: 90 preference: matchExpressions: - key: hardware operator: In values: - rpi5 - weight: 50 preference: matchExpressions: - key: hardware operator: In values: - rpi4 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: - rpi5 - rpi4