cert-manager
X.509 certificate management for Kubernetes using Let's Encrypt.
Upstream
The upstream/cert-manager.yaml file is downloaded from the official cert-manager release:
- Source: https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.yaml
- Version: v1.17.2
To update, download the new version and replace the file.
DNS Configuration
The upstream cert-manager deployment is patched via kustomize overlay (upstream/kustomization.yaml) to use external DNS resolvers (1.1.1.1, 8.8.8.8) instead of cluster DNS. This is required for ACME DNS-01 challenge verification.
Maintenance
The scripts/repair-certificates.sh script can fix stuck certificates, orphaned ACME orders, and Cloudflare DNS cleanup errors. Run it manually when certificate issuance has issues.