# cert-manager, installed via the k3s built-in Helm controller
# (helm.cattle.io/v1). k3s watches HelmChart resources in any namespace and
# runs a `helm install` Job for them — no Helm CLI needed on your laptop.
#
# The chart installs its own CRDs (crds.enabled=true). Apply this first and
# wait for the cert-manager pods to be Running/Ready before applying the
# ClusterIssuers (cluster-issuer.yaml) — the issuers need the CRDs + webhook.
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: cert-manager
  namespace: kube-system
spec:
  repo: https://charts.jetstack.io
  chart: cert-manager
  # Pin a version; bump to the latest stable when you upgrade.
  version: v1.16.2
  targetNamespace: cert-manager
  createNamespace: true
  valuesContent: |-
    crds:
      enabled: true
    # Single-node box — keep the footprint modest.
    resources:
      requests:
        cpu: 10m
        memory: 64Mi
    webhook:
      resources:
        requests:
          cpu: 10m
          memory: 32Mi
    cainjector:
      resources:
        requests:
          cpu: 10m
          memory: 64Mi