cert-manager — BRAC POC tools

Quick facts

Role: Certificate issuance, renewal, secret materialisation
ClusterIssuers: Shipped from shared/cluster-issuers/
DNS-01 solver: webhook-pdns against the lab PowerDNS

What it is

Standard cert-manager install per cluster. ClusterIssuers are defined once in shared/cluster-issuers/ and applied to both clusters. Certificates issued for *.apps.sub.comptech-lab.com use DNS-01 via the webhook-pdns plugin.

Architecture

Add diagrams or topology notes here — how this component sits relative to DC/DR, what replicates, and what speaks to it. Mermaid blocks render as plain text today; embed images under /assets/ when needed.

Configuration

Add chart values overrides, important env vars, OIDC client config, secret references. Link to the source files in infra/gitops-rke2 rather than copying YAML wholesale — the repo is the source of truth.

Operations

Add runbook notes: backup, restore, common troubleshooting, dashboards, on-call cheatsheet entries.

Failover

Add DC/DR cutover/cutback notes: edge HAProxy backend name, healthcheck path, measured cutover/cutback times, smoke-test commands.

References

Add upstream chart / project links, ADR refs, MR links, and cross-references to other tools in this catalogue.