Tips¶

Pod identity agent¶

Para poder usar AWS Pod identity agent en un issuer es necesario habilitar en el controller

--issuer-ambient-credentials

Para cluster issuer viene habilitado por defecto

Para poder usarlo es posible que necesites una version mas reciente de cert-manager. En 1.12 no parece funcionar

Let cert manager to manage the certificates. Other ways can cause argocd sync and webhook certificates fail

By default cert-manager does not remove a secret when the certificate is removed. We can enable it with the following controller option:

--enable-certificate-owner-ref

For example, deleting an ingress resource removes the certificate. With this setting, also the secret

This setting makes the certificate resource as an owner of secret where the tls certificate is stored.