feat(base-cluster/cert-manager): enableCertificateOwnerRef#1653
Merged
Conversation
That way secrets are automatically cleaned up when the corresponding Certificate is deleted
cwrau
requested review from
marvinWolff,
tasches and
teutonet-bot
as code owners
WalkthroughThe cert-manager HelmRelease manifest in the base-cluster chart was updated to include the Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Suggested labels
Suggested reviewers
Poem
Note ⚡️ Unit Test Generation is now available in beta!Learn more here, or try it out under "Finishing Touches" below. ✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Pull Request Overview
This PR enables automatic cleanup of certificate-related secrets in cert-manager by setting the enableCertificateOwnerRef configuration option to true. This ensures that when a Certificate resource is deleted, the corresponding secret containing the certificate data is automatically removed as well.
- Enables
enableCertificateOwnerReffeature in cert-manager configuration
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
charts/base-cluster/templates/cert-manager/cert-manager.yaml(1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: in the teutonet-helm-charts base-cluster chart, secret names like "external-dns" for cloudflare prov...
Learnt from: cwrau
PR: teutonet/teutonet-helm-charts#1601
File: charts/base-cluster/templates/dns/external-dns.yaml:33-39
Timestamp: 2025-07-24T09:56:41.380Z
Learning: In the teutonet-helm-charts base-cluster chart, secret names like "external-dns" for Cloudflare provider are intentionally hard-coded. Users who need custom secret names should use Helm's `valuesFrom` feature to override values rather than expecting dedicated fields in values.yaml. This design keeps the values.yaml clean while still allowing full customization flexibility.
Applied to files:
charts/base-cluster/templates/cert-manager/cert-manager.yaml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: lint helm chart (base-cluster)
- GitHub Check: check licenses
marvinWolff
approved these changes
Aug 7, 2025
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Aug 15, 2025
🤖 I have created a release *beep* *boop* --- ## [9.2.0](base-cluster-v9.1.1...base-cluster-v9.2.0) (2025-08-14) ### Features * **base-cluster/cert-manager:** enableCertificateOwnerRef ([#1653](#1653)) ([283d86f](283d86f)) * **base-cluster/cert-manager:** use oci repository ([#1650](#1650)) ([ef6382d](ef6382d)) * **base-cluster/kyverno:** enable policyExceptions for kyverno ([#1655](#1655)) ([2029bcb](2029bcb)) ### Bug Fixes * **base-cluster/certificates:** certificate for `baseDomain` is not used ([#1644](#1644)) ([6a3ccae](6a3ccae)) * **base-cluster/dns:** only deploy external-dns HelmRepository if needed ([#1645](#1645)) ([7d313f2](7d313f2)) * **base-cluster/ingress-nginx:** set a couple of timeouts in the loadbalancer to the maximum value ([#1571](#1571)) ([bc6fe78](bc6fe78)) * **base-cluster/monitoring:** remove versions from datasources so they always take precedence ([#1651](#1651)) ([6821ed8](6821ed8)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Cert-manager: option to set certificate owner references. - Cert-manager: support for pulling from an OCI repository. - Kyverno: ability to enable policy exceptions. - Bug Fixes - Corrected use of the base domain certificate. - External DNS repository now created only when required. - Ingress load balancer timeouts set to maximum to prevent premature terminations. - Monitoring datasources prioritized by removing version pinning. - Chores - Bumped base-cluster chart to 9.2.0 and updated release notes. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
This was referenced Nov 28, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
That way secrets are automatically cleaned up when the corresponding Certificate is deleted
Summary by CodeRabbit