Helm ArgoCD does not take into account values cert-manager

[isantospardo]

Describe the bug: Helm ArgoCD does not install cert-manager CRDs when specifying installCRDs: true

I have tried the following setup

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cert-manager
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: openshift-cert-manager
    server: https://kubernetes.default.svc
  project: default
  # tried workaround https://github.com/argoproj/argo-cd/issues/2239
  ignoreDifferences:
  - group: apiextensions.k8s.io
    jsonPointers:
    - /status
    kind: CustomResourceDefinition
    name: certificaterequests.cert-manager.io
  - group: apiextensions.k8s.io
    jsonPointers:
    - /status
    kind: CustomResourceDefinition
    name: certificates.cert-manager.io
  - group: apiextensions.k8s.io
    jsonPointers:
    - /status
    kind: CustomResourceDefinition
    name: challenges.cert-manager.io
  - group: apiextensions.k8s.io
    jsonPointers:
    - /status
    kind: CustomResourceDefinition
    name: challenges.acme.cert-manager.io
  - group: apiextensions.k8s.io
    jsonPointers:
    - /status
    kind: CustomResourceDefinition
    name: clusterissuers.cert-manager.io
  - group: apiextensions.k8s.io
    jsonPointers:
    - /status
    kind: CustomResourceDefinition
    name: issuers.cert-manager.io
  - group: apiextensions.k8s.io
    jsonPointers:
    - /status
    kind: CustomResourceDefinition
    name: orders.acme.cert-manager.io
  source:
    repoURL: {{ .Values.repoURL }}
    path: deploy/charts/cert-manager
    targetRevision: {{ .Values.targetRevision | quote }}
    helm:
      values: |
        ##
        ## Default values for openshift-cert-manager.
        ## This is a YAML-formatted file.
        ## Declare variables to be passed into your templates.
        ##
        global:
          leaderElection:
            # Override the namespace used to store the ConfigMap for leader election
            namespace: "openshift-cert-manager"
        installCRDs: true
        image:
          repository: "{{ .Values.controller.image }}"
          tag: "{{ .Values.controller.tag }}"
          pullPolicy: IfNotPresent

        # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer
        # resources. This namespace will not be automatically created by the Helm chart.
        clusterResourceNamespace: "openshift-cert-manager"

        webhook:
          image:
            repository: "{{ .Values.webhook.image }}"
            tag: "{{ .Values.webhook.tag }}"
            pullPolicy: IfNotPresent

        cainjector:
          image:
            repository: "{{ .Values.cainjector.image }}"
            tag: "{{ .Values.cainjector.tag }}"
            pullPolicy: IfNotPresent
        ##
        ## End of additional cert-manager resource settings.
        ##
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Also I have tried without ignoreDifferences but it seems the CRDs are never installed. I also see the following error in the cainjector pod

cert-manager/controller-runtime/source "msg"="if kind is a CRD, it should be installed before calling Start" "error"="no matches for kind \"Certificate\" in version \"cert-manager.io/v1alpha2\""  "kind"={"Group":"cert-manager.io","Kind":"Certificate"}

In any case, a workaround is to install the CRDs manually by executing:

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.16.1/cert-manager.crds.yaml

Also, installing the helm chart manually it success and install all the CRDs corrently

$ helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v0.16.1 \
  --set installCRDs=true

Expected behaviour: The CRDs should be automatically installed when adding installCRDs: true in the values file

Environment details::

• cert-manager version: v.0.16.1
• ArgoCD version: v1.6.1+1
• Install method: ArgoCD + helm

I am not sure it is a bug in ArgoCD, but as far as I can see the helm install command works as expected, so I guess specifying the values in an ArgoCD application should make it work also. Any help is appreciated.

/kind bug

[isantospardo]

Working with cert-manager v0.15.2 and ArgoCD with latest version due to: https://cert-manager.io/docs/installation/upgrading/upgrading-0.15-0.16/#helm and https://github.com/argoproj/argo-cd/issues/3998#issuecomment-665274896

[bobbywatson3]

Wait, is that a real solution? I can't get this to work with cert-manager v1.1.0. I don't want to have to pin cert-manager to v0.15.2 in order to make this work. cert-manager is currently on 1.1.0 with 1.2.0 coming soon.

[isantospardo]

We fixed it for 0.15, but it should be good if you are running 1.1.0, you can check this , if you accomplish the requirements.

[bobbywatson3]

I don't understand what "accomplish the requirements" means. That link says that helm and kubectl must be above a certain version. Helm and kubectl are installed as a part of argocd, and run from argocd. I am running the latest version of argocd. Does it not include Helm >= 3.3.1?

[jaredmcqueen]

I still can't get working with latest and greatest argocd. Helm shows as version: version.BuildInfo{Version:"v3.6.0", GitCommit:"7f2df6467771a75f5646b7f12afb408590ed1755", GitTreeState:"clean", GoVersion:"go1.16.3"} still will not install CRDs for cert-manager

[qtheya]

I still can't get working with latest and greatest argocd. Helm shows as version: version.BuildInfo{Version:"v3.6.0", GitCommit:"7f2df6467771a75f5646b7f12afb408590ed1755", GitTreeState:"clean", GoVersion:"go1.16.3"} still will not install CRDs for cert-manager

https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml#L42 Try to set it to True.

[artem-zherdiev-ingio]

Hi, we still get this error. Cert manager is v1.10.0 ArgoCD is v2.4.11+3d9e9f2 Helm is v3.8.1 values installCRDs: true

Chart.yml dependencies:

• name: cert-manager version: v1.10.0 repository: https://charts.jetstack.io

How to fix it?

UPD. As workaround, you may download crds to your chart templates folder with your version from https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.crds.yaml, and set/keep installCRDs: false in values.

UPD2. It is not argocd, it is helm, just add your values configuration to right name of subchart. https://helm.sh/docs/chart_template_guide/subcharts_and_globals/

cert-manager: installCRDs: true

[yordis]

Hey there, I have the following ArgoCD app manifest, and it is failing to install the CRDs

---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cert-manager
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: platform
  destination:
    namespace: cert-manager
    server: https://kubernetes.default.svc
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
      allowEmpty: true
    syncOptions:
      - CreateNamespace=true
  source:
    repoURL: https://charts.jetstack.io
    chart: cert-manager
    targetRevision: "v1.12.2"
    helm:
      valuesObject:
        installCRDs: true
        ingressShim:
          defaultIssuerName: letsencrypt-prod
          defaultIssuerKind: ClusterIssuer
        global:
          leaderElection:
            namespace: cert-manager

Any idea of what could be?

[caerulescens]

I thought this issue regressed while solving a different problem, and I can confirm that ArgoCD starts cert-manager correctly;

• argocd: 5.49.0 (helm, current latest)
• istio (base, ingress, istiod): 1.18.0 (helm, current latest)
• cert-manager: 1.13.2 (helm, current latest)

ArgoCD + istio + cert-manager network boots correctly, and routes signed traffic using sidecar proxies as expected.

[itobey]

I've had the same issue with Cert-Manager 1.15.3 using ArgoCD v2.12.3+6b9cd82 on K3s v1.30.4+k3s1 For some reason I had to use it like this, for it to work:

    helm:
      parameters:
        - name: installCRDs
          value: "true"

These both ways to define the property did not work:

    helm:
      valuesObject:
        installCRDs: true

    helm:
      values: |
        installCRDs: true