Cert Manager - TLS via ArgoCD # What We Built # This doc covers the learning exercise: deploying cert-manager as a manually applied ArgoCD Application, creating a self-signed CA issuer, and enabling TLS for eu-dev services via values file changes.
Current approach: in eu-dev-rancher, cert-manager is managed as wave 0 in the sync wave sequence - no manual kubectl apply needed. The config/cert-manager/ ClusterIssuer manifests used here are reused as-is by eu-dev-rancher. See docs/09-sync-waves-cluster-complete.md.
Sync Waves: Cluster-Complete Bootstrap # What This Covers # How to bootstrap a fully self-contained cluster environment - cert-manager, Traefik, ArgoCD ingress, and services - using ArgoCD sync waves, with a single kubectl apply as the only manual step after ArgoCD itself is installed.
What Are Sync Waves? # ArgoCD processes resources in a sync operation in wave order. Each wave must reach Healthy before the next wave starts.
Gateway API: HTTPRoute + Gateway on eu-dev-rancher # What This Covers # Why Kubernetes Gateway API supersedes Ingress, how to set it up with Traefik, and how to deploy a service (svc3) using HTTPRoute instead of Ingress. Also covers the repo restructure that introduced platform/ as the home for shared cross-cutting config.
Repo Structure and Naming Conventions # What This Covers # Why the repo uses infra/ and apps/ as separate layers, what each folder contains, how ArgoCD connects them, and the real-world naming rationale behind these conventions.
The Two-Layer Problem # After adding cert-manager and Gateway API, the repo had two folders both called platform/: