From d52d335853bd35bce9446ff5a2a175b346c32c84 Mon Sep 17 00:00:00 2001 From: OdooSky v3 Date: Mon, 4 May 2026 13:50:37 +0300 Subject: [PATCH] feat(slice 2B.1.2): disable startupapicheck PostSync hook (chart 0.5.6) --- Chart.yaml | 4 ++-- values.yaml | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 17a40ff..43d4cdd 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -23,8 +23,8 @@ description: | Git). type: application -version: 0.5.5 -appVersion: "0.5.5" +version: 0.5.6 +appVersion: "0.5.6" dependencies: - name: cert-manager diff --git a/values.yaml b/values.yaml index 7927e57..7eaae0a 100644 --- a/values.yaml +++ b/values.yaml @@ -69,6 +69,21 @@ cert-manager: crds: enabled: false keep: false # ignored when enabled=false + # startupapicheck — disabled (Slice 2B.1.2, 2026-05-04). The + # subchart includes a Job that runs as a PostSync hook and tries + # to verify cert-manager's API is responsive by issuing a test + # cert through it. Two real costs once cert-manager is proven on + # the platform: + # 1. The Job's PostSync hook gates Argo's sync from completing. + # On every chart sync (not just install), Argo waits for the + # Job to succeed before flipping the App to Synced. + # 2. When the wildcard Cert is in error (e.g. LE rate limit), + # the Job adds even more retry overhead — Argo loops forever. + # We're not adopting cert-manager fresh — every connect ships the + # same proven version, the install API surface is stable. The + # check is dead-weight that masks the actual install timing. + startupapicheck: + enabled: false # traefik — upstream chart. LoadBalancer Service so the customer's # k3s servicelb maps :80/:443 to the host. Tower currently doesn't