cert-manager chart as new gamma app

[jterzis]

Create using helm create cert-manager initially. Chart.yaml and values.yaml updated for concrete values expected to run cert-manager in a GKE cluster.

Update 1/30/25:

• updated with ClusterIssuer CRDs (staging, prod) pointing to lets encrypt api using http01 verification.

Will (subsequent to testing on gke_hnt-argo-cd_us-central1_argo-cd-cluster-1 cluster) redeploy ClusterIssuer issuers using dns verification which seems to be more impervious to attacks and can support wildcard certs.

Once this is deployed by argoCD (cert-manager and Issuers), services should be able to request TLS certs by updating their Ingress resources with appropriate labels (see kuard test service below as an example):

➜  kerem-argocd-test git:(jt/cert-manager) kubectl get ingress kuard -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  creationTimestamp: "2025-01-28T23:26:27Z"
  generation: 1
  name: kuard
  namespace: default
  resourceVersion: "29366014"
  uid: 4ace6117-f04c-40fa-b6a7-50c6300183e2
spec:
  ingressClassName: nginx
  rules:
  - host: test-alb.towns.com
    http:
      paths:
      - backend:
          service:
            name: kuard
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - test-alb.towns.com
    secretName: quickstart-example-tls
status:
  loadBalancer:
    ingress:
    - ip: 34.57.90.111
    ```