From 78aaf8be1e30017ddea38f6bbbe07e6113533045 Mon Sep 17 00:00:00 2001
From: Philip Haupt <“der.mad.mob@gmail.com”>
Date: Sun, 9 Nov 2025 14:44:22 +0100
Subject: [PATCH] leaderElection fix

---
 certmanager/main.yaml       | 116 ++++++++++++++++++------------------
 certmanager/src/values.yaml |   2 +-
 2 files changed, 59 insertions(+), 59 deletions(-)

diff --git a/certmanager/main.yaml b/certmanager/main.yaml
index 88433f0..1545fc3 100644
--- a/certmanager/main.yaml
+++ b/certmanager/main.yaml
@@ -13143,6 +13143,38 @@ metadata:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+metadata:
+  labels:
+    app: cainjector
+    app.kubernetes.io/component: cainjector
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: cainjector
+    app.kubernetes.io/version: v1.19.1
+    helm.sh/chart: cert-manager-v1.19.1
+  name: cert-manager-cainjector:leaderelection
+  namespace: cert-manager
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - cert-manager-cainjector-leader-election
+  - cert-manager-cainjector-leader-election-core
+  resources:
+  - leases
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
 metadata:
   annotations:
     helm.sh/hook: post-install
@@ -13223,38 +13255,6 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
-metadata:
-  labels:
-    app: cainjector
-    app.kubernetes.io/component: cainjector
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: cainjector
-    app.kubernetes.io/version: v1.19.1
-    helm.sh/chart: cert-manager-v1.19.1
-  name: cert-manager-cainjector:leaderelection
-  namespace: kube-system
-rules:
-- apiGroups:
-  - coordination.k8s.io
-  resourceNames:
-  - cert-manager-cainjector-leader-election
-  - cert-manager-cainjector-leader-election-core
-  resources:
-  - leases
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
 metadata:
   labels:
     app: cert-manager
@@ -13265,7 +13265,7 @@ metadata:
     app.kubernetes.io/version: v1.19.1
     helm.sh/chart: cert-manager-v1.19.1
   name: cert-manager:leaderelection
-  namespace: kube-system
+  namespace: cert-manager
 rules:
 - apiGroups:
   - coordination.k8s.io
@@ -13962,6 +13962,28 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
+metadata:
+  labels:
+    app: cainjector
+    app.kubernetes.io/component: cainjector
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: cainjector
+    app.kubernetes.io/version: v1.19.1
+    helm.sh/chart: cert-manager-v1.19.1
+  name: cert-manager-cainjector:leaderelection
+  namespace: cert-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cert-manager-cainjector:leaderelection
+subjects:
+- kind: ServiceAccount
+  name: cert-manager-cainjector
+  namespace: cert-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
 metadata:
   annotations:
     helm.sh/hook: post-install
@@ -14032,28 +14054,6 @@ subjects:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
-metadata:
-  labels:
-    app: cainjector
-    app.kubernetes.io/component: cainjector
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: cainjector
-    app.kubernetes.io/version: v1.19.1
-    helm.sh/chart: cert-manager-v1.19.1
-  name: cert-manager-cainjector:leaderelection
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cert-manager-cainjector:leaderelection
-subjects:
-- kind: ServiceAccount
-  name: cert-manager-cainjector
-  namespace: cert-manager
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
 metadata:
   labels:
     app: cert-manager
@@ -14064,7 +14064,7 @@ metadata:
     app.kubernetes.io/version: v1.19.1
     helm.sh/chart: cert-manager-v1.19.1
   name: cert-manager:leaderelection
-  namespace: kube-system
+  namespace: cert-manager
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -14401,7 +14401,7 @@ spec:
       - args:
         - --v=2
         - --cluster-resource-namespace=$(POD_NAMESPACE)
-        - --leader-election-namespace=kube-system
+        - --leader-election-namespace=cert-manager
         - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.19.1
         - --max-concurrent-challenges=60
         env:
@@ -14482,7 +14482,7 @@ spec:
       containers:
       - args:
         - --v=2
-        - --leader-election-namespace=kube-system
+        - --leader-election-namespace=cert-manager
         env:
         - name: POD_NAMESPACE
           valueFrom:
diff --git a/certmanager/src/values.yaml b/certmanager/src/values.yaml
index 6f25aaa..c1552b8 100644
--- a/certmanager/src/values.yaml
+++ b/certmanager/src/values.yaml
@@ -70,7 +70,7 @@ global:
 
   leaderElection:
     # Override the namespace used for the leader election lease.
-    namespace: "kube-system"
+    namespace: "cert-manager"
 
     # The duration that non-leader candidates will wait after observing a
     # leadership renewal until attempting to acquire leadership of a led but