Hi, I am deploying Rancher on a Kubernetes cluster following this guide. To configure SSL, I have to install cert-manager. Is it possible to install cert-manager after installing Rancher, but still using Let’s Encrypt for provisioning a valid certificate)? A little background; We want to use Terraform to deploy Rancher, cert-manager and monitoring. When we have to install cert-manager before Rancher I will use the Helm chart as described in the guide. Next installing Rancher and adding the Rancher App ‘Monitoring’ (conditional). Next I want to update cert-manager to deploy a ServiceMonitor (which can be done via upgrading the existing Helm Release). I can’t configure cert-manager at first as the CRD for ServiceMonitor is not yet available. So my idea was actually to deploy first Rancher, then Monitoring (via Apps) and last cert-manager (via Apps instead directly via Helm).

Could the terraform process be:

Deploy k8s cluster -> Install Monitoring chart -> Install cert manager -> Install Rancher

?

That could be possible indeed, but I prefer to use Rancher Apps for all charts instead of managing some charts via Helm and others via Rancher Apps

End result should be the same

True, but when I want to update / reconfigure one of those charts using just a single resource type would be easier 🙂

Rancher apps is basically just helm

I know, but from a Terraform point of view it are two different resources (using two different providers)

Got it, that's fair

So as a workaround I can use terraform import and terraform state rm to ‘move’ helm resources to rancher app resources

You could supply your own (temporary) secret/cert for Rancher for the initial install, then upgrade the Rancher install afterwards to leverage cert-manager and LE

Ah indeed, that could work. Will give that a try. Thank you!