Add cert mgr installation which is required by HPTO (aws#180)

emeraldbay · Xin Wang · web-flow · commit a4f0465ce01e · 2025-08-19T11:24:14.000-07:00
* Add cert mgr installation

* Add cert mgr installation

* update cert-mgr readme

---------

Co-authored-by: Xin Wang &lt;xwnamz@amazon.com&gt;
diff --git a/helm_chart/HyperPodHelmChart/Chart.yaml b/helm_chart/HyperPodHelmChart/Chart.yaml
@@ -24,6 +24,10 @@ version: 0.1.0
 appVersion: "1.16.0"
 
 dependencies:
+  - name: cert-manager
+    version: "v1.18.2"
+    repository: oci://quay.io/jetstack/charts
+    condition: cert-manager.enabled
   - name: training-operators
     version: "0.1.0"
     repository: "file://charts/training-operators"
diff --git a/helm_chart/HyperPodHelmChart/values.yaml b/helm_chart/HyperPodHelmChart/values.yaml
@@ -115,6 +115,15 @@ namespace:
   create: true
   name: aws-hyperpod
 
+cert-manager:
+  enabled: true
+  namespace: cert-manager
+  global:
+    leaderElection:
+      namespace: cert-manager
+  crds:
+    enabled: true
+
 mlflow:
   enabled: false
 
diff --git a/helm_chart/readme.md b/helm_chart/readme.md
@@ -33,6 +33,7 @@ More information about orchestration features for cluster admins [here](https://
 | [Kubeflow Training Operator](https://www.kubeflow.org/docs/components/trainer/legacy-v1/overview/)            | Installs operators for managing various machine learning training jobs, such as TensorFlow, PyTorch, and MXNet, providing native Kubernetes support for distributed training workloads. |              | Yes               |
 | HyperPod patching            | Deploys the RBAC and controller resources needed for orchestrating rolling updates and patching workflows in SageMaker HyperPod clusters. Includes pod eviction and node monitoring.    | HyperPod Resiliency             | Yes               |
 | hyperpod-inference-operator  | Installs the HyperPod Inference Operator and its dependencies to the cluster, allowing cluster deployment and inferencing of JumpStart, s3-hosted, and FSx-hosted models                | No                | 
+| [cert-manager](https://github.com/cert-manager/cert-manager)                | Automatically provisions and manages TLS certificates in Kubernetes clusters. Provides certificate lifecycle management including issuance, renewal, and revocation for secure communications. | [Hyperpod training operator](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-eks-operator.html)           | Yes                |
 
 > **_Note_** The `mpijob` scheme is disabled in the Training Operator helm chart to avoid conflicting with the MPI Operator. 
 
@@ -48,6 +49,20 @@ storage:
   enabled: true
 ```
 
+To enable cert-manager for TLS certificate management, pass in `--set cert-manager.enabled=true` when installing or upgrading the main chart or set the following in the values.yaml file:
+```
+cert-manager:
+  enabled: true
+  namespace: cert-manager
+  global:
+    leaderElection:
+      namespace: cert-manager
+  crds:
+    enabled: true  
+```
+namespace specifies which name space cert-manager should be installed
+
+
 ---
 
 The following plugins are only required for HyperPod Resiliency if you are using the following supported devices, such as GPU/Neuron instances, unless you install these plugins on your own. 
