fix(helm): add priorityClassName

Author: starlightromero

.kiro/steering/product.md

@@ -0,0 +1,22 @@
+# Product Overview
+
+cert-manager-sync is a Kubernetes operator that enables automatic synchronization of TLS certificates from cert-manager to external certificate stores.
+
+## Purpose
+
+The operator solves the challenge of securely distributing TLS certificates managed by cert-manager to external services like AWS ACM, Cloudflare, HashiCorp Vault, and other certificate stores without manual intervention.
+
+## Key Features
+
+- **Multi-store support**: Syncs to 9+ certificate stores (AWS ACM, Cloudflare, DigitalOcean, GCP, Vault, Heroku, Incapsula, ThreatX, Filepath)
+- **Annotation-driven configuration**: Uses Kubernetes annotations on TLS secrets to define sync destinations
+- **Exponential backoff**: Implements retry logic with binary exponential backoff for failed syncs
+- **Multiple destinations**: Can sync a single certificate to multiple stores simultaneously
+- **Prometheus metrics**: Exposes sync status and metrics for monitoring
+- **Event recording**: Creates Kubernetes events for sync operations
+
+## Target Users
+
+- DevOps engineers managing Kubernetes clusters with cert-manager
+- Platform teams needing to distribute certificates to external services
+- Organizations using hybrid cloud architectures requiring certificate synchronization

.kiro/steering/structure.md

@@ -0,0 +1,70 @@
+# Project Structure
+
+## Directory Layout
+
+```
+cert-manager-sync/
+├── cmd/cert-manager-sync/     # Application entry point
+├── internal/                  # Private application code
+│   ├── metrics/              # Prometheus metrics implementation
+│   └── types/                # Internal type definitions
+├── pkg/                      # Public library code
+│   ├── certmanagersync/      # Core operator logic
+│   ├── state/                # Kubernetes client and state management
+│   └── tlssecret/            # TLS certificate parsing and configuration
+├── stores/                   # Certificate store implementations
+│   ├── acm/                  # AWS Certificate Manager
+│   ├── cloudflare/           # Cloudflare certificates
+│   ├── digitalocean/         # DigitalOcean certificates
+│   ├── filepath/             # File system storage
+│   ├── gcpcm/                # Google Cloud Certificate Manager
+│   ├── heroku/               # Heroku certificates
+│   ├── incapsula/            # Incapsula WAF certificates
+│   ├── threatx/              # ThreatX certificates
+│   └── vault/                # HashiCorp Vault storage
+├── deploy/cert-manager-sync/ # Helm chart for deployment
+└── devops/docs/              # Documentation and diagrams
+```
+
+## Code Organization Patterns
+
+### Package Responsibilities
+
+- **cmd/**: Application entry points and main functions
+- **internal/**: Private code not intended for external use
+- **pkg/**: Public APIs that could be imported by other projects
+- **stores/**: Pluggable certificate store implementations
+
+### Interface Design
+
+- All certificate stores implement the `RemoteStore` interface
+- Each store package contains:
+  - Main implementation file (e.g., `acm.go`)
+  - Test file (e.g., `acm_test.go`)
+  - Configuration parsing and validation
+
+### Naming Conventions
+
+- Package names are lowercase, single words when possible
+- Store packages named after the service (e.g., `acm`, `vault`)
+- Struct names use PascalCase (e.g., `ACMStore`, `VaultStore`)
+- Interface names end with descriptive suffix (e.g., `RemoteStore`)
+
+### Configuration Pattern
+
+- Environment variables for operator-level configuration
+- Kubernetes annotations for per-secret configuration
+- Annotation keys follow pattern: `cert-manager-sync.lestak.sh/{store}-{setting}`
+
+### Error Handling
+
+- Use structured logging with logrus
+- Return errors from functions, handle at appropriate level
+- Create Kubernetes events for user-visible operations
+- Implement exponential backoff for transient failures
+
+### Testing Structure
+
+- Test files alongside implementation files
+- Use table-driven tests where appropriate
+- Mock external dependencies for unit tests

.kiro/steering/tech.md

@@ -0,0 +1,82 @@
+# Technology Stack
+
+## Language & Runtime
+
+- **Go 1.25.1**: Primary programming language
+- **Kubernetes client-go**: For Kubernetes API interactions
+- **Logrus**: Structured logging library
+
+## Architecture
+
+- **Kubernetes Operator Pattern**: Uses informers and event handlers
+- **Interface-based design**: `RemoteStore` interface for pluggable certificate stores
+- **Event-driven**: Responds to Kubernetes secret changes via informers
+
+## Key Dependencies
+
+- `k8s.io/client-go`: Kubernetes client library
+- `k8s.io/api`: Kubernetes API types
+- `github.com/prometheus/client_golang`: Metrics collection
+- Cloud provider SDKs: AWS SDK, GCP client libraries, Cloudflare Go client
+- `github.com/hashicorp/vault/api`: HashiCorp Vault integration
+- `software.sslmate.com/src/go-pkcs12`: PKCS#12 certificate format support
+
+## Build System
+
+- **Make**: Build automation via `Makefile`
+- **Docker**: Multi-stage builds with scratch base image
+- **Helm**: Kubernetes deployment packaging
+
+## Common Commands
+
+### Development
+
+```bash
+# Run tests
+make test
+
+# Build binary
+go build -o cert-manager-sync cmd/cert-manager-sync/*.go
+
+# Run locally (requires KUBECONFIG)
+./cert-manager-sync
+```
+
+### Testing
+
+```bash
+# Run all tests with verbose output
+go test -v ./...
+
+# Run vulnerability check
+govulncheck -show verbose ./...
+
+# Test specific package
+go test -v ./pkg/certmanagersync
+```
+
+### Docker
+
+```bash
+# Build container image
+docker build -t cert-manager-sync .
+
+# Run container
+docker run cert-manager-sync
+```
+
+### Deployment
+
+```bash
+# Deploy with Helm
+helm upgrade --install -n cert-manager cert-manager-sync ./deploy/cert-manager-sync
+
+# Deploy with custom values
+helm upgrade --install -n cert-manager cert-manager-sync ./deploy/cert-manager-sync -f custom-values.yaml
+```
+
+## Configuration
+
+- Environment variables for operator configuration
+- Kubernetes annotations for certificate sync configuration
+- Helm values for deployment customization

deploy/cert-manager-sync/templates/deployment.yaml

@@ -29,6 +29,9 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "cert-manager-sync.serviceAccountName" . }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:

deploy/cert-manager-sync/values.yaml

@@ -43,6 +43,9 @@ clusterRole:
 
 podAnnotations: {}
 
+# -- Priority class name for pod scheduling
+priorityClassName: ""
+
 podSecurityContext: {}
   # fsGroup: 2000