From 70cb74d8bd836639c4845af7c2c4b9327ed6574b Mon Sep 17 00:00:00 2001
From: Nikholas Pcenicni <82239765+nikpcenicni@users.noreply.github.com>
Date: Wed, 13 May 2026 20:42:57 -0400
Subject: [PATCH] Add noble_helm_cert_manager_wait_timeout variable and update
 Helm upgrade task to include --timeout option for improved deployment
 reliability

---
 ansible/roles/noble_cert_manager/defaults/main.yml | 3 +++
 ansible/roles/noble_cert_manager/tasks/main.yml    | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/ansible/roles/noble_cert_manager/defaults/main.yml b/ansible/roles/noble_cert_manager/defaults/main.yml
index 0d73278..2ac6532 100644
--- a/ansible/roles/noble_cert_manager/defaults/main.yml
+++ b/ansible/roles/noble_cert_manager/defaults/main.yml
@@ -1,3 +1,6 @@
 ---
 # Warn when **cloudflare-dns-api-token** is missing after apply (also set in **group_vars/all.yml** when loaded).
 noble_cert_manager_require_cloudflare_secret: true
+
+# Helm --wait default (~5m) can expire while startupapicheck waits on webhooks / API (busy or slow pulls).
+noble_helm_cert_manager_wait_timeout: 15m
diff --git a/ansible/roles/noble_cert_manager/tasks/main.yml b/ansible/roles/noble_cert_manager/tasks/main.yml
index e45a4c9..56f413d 100644
--- a/ansible/roles/noble_cert_manager/tasks/main.yml
+++ b/ansible/roles/noble_cert_manager/tasks/main.yml
@@ -26,6 +26,8 @@
       - "{{ noble_repo_root }}/clusters/noble/bootstrap/cert-manager/values.yaml"
       - --force-conflicts
       - --wait
+      - --timeout
+      - "{{ noble_helm_cert_manager_wait_timeout }}"
   environment:
     KUBECONFIG: "{{ noble_kubeconfig }}"
   changed_when: true