From 6af593075a0766a9c978a44e37644c2cb619cb30 Mon Sep 17 00:00:00 2001
From: Georgi Yanev <georgi.yanev@cyberark.com>
Date: Tue, 5 May 2026 16:08:23 +0300
Subject: [PATCH] VC-52277: add cert-manager gatherers to discovery-agent

Without k8s/certificates, k8s/issuers and k8s/clusterissuers the TLSPK
backend cannot determine cert-manager lifecycle for discovered certificates,
causing all certs to show as NOT_MANAGED in the clusters page.
---
 .../discovery-agent/templates/configmap.yaml  | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/deploy/charts/discovery-agent/templates/configmap.yaml b/deploy/charts/discovery-agent/templates/configmap.yaml
index 6ab0c43d..847dc7b0 100644
--- a/deploy/charts/discovery-agent/templates/configmap.yaml
+++ b/deploy/charts/discovery-agent/templates/configmap.yaml
@@ -76,3 +76,31 @@ data:
         resource-type:
           version: v1
           resource: pods
+    - kind: k8s-dynamic
+      name: k8s/certificates
+      config:
+        resource-type:
+          group: cert-manager.io
+          version: v1
+          resource: certificates
+    - kind: k8s-dynamic
+      name: k8s/certificaterequests
+      config:
+        resource-type:
+          group: cert-manager.io
+          version: v1
+          resource: certificaterequests
+    - kind: k8s-dynamic
+      name: k8s/issuers
+      config:
+        resource-type:
+          group: cert-manager.io
+          version: v1
+          resource: issuers
+    - kind: k8s-dynamic
+      name: k8s/clusterissuers
+      config:
+        resource-type:
+          group: cert-manager.io
+          version: v1
+          resource: clusterissuers