fix: resolve cert-manager CRD dependency for cluster redeployability

- Add root kustomization.yaml to explicitly list included paths
- Exclude cert-manager and cert-manager-issuer from root kustomization
- Add Flux Kustomizations in system/flux/ to manage deployment order
- cert-manager Flux Kustomization includes health checks for CRDs
- cert-manager-issuer depends on cert-manager being ready

kubernetes/system/cert-manager/clusterissuer.yaml

@@ -1,24 +0,0 @@
-# Let's Encrypt ClusterIssuer
-# Supports multiple DNS providers via DNS-01 challenge
-
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-production
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: vhaudiquet343@hotmail.fr
-    privateKeySecretRef:
-      name: letsencrypt-production-account-key
-    solvers:
-      # Cloudflare solver for vhaudiquet.fr and buildpath.win
-      - dns01:
-          cloudflare:
-            apiTokenSecretRef:
-              name: cloudflare-api-token
-              key: api-token
-        selector:
-          dnsZones:
-            - vhaudiquet.fr
-            - buildpath.win

kubernetes/system/cert-manager/kustomization.yaml

@@ -6,7 +6,6 @@ resources:
   - repository.yaml
   - release.yaml
   - cloudflare-api-token-secret.yaml
-  - clusterissuer.yaml
 secretGenerator:
   - name: cert-manager-values
     files: