diff --git a/README.md b/README.md
index a1120f2..11c2a36 100644
--- a/README.md
+++ b/README.md
@@ -57,8 +57,8 @@ sys     0m2.015s
 
 | Name | Type |
 |------|------|
-| [helm_release.clusterissuer](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_manifest.cluster_issuer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.telemetry](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_secret.ca_key_pair](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
diff --git a/cert-mgr-cluster-issuer.tf b/cert-mgr-cluster-issuer.tf
index ee8c466..d33c51f 100644
--- a/cert-mgr-cluster-issuer.tf
+++ b/cert-mgr-cluster-issuer.tf
@@ -1,9 +1,3 @@
-locals {
-  common_tags = {
-    "boc:created_by" = "terraform"
-  }
-}
-
 # Create a subordinate cert for the cert-manager clusterissuer.
 module "subordinate_ca" {
   # tflint-ignore: terraform_module_pinned_source
@@ -12,10 +6,6 @@ module "subordinate_ca" {
   cluster_name  = var.cluster_name
   contact_email = var.cluster_mailing_list
   validity_days = 365
-
-  tags = merge(
-    local.common_tags,
-  )
 }
 
 resource "kubernetes_secret" "ca_key_pair" {
@@ -30,24 +20,17 @@ resource "kubernetes_secret" "ca_key_pair" {
   }
 }
 
-resource "helm_release" "clusterissuer" {
-  name      = "clusterissuer"
-  chart     = "./clusterissuer"
-  namespace = var.namespace
-  atomic    = true
-
-  set = [
-    {
-      name  = "name"
-      value = "clusterissuer"
-    },
-    {
-      name  = "apiVersion"
-      value = "cert-manager.io/v1"
-    },
-    {
-      name  = "secretName"
-      value = kubernetes_secret.ca_key_pair.metadata[0].name
+resource "kubernetes_manifest" "cluster_issuer" {
+  manifest = {
+    "apiVersion" = "cert-manager.io/v1"
+    "kind"       = "ClusterIssuer"
+    "metadata" = {
+      "name" = "ca-cluster-issuer"
+    }
+    "spec" = {
+      "ca" = {
+        "secretName" = kubernetes_secret.ca_key_pair.metadata[0].name
+      }
     }
-  ]
+  }
 }