2020-05-06 14:03:33 +00:00
clusterIssuer : {}
# name: letsencrypt-dns-prod
# server: https://acme-v02.api.letsencrypt.org/directory
# email: admin@example.com
# solvers:
# - dns01:
# route53:
# region: us-west-2
# hostedZoneID: 1234567890
2020-05-14 10:44:25 +00:00
localCA :
2020-11-03 12:51:57 +00:00
enabled : false
2020-05-14 10:44:25 +00:00
# If selfsigning is false you must provide the ca key and crt below
selfsigning : true
#ca:
# key: <pem-key-material>
# crt: <pem-crt-material>
2020-05-05 14:21:09 +00:00
cert-manager :
2020-11-21 12:24:57 +00:00
enabled : true
2024-07-19 14:14:43 +00:00
crds :
enabled : true
2020-11-21 12:24:57 +00:00
global :
leaderElection :
namespace : "cert-manager"
2024-02-09 16:24:37 +00:00
# remove secrets if the cert is deleted
enableCertificateOwnerRef : true
2023-08-21 11:56:56 +00:00
extraArgs :
- "--logging-format=json"
- "--leader-elect=false"
- "--dns01-recursive-nameservers-only"
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
# - --enable-certificate-owner-ref=true
2023-04-13 11:21:44 +00:00
#enableCertificateOwnerRef: true
2021-06-30 10:34:02 +00:00
# On AWS enable Projected Service Accounts to assume IAM role
#extraEnv:
#- name: AWS_ROLE_ARN
# value: "<cert-manager IAM ROLE ARN>"
#- name: AWS_WEB_IDENTITY_TOKEN_FILE
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
#- name: AWS_STS_REGIONAL_ENDPOINTS
# value: regional
#volumes:
#- name: aws-token
# projected:
# sources:
# - serviceAccountToken:
# path: token
# expirationSeconds: 86400
# audience: "sts.amazonaws.com"
#volumeMounts:
#- name: aws-token
# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
# readOnly: true
2020-11-21 12:24:57 +00:00
2020-05-05 14:21:09 +00:00
ingressShim :
defaultIssuerName : letsencrypt-dns-prod
defaultIssuerKind : ClusterIssuer
2020-11-21 12:24:57 +00:00
2020-05-05 14:21:09 +00:00
webhook :
2023-08-21 11:56:56 +00:00
extraArgs :
- "--logging-format=json"
2020-11-21 12:24:57 +00:00
2020-05-05 14:21:09 +00:00
cainjector :
2023-08-21 11:56:56 +00:00
extraArgs :
- "--logging-format=json"
- "--leader-elect=false"
2020-11-21 12:24:57 +00:00
2020-05-05 14:21:09 +00:00
prometheus :
servicemonitor :
enabled : false
2021-09-29 14:30:37 +00:00
2020-06-14 16:59:56 +00:00
# cert-manager.podAnnotations -- "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"
2021-09-29 14:30:37 +00:00
startupapicheck :
enabled : false
