2020-05-06 14:03:33 +00:00
clusterIssuer : {}
# name: letsencrypt-dns-prod
# server: https://acme-v02.api.letsencrypt.org/directory
# email: admin@example.com
# solvers:
# - dns01:
# route53:
# region: us-west-2
# hostedZoneID: 1234567890
2020-05-14 10:44:25 +00:00
localCA :
enabled : true
# If selfsigning is false you must provide the ca key and crt below
selfsigning : true
#ca:
# key: <pem-key-material>
# crt: <pem-crt-material>
2020-05-05 14:21:09 +00:00
cert-manager :
2020-05-06 23:33:28 +00:00
installCRDs : true
2020-05-05 14:21:09 +00:00
tolerations :
- key : node-role.kubernetes.io/master
effect : NoSchedule
nodeSelector :
node-role.kubernetes.io/master : ""
ingressShim :
defaultIssuerName : letsencrypt-dns-prod
defaultIssuerKind : ClusterIssuer
webhook :
tolerations :
- key : node-role.kubernetes.io/master
effect : NoSchedule
nodeSelector :
node-role.kubernetes.io/master : ""
cainjector :
tolerations :
- key : node-role.kubernetes.io/master
effect : NoSchedule
nodeSelector :
node-role.kubernetes.io/master : ""
extraArgs :
- "--dns01-recursive-nameservers-only"
2020-05-06 23:33:28 +00:00
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
# - --enable-certificate-owner-ref=true
2020-05-05 14:21:09 +00:00
prometheus :
servicemonitor :
enabled : false
2020-06-14 16:59:56 +00:00
# cert-manager.podAnnotations -- "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"
podAnnotations : {}
# iam.amazonaws.com/role: ""