KubeZero/charts/kubezero/templates/cert-manager.yaml

70 lines
1.6 KiB
YAML
Raw Normal View History

2020-11-26 13:21:10 +00:00
{{- define "cert-manager-values" }}
2020-11-26 17:37:10 +00:00
2020-11-26 13:21:10 +00:00
localCA:
enabled: true
2020-11-26 13:21:10 +00:00
cert-manager:
2023-05-03 13:26:54 +00:00
{{- if not .Values.global.highAvailable }}
strategy:
type: Recreate
{{- end }}
{{- if eq .Values.global.platform "aws" }}
2024-12-15 15:56:15 +00:00
{{- include "kubezero-lib.control-plane" . | nindent 2 }}
webhook:
2024-12-15 15:56:15 +00:00
{{- include "kubezero-lib.control-plane" . | nindent 4 }}
cainjector:
2024-12-15 15:56:15 +00:00
{{- include "kubezero-lib.control-plane" . | nindent 4 }}
extraEnv:
- name: AWS_REGION
value: {{ .Values.global.aws.region }}
{{ with index .Values "cert-manager" "IamArn" }}
- name: AWS_ROLE_ARN
value: "{{ . }}"
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: regional
volumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
volumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
{{- end }}
{{- end }}
{{- if eq .Values.global.platform "gke" }}
serviceAccount:
annotations:
iam.gke.io/gcp-service-account: "dns01-solver@{{ .Values.global.gcp.projectId }}.iam.gserviceaccount.com"
{{- end }}
prometheus:
servicemonitor:
enabled: {{ $.Values.metrics.enabled }}
2020-11-26 13:21:10 +00:00
{{- with index .Values "cert-manager" "clusterIssuer" }}
clusterIssuer:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- end }}
{{- define "cert-manager-argo" }}
{{- end }}
2020-11-26 13:21:10 +00:00
{{ include "kubezero-app.app" . }}