KubeZero/charts/kubezero-cert-manager/values.yaml

clusterIssuer: {}
# name: letsencrypt-dns-prod
# server: https://acme-v02.api.letsencrypt.org/directory
# email: admin@example.com
# solvers:
#   - dns01:
#       route53:
#         region: us-west-2
#         hostedZoneID: 1234567890

localCA:
  enabled: false
  # If selfsigning is false you must provide the ca key and crt below
  selfsigning: true
  #ca:
  #  key: <pem-key-material>
  #  crt: <pem-crt-material>

cert-manager:
  enabled: true

  global:
    leaderElection:
      namespace: "cert-manager"

  # On AWS enable Projected Service Accounts to assume IAM role
  #extraEnv:
  #- name: AWS_ROLE_ARN
  #  value: "<cert-manager IAM ROLE ARN>"
  #- name: AWS_WEB_IDENTITY_TOKEN_FILE
  #  value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
  #- name: AWS_STS_REGIONAL_ENDPOINTS
  #  value: regional

  #volumes:
  #- name: aws-token
  #  projected:
  #    sources:
  #    - serviceAccountToken:
  #        path: token
  #        expirationSeconds: 86400
  #        audience: "sts.amazonaws.com"

  #volumeMounts:
  #- name: aws-token
  #  mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
  #  readOnly: true

  tolerations:
  - key: node-role.kubernetes.io/master
    effect: NoSchedule
  nodeSelector:
    node-role.kubernetes.io/master: ""

  ingressShim:
    defaultIssuerName: letsencrypt-dns-prod
    defaultIssuerKind: ClusterIssuer

  webhook:
    tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule
    nodeSelector:
      node-role.kubernetes.io/master: ""

  cainjector:
    tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule
    nodeSelector:
      node-role.kubernetes.io/master: ""

  extraArgs:
    - "--dns01-recursive-nameservers-only"
    # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
    # - --enable-certificate-owner-ref=true

  prometheus:
    servicemonitor:
      enabled: false
  # cert-manager.podAnnotations -- "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"
cert-manager: Add Cluster-issuer 2020-05-06 14:03:33 +00:00			`clusterIssuer: {}`
			`# name: letsencrypt-dns-prod`
			`# server: https://acme-v02.api.letsencrypt.org/directory`
			`# email: admin@example.com`
			`# solvers:`
			`# - dns01:`
			`# route53:`
			`# region: us-west-2`
			`# hostedZoneID: 1234567890`

Add icons to all charts 2020-05-14 10:44:25 +00:00			`localCA:`
First steps of argoless bootstrap 2020-11-03 12:51:57 +00:00			`enabled: false`
Add icons to all charts 2020-05-14 10:44:25 +00:00			`# If selfsigning is false you must provide the ca key and crt below`
			`selfsigning: true`
			`#ca:`
			`# key: <pem-key-material>`
			`# crt: <pem-crt-material>`

Renaming, addition of draft cert-manager, templating 2020-05-05 14:21:09 +00:00			`cert-manager:`
Update of various components, new aroless bootstrap working 2020-11-21 12:24:57 +00:00			`enabled: true`

			`global:`
			`leaderElection:`
			`namespace: "cert-manager"`

feat: convert cert-manager to use service account tokens rather than kiam, version bump of cert-manager 2021-06-30 10:34:02 +00:00			`# On AWS enable Projected Service Accounts to assume IAM role`
			`#extraEnv:`
			`#- name: AWS_ROLE_ARN`
			`# value: "<cert-manager IAM ROLE ARN>"`
			`#- name: AWS_WEB_IDENTITY_TOKEN_FILE`
			`# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"`
			`#- name: AWS_STS_REGIONAL_ENDPOINTS`
			`# value: regional`

			`#volumes:`
			`#- name: aws-token`
			`# projected:`
			`# sources:`
			`# - serviceAccountToken:`
			`# path: token`
			`# expirationSeconds: 86400`
			`# audience: "sts.amazonaws.com"`

			`#volumeMounts:`
			`#- name: aws-token`
			`# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"`
			`# readOnly: true`
Update of various components, new aroless bootstrap working 2020-11-21 12:24:57 +00:00
Renaming, addition of draft cert-manager, templating 2020-05-05 14:21:09 +00:00			`tolerations:`
			`- key: node-role.kubernetes.io/master`
			`effect: NoSchedule`
			`nodeSelector:`
			`node-role.kubernetes.io/master: ""`
Update of various components, new aroless bootstrap working 2020-11-21 12:24:57 +00:00
Renaming, addition of draft cert-manager, templating 2020-05-05 14:21:09 +00:00			`ingressShim:`
			`defaultIssuerName: letsencrypt-dns-prod`
			`defaultIssuerKind: ClusterIssuer`
Update of various components, new aroless bootstrap working 2020-11-21 12:24:57 +00:00
Renaming, addition of draft cert-manager, templating 2020-05-05 14:21:09 +00:00			`webhook:`
			`tolerations:`
			`- key: node-role.kubernetes.io/master`
			`effect: NoSchedule`
			`nodeSelector:`
			`node-role.kubernetes.io/master: ""`
Update of various components, new aroless bootstrap working 2020-11-21 12:24:57 +00:00
Renaming, addition of draft cert-manager, templating 2020-05-05 14:21:09 +00:00			`cainjector:`
			`tolerations:`
			`- key: node-role.kubernetes.io/master`
			`effect: NoSchedule`
			`nodeSelector:`
			`node-role.kubernetes.io/master: ""`
Update of various components, new aroless bootstrap working 2020-11-21 12:24:57 +00:00
Renaming, addition of draft cert-manager, templating 2020-05-05 14:21:09 +00:00			`extraArgs:`
			`- "--dns01-recursive-nameservers-only"`
Bump cert-manager to 0.15, enable CRDs 2020-05-06 23:33:28 +00:00			`# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted`
			`# - --enable-certificate-owner-ref=true`
Update of various components, new aroless bootstrap working 2020-11-21 12:24:57 +00:00
Renaming, addition of draft cert-manager, templating 2020-05-05 14:21:09 +00:00			`prometheus:`
			`servicemonitor:`
			`enabled: false`
Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 2020-06-14 16:59:56 +00:00			`# cert-manager.podAnnotations -- "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"`