feat: convert cert-manager to use service account tokens rather than kiam, version bump of cert-manager
This commit is contained in:
parent
bab6c90185
commit
09cc9e25cc
@ -2,20 +2,20 @@ apiVersion: v2
|
||||
name: kubezero-cert-manager
|
||||
description: KubeZero Umbrella Chart for cert-manager
|
||||
type: application
|
||||
version: 0.5.0
|
||||
version: 0.6.1
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- cert-manager
|
||||
maintainers:
|
||||
- name: Quarky9
|
||||
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.3"
|
||||
repository: https://zero-down-time.github.io/kubezero/
|
||||
- name: cert-manager
|
||||
version: 1.2.0
|
||||
repository: https://charts.jetstack.io
|
||||
version: 1.4.0
|
||||
condition: cert-manager.enabled
|
||||
repository: https://charts.jetstack.io
|
||||
kubeVersion: ">= 1.18.0"
|
||||
|
@ -1,24 +1,18 @@
|
||||
# kubezero-cert-manager
|
||||
|
||||
![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for cert-manager
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.18.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://charts.jetstack.io | cert-manager | 1.2.0 |
|
||||
| https://charts.jetstack.io | cert-manager | 1.4.0 |
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
|
||||
## AWS - IAM Role
|
||||
@ -44,7 +38,6 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make
|
||||
| cert-manager.ingressShim.defaultIssuerKind | string | `"ClusterIssuer"` | |
|
||||
| cert-manager.ingressShim.defaultIssuerName | string | `"letsencrypt-dns-prod"` | |
|
||||
| cert-manager.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
||||
| cert-manager.podAnnotations | object | `{}` | |
|
||||
| cert-manager.prometheus.servicemonitor.enabled | bool | `false` | |
|
||||
| cert-manager.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| cert-manager.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||
|
@ -23,8 +23,28 @@ cert-manager:
|
||||
leaderElection:
|
||||
namespace: "cert-manager"
|
||||
|
||||
podAnnotations: {}
|
||||
# iam.amazonaws.com/role: ""
|
||||
# On AWS enable Projected Service Accounts to assume IAM role
|
||||
#extraEnv:
|
||||
#- name: AWS_ROLE_ARN
|
||||
# value: "<cert-manager IAM ROLE ARN>"
|
||||
#- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
||||
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||
#- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||
# value: regional
|
||||
|
||||
#volumes:
|
||||
#- name: aws-token
|
||||
# projected:
|
||||
# sources:
|
||||
# - serviceAccountToken:
|
||||
# path: token
|
||||
# expirationSeconds: 86400
|
||||
# audience: "sts.amazonaws.com"
|
||||
|
||||
#volumeMounts:
|
||||
#- name: aws-token
|
||||
# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||
# readOnly: true
|
||||
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
|
Loading…
Reference in New Issue
Block a user