feat: convert cert-manager to use service account tokens rather than kiam, version bump of cert-manager

This commit is contained in:
Stefan Reimer 2021-06-30 12:34:02 +02:00
parent bab6c90185
commit 09cc9e25cc
3 changed files with 28 additions and 15 deletions

View File

@ -2,20 +2,20 @@ apiVersion: v2
name: kubezero-cert-manager
description: KubeZero Umbrella Chart for cert-manager
type: application
version: 0.5.0
version: 0.6.1
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
- kubezero
- cert-manager
maintainers:
- name: Quarky9
dependencies:
- name: kubezero-lib
version: ">= 0.1.3"
repository: https://zero-down-time.github.io/kubezero/
- name: cert-manager
version: 1.2.0
repository: https://charts.jetstack.io
version: 1.4.0
condition: cert-manager.enabled
repository: https://charts.jetstack.io
kubeVersion: ">= 1.18.0"

View File

@ -1,24 +1,18 @@
# kubezero-cert-manager
![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for cert-manager
**Homepage:** <https://kubezero.com>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.18.0`
| Repository | Name | Version |
|------------|------|---------|
| https://charts.jetstack.io | cert-manager | 1.2.0 |
| https://charts.jetstack.io | cert-manager | 1.4.0 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## AWS - IAM Role
@ -44,7 +38,6 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make
| cert-manager.ingressShim.defaultIssuerKind | string | `"ClusterIssuer"` | |
| cert-manager.ingressShim.defaultIssuerName | string | `"letsencrypt-dns-prod"` | |
| cert-manager.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| cert-manager.podAnnotations | object | `{}` | |
| cert-manager.prometheus.servicemonitor.enabled | bool | `false` | |
| cert-manager.tolerations[0].effect | string | `"NoSchedule"` | |
| cert-manager.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |

View File

@ -23,8 +23,28 @@ cert-manager:
leaderElection:
namespace: "cert-manager"
podAnnotations: {}
# iam.amazonaws.com/role: ""
# On AWS enable Projected Service Accounts to assume IAM role
#extraEnv:
#- name: AWS_ROLE_ARN
# value: "<cert-manager IAM ROLE ARN>"
#- name: AWS_WEB_IDENTITY_TOKEN_FILE
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
#- name: AWS_STS_REGIONAL_ENDPOINTS
# value: regional
#volumes:
#- name: aws-token
# projected:
# sources:
# - serviceAccountToken:
# path: token
# expirationSeconds: 86400
# audience: "sts.amazonaws.com"
#volumeMounts:
#- name: aws-token
# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
# readOnly: true
tolerations:
- key: node-role.kubernetes.io/master