70 lines
1.6 KiB
YAML
70 lines
1.6 KiB
YAML
{{- define "cert-manager-values" }}
|
|
|
|
localCA:
|
|
enabled: true
|
|
|
|
cert-manager:
|
|
{{- if not .Values.global.highAvailable }}
|
|
strategy:
|
|
type: Recreate
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.global.platform "aws" }}
|
|
{{- include "kubezero-lib.control-plane" . | nindent 2 }}
|
|
|
|
webhook:
|
|
{{- include "kubezero-lib.control-plane" . | nindent 4 }}
|
|
|
|
cainjector:
|
|
{{- include "kubezero-lib.control-plane" . | nindent 4 }}
|
|
|
|
extraEnv:
|
|
- name: AWS_REGION
|
|
value: {{ .Values.global.aws.region }}
|
|
{{ with index .Values "cert-manager" "IamArn" }}
|
|
- name: AWS_ROLE_ARN
|
|
value: "{{ . }}"
|
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
value: regional
|
|
|
|
volumes:
|
|
- name: aws-token
|
|
projected:
|
|
sources:
|
|
- serviceAccountToken:
|
|
path: token
|
|
expirationSeconds: 86400
|
|
audience: "sts.amazonaws.com"
|
|
|
|
volumeMounts:
|
|
- name: aws-token
|
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
readOnly: true
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.global.platform "gke" }}
|
|
serviceAccount:
|
|
annotations:
|
|
iam.gke.io/gcp-service-account: "dns01-solver@{{ .Values.global.gcp.projectId }}.iam.gserviceaccount.com"
|
|
{{- end }}
|
|
|
|
prometheus:
|
|
servicemonitor:
|
|
enabled: {{ $.Values.metrics.enabled }}
|
|
|
|
{{- with index .Values "cert-manager" "clusterIssuer" }}
|
|
clusterIssuer:
|
|
{{- . | toYaml | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
{{- define "cert-manager-argo" }}
|
|
{{- end }}
|
|
|
|
{{ include "kubezero-app.app" . }}
|