85 lines
2.0 KiB
YAML
85 lines
2.0 KiB
YAML
clusterIssuer: {}
|
|
# name: letsencrypt-dns-prod
|
|
# server: https://acme-v02.api.letsencrypt.org/directory
|
|
# email: admin@example.com
|
|
# solvers:
|
|
# - dns01:
|
|
# route53:
|
|
# region: us-west-2
|
|
# hostedZoneID: 1234567890
|
|
|
|
localCA:
|
|
enabled: false
|
|
# If selfsigning is false you must provide the ca key and crt below
|
|
selfsigning: true
|
|
#ca:
|
|
# key: <pem-key-material>
|
|
# crt: <pem-crt-material>
|
|
|
|
cert-manager:
|
|
enabled: true
|
|
|
|
crds:
|
|
enabled: true
|
|
|
|
global:
|
|
leaderElection:
|
|
namespace: "cert-manager"
|
|
|
|
# remove secrets if the cert is deleted
|
|
enableCertificateOwnerRef: true
|
|
|
|
extraArgs:
|
|
- "--logging-format=json"
|
|
- "--leader-elect=false"
|
|
- "--dns01-recursive-nameservers-only"
|
|
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
|
|
# - --enable-certificate-owner-ref=true
|
|
|
|
#enableCertificateOwnerRef: true
|
|
|
|
# On AWS enable Projected Service Accounts to assume IAM role
|
|
#extraEnv:
|
|
#- name: AWS_ROLE_ARN
|
|
# value: "<cert-manager IAM ROLE ARN>"
|
|
#- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
#- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
# value: regional
|
|
|
|
#volumes:
|
|
#- name: aws-token
|
|
# projected:
|
|
# sources:
|
|
# - serviceAccountToken:
|
|
# path: token
|
|
# expirationSeconds: 86400
|
|
# audience: "sts.amazonaws.com"
|
|
|
|
#volumeMounts:
|
|
#- name: aws-token
|
|
# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
# readOnly: true
|
|
|
|
ingressShim:
|
|
defaultIssuerName: letsencrypt-dns-prod
|
|
defaultIssuerKind: ClusterIssuer
|
|
|
|
webhook:
|
|
extraArgs:
|
|
- "--logging-format=json"
|
|
|
|
cainjector:
|
|
extraArgs:
|
|
- "--logging-format=json"
|
|
- "--leader-elect=false"
|
|
|
|
prometheus:
|
|
servicemonitor:
|
|
enabled: false
|
|
|
|
# cert-manager.podAnnotations -- "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"
|
|
|
|
startupapicheck:
|
|
enabled: false
|