KubeZero/charts/kubezero-cert-manager
2020-06-14 17:59:56 +01:00
..
templates Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 2020-06-14 17:59:56 +01:00
.helmignore New consitent naming scheme for umbrella charts/artifacts 2020-05-06 18:20:53 +01:00
Chart.yaml Make sure the self-signed resources are applied AFTER cert-manager itself 2020-06-08 15:19:35 +01:00
README.md Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 2020-06-14 17:59:56 +01:00
README.md.gotmpl Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 2020-06-14 17:59:56 +01:00
values.yaml Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 2020-06-14 17:59:56 +01:00

kubezero-cert-manager

KubeZero Umbrella Chart for cert-manager

Current chart version is 0.3.4

Source code can be found here

Chart Requirements

Repository Name Version
https://charts.jetstack.io cert-manager 0.15.1
https://zero-down-time.github.io/kubezero/ kubezero-lib >= 0.1.1

AWS - IAM Role

If you use kiam or kube2iam and restrict access on nodes running cert-manager please adjust:

cert-manager.podAnnotations:
  iam.amazonaws.com/role: <ROLE>

Resolver Secrets

If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.

Chart Values

Key Type Default Description
cert-manager.cainjector.nodeSelector."node-role.kubernetes.io/master" string ""
cert-manager.cainjector.tolerations[0].effect string "NoSchedule"
cert-manager.cainjector.tolerations[0].key string "node-role.kubernetes.io/master"
cert-manager.extraArgs[0] string "--dns01-recursive-nameservers-only"
cert-manager.ingressShim.defaultIssuerKind string "ClusterIssuer"
cert-manager.ingressShim.defaultIssuerName string "letsencrypt-dns-prod"
cert-manager.installCRDs bool true
cert-manager.nodeSelector."node-role.kubernetes.io/master" string ""
cert-manager.podAnnotations object {} "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"
cert-manager.prometheus.servicemonitor.enabled bool false
cert-manager.tolerations[0].effect string "NoSchedule"
cert-manager.tolerations[0].key string "node-role.kubernetes.io/master"
cert-manager.webhook.nodeSelector."node-role.kubernetes.io/master" string ""
cert-manager.webhook.tolerations[0].effect string "NoSchedule"
cert-manager.webhook.tolerations[0].key string "node-role.kubernetes.io/master"
clusterIssuer object {}
localCA.enabled bool true
localCA.selfsigning bool true