clusterIssuer: {}
# name: letsencrypt-dns-prod
# server: https://acme-v02.api.letsencrypt.org/directory
# email: admin@example.com
# solvers:
#   - dns01:
#       route53:
#         region: us-west-2
#         hostedZoneID: 1234567890

cert-manager:
  installCRDs: true
  tolerations:
  - key: node-role.kubernetes.io/master
    effect: NoSchedule
  nodeSelector:
    node-role.kubernetes.io/master: ""
  ingressShim:
    defaultIssuerName: letsencrypt-dns-prod
    defaultIssuerKind: ClusterIssuer
  webhook:
    tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule
    nodeSelector:
      node-role.kubernetes.io/master: ""
  cainjector:
    tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule
    nodeSelector:
      node-role.kubernetes.io/master: ""
  extraArgs:
    - "--dns01-recursive-nameservers-only"
    # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
    # - --enable-certificate-owner-ref=true
  prometheus:
    servicemonitor:
      enabled: false
  #podAnnotations:
  #  iam.amazonaws.com/role: "INSERT_CLOUDFORMATION_OUTPUT_CertManagerRoleArn"