clusterIssuer: {} # name: letsencrypt-dns-prod # server: https://acme-v02.api.letsencrypt.org/directory # email: admin@example.com # solvers: # - dns01: # route53: # region: us-west-2 # hostedZoneID: 1234567890 localCA: enabled: true # If selfsigning is false you must provide the ca key and crt below selfsigning: true #ca: # key: # crt: cert-manager: installCRDs: true tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule nodeSelector: node-role.kubernetes.io/master: "" ingressShim: defaultIssuerName: letsencrypt-dns-prod defaultIssuerKind: ClusterIssuer webhook: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule nodeSelector: node-role.kubernetes.io/master: "" cainjector: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule nodeSelector: node-role.kubernetes.io/master: "" extraArgs: - "--dns01-recursive-nameservers-only" # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted # - --enable-certificate-owner-ref=true prometheus: servicemonitor: enabled: false # cert-manager.podAnnotations."iam.amazonaws.com/role" -- IAM role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn" podAnnotations: iam.amazonaws.com/role: ""