KubeZero - ZeroDownTime Kubernetes Platform
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Stefan Reimer 7c945fbac7 Update docs, bump argo-cd parallel jobs 3 days ago
templates Add sync waves to cert-manager 3 months ago
.helmignore New consitent naming scheme for umbrella charts/artifacts 5 months ago
Chart.yaml More EFS fixes, cert-manager version bump 1 week ago
README.md Update docs, bump argo-cd parallel jobs 3 days ago
README.md.gotmpl Updated helm-docs, fluentd SSL handled by Istio, ES&Istio tuning 3 weeks ago
backup-all.sh Add cert-manager backup support in bootstrap, enable schedule and controller metrics 2 months ago
values.yaml Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 4 months ago



Version: 0.4.0 Type: application

KubeZero Umbrella Chart for cert-manager

Homepage: https://kubezero.com


Name Email Url


Kubernetes: >= 1.16.0

Repository Name Version
https://charts.jetstack.io cert-manager 1.0.3
https://zero-down-time.github.io/kubezero/ kubezero-lib >= 0.1.3

AWS - IAM Role

If you use kiam or kube2iam and restrict access on nodes running cert-manager please adjust:

  iam.amazonaws.com/role: <ROLE>

Resolver Secrets

If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.


Key Type Default Description
cert-manager.cainjector.nodeSelector.“node-role.kubernetes.io/master” string ""
cert-manager.cainjector.tolerations[0].effect string "NoSchedule"
cert-manager.cainjector.tolerations[0].key string "node-role.kubernetes.io/master"
cert-manager.extraArgs[0] string "--dns01-recursive-nameservers-only"
cert-manager.ingressShim.defaultIssuerKind string "ClusterIssuer"
cert-manager.ingressShim.defaultIssuerName string "letsencrypt-dns-prod"
cert-manager.installCRDs bool true
cert-manager.nodeSelector.“node-role.kubernetes.io/master” string ""
cert-manager.podAnnotations object {} “iam.amazonaws.com/roleIAM:” role ARN the cert-manager might use via kiam eg.“arn:aws:iam::123456789012:role/certManagerRoleArn”
cert-manager.prometheus.servicemonitor.enabled bool false
cert-manager.tolerations[0].effect string "NoSchedule"
cert-manager.tolerations[0].key string "node-role.kubernetes.io/master"
cert-manager.webhook.nodeSelector.“node-role.kubernetes.io/master” string ""
cert-manager.webhook.tolerations[0].effect string "NoSchedule"
cert-manager.webhook.tolerations[0].key string "node-role.kubernetes.io/master"
clusterIssuer object {}
localCA.enabled bool true
localCA.selfsigning bool true