KubeZero - ZeroDownTime Kubernetes Platform
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

85 lines
2.1 KiB

clusterIssuer: {}
# name: letsencrypt-dns-prod
# server: https://acme-v02.api.letsencrypt.org/directory
# email: admin@example.com
# solvers:
# - dns01:
# route53:
# region: us-west-2
# hostedZoneID: 1234567890
localCA:
enabled: false
# If selfsigning is false you must provide the ca key and crt below
selfsigning: true
#ca:
# key: <pem-key-material>
# crt: <pem-crt-material>
cert-manager:
enabled: true
global:
leaderElection:
namespace: "cert-manager"
# On AWS enable Projected Service Accounts to assume IAM role
#extraEnv:
#- name: AWS_ROLE_ARN
# value: "<cert-manager IAM ROLE ARN>"
#- name: AWS_WEB_IDENTITY_TOKEN_FILE
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
#- name: AWS_STS_REGIONAL_ENDPOINTS
# value: regional
#volumes:
#- name: aws-token
# projected:
# sources:
# - serviceAccountToken:
# path: token
# expirationSeconds: 86400
# audience: "sts.amazonaws.com"
#volumeMounts:
#- name: aws-token
# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
# readOnly: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
ingressShim:
defaultIssuerName: letsencrypt-dns-prod
defaultIssuerKind: ClusterIssuer
webhook:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
cainjector:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
extraArgs:
- "--dns01-recursive-nameservers-only"
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
# - --enable-certificate-owner-ref=true
prometheus:
servicemonitor:
enabled: false
# cert-manager.podAnnotations -- "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"
startupapicheck:
enabled: false