ZeroDownTime
/
kubezero
3
0
Fork 0
Code Issues 1 Pull Requests 26 Releases Wiki Activity
kubezero/charts/kubezero-cert-manager
History
Stefan Reimer b541463829 Add cert-manager backup support in bootstrap, enable schedule and controller metrics 2020-08-05 15:42:15 +01:00
..
templates Add sync waves to cert-manager 2020-07-16 14:09:00 +01:00
.helmignore New consitent naming scheme for umbrella charts/artifacts 2020-05-06 18:20:53 +01:00
Chart.yaml Add sync waves to cert-manager 2020-07-16 14:09:00 +01:00
README.md Another round of Istio fixes 2020-07-22 20:25:18 +01:00
README.md.gotmpl Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 2020-06-14 17:59:56 +01:00
backup-all.sh Add cert-manager backup support in bootstrap, enable schedule and controller metrics 2020-08-05 15:42:15 +01:00
values.yaml Revert annotations for cert-manager, enable selfheal for cert-manager to work around bootstrap issues 2020-06-14 17:59:56 +01:00

README.md

kubezero-cert-manager

KubeZero Umbrella Chart for cert-manager

Current chart version is 0.3.5

Source code can be found here

Chart Requirements

Repository Name Version
https://charts.jetstack.io cert-manager 0.15.1
https://zero-down-time.github.io/kubezero/ kubezero-lib >= 0.1.1

AWS - IAM Role

If you use kiam or kube2iam and restrict access on nodes running cert-manager please adjust:

cert-manager.podAnnotations:
  iam.amazonaws.com/role: <ROLE>

Resolver Secrets

If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.

Chart Values

Key Type Default Description
cert-manager.cainjector.nodeSelector."node-role.kubernetes.io/master" string ""
cert-manager.cainjector.tolerations[0].effect string "NoSchedule"
cert-manager.cainjector.tolerations[0].key string "node-role.kubernetes.io/master"
cert-manager.extraArgs[0] string "--dns01-recursive-nameservers-only"
cert-manager.ingressShim.defaultIssuerKind string "ClusterIssuer"
cert-manager.ingressShim.defaultIssuerName string "letsencrypt-dns-prod"
cert-manager.installCRDs bool true
cert-manager.nodeSelector."node-role.kubernetes.io/master" string ""
cert-manager.podAnnotations object {} "iam.amazonaws.com/roleIAM:" role ARN the cert-manager might use via kiam eg."arn:aws:iam::123456789012:role/certManagerRoleArn"
cert-manager.prometheus.servicemonitor.enabled bool false
cert-manager.tolerations[0].effect string "NoSchedule"
cert-manager.tolerations[0].key string "node-role.kubernetes.io/master"
cert-manager.webhook.nodeSelector."node-role.kubernetes.io/master" string ""
cert-manager.webhook.tolerations[0].effect string "NoSchedule"
cert-manager.webhook.tolerations[0].key string "node-role.kubernetes.io/master"
clusterIssuer object {}
localCA.enabled bool true
localCA.selfsigning bool true