affinity |
Pod affinity |
map |
{} |
no |
ca_injector_affinity |
Affinity for ca_injector |
map |
{} |
no |
ca_injector_container_security_context |
CA Injector Container Security Context |
map |
{} |
no |
ca_injector_deployment_annotations |
Extra annotations for ca_injector deployment |
map |
{} |
no |
ca_injector_enabled |
Enable CA Injector. |
bool |
true |
no |
ca_injector_extra_args |
Extra args for ca_injector |
list |
[] |
no |
ca_injector_image_repository |
Image repository for ca_injector |
string |
"quay.io/jetstack/cert-manager-cainjector" |
no |
ca_injector_image_tag |
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. |
any |
null |
no |
ca_injector_node_selector |
Node selector for ca_injector |
map |
{} |
no |
ca_injector_pod_annotations |
Extra annotations for ca_injector pods |
map |
{} |
no |
ca_injector_pod_labels |
Extra labels for ca_injector pods |
map |
{} |
no |
ca_injector_replica_count |
Number of replica for injector |
number |
1 |
no |
ca_injector_resources |
ca_injector pod resources |
map |
{ "limits": { "cpu": "100m", "memory": "300Mi" }, "requests": { "cpu": "100m", "memory": "300Mi" } } |
no |
ca_injector_security_context |
CA Injector Pod Security Context |
map |
{} |
no |
ca_injector_service_account_annotations |
Annotations for ca_injector service account |
map |
{} |
no |
ca_injector_service_account_create |
Create ca_injector service account |
bool |
true |
no |
ca_injector_service_account_name |
Name for ca_injector service account. If not set and create is true, a name is generated using the fullname template |
string |
"" |
no |
ca_injector_strategy |
CA Injector deployment update strategy |
map |
{ "rollingUpdate": { "maxSurge": 1, "maxUnavailable": "50%" }, "type": "RollingUpdate" } |
no |
ca_injector_tolerations |
Tolerations for ca_injector |
list |
[] |
no |
chart_name |
Helm chart name to provision |
string |
"cert-manager" |
no |
chart_namespace |
Namespace to install the chart into |
string |
"default" |
no |
chart_repository |
Helm repository for the chart |
string |
"https://charts.jetstack.io" |
no |
chart_timeout |
Timeout to wait for the Chart to be deployed. |
number |
300 |
no |
chart_version |
Version of Chart to install. Set to empty to install the latest version |
string |
"1.5.0" |
no |
cluster_resource_namespace |
Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart. |
string |
"" |
no |
container_security_context |
Configure container security context |
map |
{} |
no |
deployment_annotations |
Extra annotations for the deployment |
map |
{} |
no |
extra_args |
Extra arguments |
list |
[] |
no |
extra_env |
Extra environment variables |
list |
[] |
no |
feature_gates |
Feature gates to enable on the pod |
list |
[] |
no |
image_pull_secrets |
Secrets for image pulling |
list |
[] |
no |
image_repository |
Image repository |
string |
"quay.io/jetstack/cert-manager-controller" |
no |
image_tag |
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. |
any |
null |
no |
ingress_shim |
Configure Ingess Shim. See https://cert-manager.io/docs/usage/ingress/ |
map |
{} |
no |
install_crds |
Install CRDs with chart |
bool |
true |
no |
leader_election_lease_duration |
Duration that non-leader candidates will wait after observing a leadership renewal |
string |
"60s" |
no |
leader_election_namespace |
Namespace used for Leader Election ConfigMap |
string |
"kube-system" |
no |
leader_election_renew_deadline |
Interval between attempts by the acting master to renew a leadership slot before it stops leading |
string |
"40s" |
no |
leader_election_retry_period |
Duration the clients should wait between attempting acquisition and renewal of a leadership. |
string |
"15s" |
no |
log_level |
Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. |
number |
2 |
no |
max_history |
Max History for Helm |
number |
20 |
no |
mutating_webhook_configuration_annotations |
Optional additional annotations to add to the webhook MutatingWebhookConfiguration |
map |
{} |
no |
node_selector |
Node selector for cert-manager-controller pods |
map |
{} |
no |
pod_annotations |
Extra annotations for pods |
map |
{} |
no |
pod_labels |
Extra labels for pods |
map |
{} |
no |
priority_class_name |
Priority class for all cert-manager pods |
string |
"" |
no |
prometheus_enabled |
Enable Prometheus metrics |
bool |
true |
no |
psp_apparmor |
Use AppArmor with PSP. |
bool |
true |
no |
psp_enable |
Create PodSecurityPolicy |
bool |
false |
no |
rbac_create |
Create RBAC resources |
bool |
true |
no |
release_name |
Helm release name |
string |
"cert-manager" |
no |
replica_count |
Number of controller replicas |
number |
1 |
no |
resources |
Resources for pods |
map |
{ "limits": { "cpu": "100m", "memory": "300Mi" }, "requests": { "cpu": "100m", "memory": "300Mi" } } |
no |
security_context |
Configure pod security context |
map |
{} |
no |
service_account_annotations |
Service acocunt annotations |
map |
{} |
no |
service_account_automount_token |
Automount API credentials for a Service Account |
bool |
true |
no |
service_account_create |
Create service account |
bool |
true |
no |
service_account_name |
Override the default service account name |
string |
"" |
no |
startupapicheck_affinity |
Affinity for startupapicheck |
map |
{} |
no |
startupapicheck_backoff_limit |
startupapicheck backoff limit |
number |
4 |
no |
startupapicheck_enabled |
Enable startupapicheck |
bool |
true |
no |
startupapicheck_extra_args |
Extra args for startupapicheck |
list |
[] |
no |
startupapicheck_image_repository |
Image repository for startupapicheck |
string |
"quay.io/jetstack/cert-manager-ctl" |
no |
startupapicheck_image_tag |
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. |
any |
null |
no |
startupapicheck_node_selector |
Node selector for startupapicheck |
map |
{} |
no |
startupapicheck_pod_labels |
Extra labels for startupapicheck pods |
map |
{} |
no |
startupapicheck_resources |
startupapicheck pod resources |
map |
{ "limits": { "cpu": "10m", "memory": "32Mi" }, "requests": { "cpu": "10m", "memory": "32Mi" } } |
no |
startupapicheck_security_context |
startupapicheck security context |
map |
{ "runAsNonRoot": true } |
no |
startupapicheck_timeout |
startupapicheck timeout |
string |
"1m" |
no |
startupapicheck_tolerations |
Tolerations for startupapicheck |
list |
[] |
no |
strategy |
Update strategy of deployment |
map |
{ "rollingUpdate": { "maxSurge": 1, "maxUnavailable": "50%" }, "type": "RollingUpdate" } |
no |
tolerations |
Pod tolerations |
list |
[] |
no |
validating_webhook_configuration_annotations |
Optional additional annotations to add to the webhook ValidatingWebhookConfiguration |
map |
{} |
no |
volume_mounts |
Extra volume mounts for the container |
list |
[] |
no |
volumes |
Extra volumes for the pod |
list |
[] |
no |
webhook_affinity |
Affinity for webhook |
map |
{} |
no |
webhook_deployment_annotations |
Extra annotations for webhook deployment |
map |
{} |
no |
webhook_extra_args |
Extra args for webhook |
list |
[] |
no |
webhook_host_network |
Whether webhook should use host network |
bool |
false |
no |
webhook_image_repository |
Image repository for webhook |
string |
"quay.io/jetstack/cert-manager-webhook" |
no |
webhook_image_tag |
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. |
any |
null |
no |
webhook_liveness_probe |
Liveness probe for webhook |
map |
{ "failureThreshold": 3, "initialDelaySeconds": 60, "periodSeconds": 10, "successThreshold": 1, "timeoutSeconds": 5 } |
no |
webhook_node_selector |
Node selector for webhook |
map |
{} |
no |
webhook_pod_annotations |
Extra annotations for webhook pods |
map |
{} |
no |
webhook_pod_labels |
Extra labels for webhook pods |
map |
{} |
no |
webhook_port |
Port used by webhook to listen for request from Kubernetes Master |
number |
10250 |
no |
webhook_readiness_probe |
Readiness probe for webhook |
map |
{ "failureThreshold": 3, "initialDelaySeconds": 5, "periodSeconds": 5, "successThreshold": 1, "timeoutSeconds": 5 } |
no |
webhook_replica_count |
Number of replicas for webhook |
number |
1 |
no |
webhook_resources |
Webhook pod resources |
map |
{ "limits": { "cpu": "100m", "memory": "300Mi" }, "requests": { "cpu": "100m", "memory": "300Mi" } } |
no |
webhook_security_context |
Security context for webhook pod |
map |
{} |
no |
webhook_service_account_annotations |
Annotations for webhook service account |
map |
{} |
no |
webhook_service_account_create |
Create Webhook service account |
bool |
true |
no |
webhook_service_account_name |
Name for webhook service account. If not set and create is true, a name is generated using the fullname template |
string |
"" |
no |
webhook_timeout_seconds |
Timeout in seconds for webook |
number |
10 |
no |
webhook_tolerations |
Tolerations for webhook |
list |
[] |
no |
webook_container_security_context |
Security context for webhook containers |
map |
{} |
no |
webook_strategy |
Update strategy for admission webhook |
map |
{ "rollingUpdate": { "maxSurge": 1, "maxUnavailable": "50%" }, "type": "RollingUpdate" } |
no |