You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`secretConfig.useClusterRoleForSecretAccess`| Specifies if the ServiceAccount should be granted access to the Secret resource using a ClusterRole |`false`|
76
+
|`secretConfig.useClusterRoleForConfigMapAccess`| Specifies if the ServiceAccount should be granted access to the ConfigMap resource using a ClusterRole |`false`|
77
+
|`crd.create`| Specifies if CRDs will be created |`true`|
78
+
|`crd.annotations`| Annotations to add to the CRD |`{}`|
79
+
|`serviceAccount.create`| Specifies if a service account should be created |`true`|
80
+
|`serviceAccount.labels`| Labels to add to the service account |`{}`|
81
+
|`serviceAccount.annotations`| Annotations to add to the service account |`{}`|
82
+
|`serviceAccount.name`| Name of the service account to use |`""` (uses the fullname template if `create` is true) |
80
83
|`serviceAccount.automountServiceAccountToken`| Controls whether Kubernetes automatically mounts the service account token into the pod. When `false` (default), a projected volume is used instead, giving explicit control over token expiration and file permissions. Setting to `true` uses Kubernetes' default token mount, which has no expiration and is less restrictive — only recommended if the projected volume approach causes compatibility issues. |`false`|
81
84
|`serviceAccount.projectedTokenVolume.expirationSeconds`| Lifetime in seconds of the projected service account token. The kubelet will rotate the token before it expires. Only applies when `automountServiceAccountToken` is `false`. |`3607`|
82
-
|`serviceAccount.projectedTokenVolume.defaultMode`| File permission bits for the projected token volume. Only applies when `automountServiceAccountToken` is `false`. |`0444`|
83
-
|`podAnnotations`| Annotations for the pod |`{}`|
84
-
|`podSecurityContext.runAsNonRoot`| Run pod as non-root |`true`|
85
-
|`securityContext`| Security context for the pod |`{}` (with commented out options) |
86
-
|`resources`| CPU/Memory resource requests/limits |`{}` (with commented out options) |
87
-
|`nodeSelector`| Node labels for pod assignment |`{}`|
88
-
|`tolerations`| Tolerations for pod assignment |`[]`|
89
-
|`env`| Environmental variables set for pod |`{}`|
90
-
|`secretConfig.useClusterRoleForSecretAccess`| Specifies if the ServiceAccount should be granted access to the Secret resource using a ClusterRole |`false`|
91
-
|`defaultHealthCheckInterval`| Specifies the default health check interval for issuers |`""` (uses the default in the code which is 10 minutes) |
85
+
|`serviceAccount.projectedTokenVolume.defaultMode`| File permission bits for the projected token volume. Only applies when `automountServiceAccountToken` is `false`. |`0444`|
86
+
|`podLabels`| Labels for the pod |`{}`|
87
+
|`podAnnotations`| Annotations for the pod |`{}`|
88
+
|`podSecurityContext.runAsNonRoot`| Run pod as non-root |`true`|
89
+
|`securityContext`| Security context for the pod |`{}` (with commented out options) |
90
+
|`resources`| CPU/Memory resource requests/limits |`{}` (with commented out options) |
91
+
|`nodeSelector`| Node labels for pod assignment |`{}`|
92
+
|`tolerations`| Tolerations for pod assignment |`[]`|
93
+
|`priorityClassName`| Priority class to set for pod |`""`|
94
+
|`defaultHealthCheckInterval`| Specifies the default health check interval for issuers |`""` (uses the default in the code which is 10 minutes)|
95
+
|`env`| Environmental variables set for pod |`{}`|
0 commit comments