|
1 | 1 | --- |
| 2 | +# -- Dictionary of the global settings to configure this chart |
| 3 | +# @default -- depends on the individual settings |
| 4 | +global: |
| 5 | + |
| 6 | +installerType: "argocd" |
| 7 | + |
| 8 | +# -- String the channel to install cert-manager from (Defaults to "stable-v1") |
| 9 | +operatorChannel: "stable-v1" |
| 10 | + |
| 11 | +certmgrOperator: |
| 12 | + # -- List of DNS server (ip:port strings) for DNS01 challenges. |
| 13 | + # Defaults to [8.8.8.8:53, 1.1.1.1:53]. Necessary for DNS01 ACME solver; |
| 14 | + # openshift's internal split-view DNS servers typically won't work. |
| 15 | + # See: https://cert-manager.io/docs/configuration/acme/dns01/ |
| 16 | + # #setting-nameservers-for-dns01-self-check |
| 17 | + nameservers: |
| 18 | + - 8.8.8.8:53 |
| 19 | + - 1.1.1.1:53 |
| 20 | + |
| 21 | + # -- Arguments to pass to the cert-manager controller (optional) |
| 22 | + # Example: |
| 23 | + # additionalArgs: |
| 24 | + # - "--acme-http01-solver-nameservers=8.8.8.8:53,1.1.1.1:53" |
| 25 | + # - "--v=2" |
| 26 | + additionalArgs: [] |
| 27 | + |
| 28 | + # -- Issuers to use for the cert-manager (optional) |
| 29 | + # You can specify multiple issuers for different challenges. |
| 30 | + issuers: [] |
| 31 | + |
| 32 | + # -- ACME settings |
| 33 | + # - acme: |
| 34 | + # -- Email to use for ACME account |
| 35 | + # email: "user@example.com" |
| 36 | + # -- Secret resource to store ACME account's private key |
| 37 | + # privateKeySecretRef: |
| 38 | + # name: "acme-account-key" |
| 39 | + # -- ACME server to use |
| 40 | + # Examples: |
| 41 | + # - https://acme-staging-v02.api.letsencrypt.org/directory |
| 42 | + # - https://acme-v02.api.letsencrypt.org/directory |
| 43 | + # server: "https://acme-staging-v02.api.letsencrypt.org/directory" |
| 44 | + # -- ACME solvers to use (optional) |
| 45 | + # You can specify multiple solvers for different challenges. |
| 46 | + # solvers: [] |
| 47 | + # Examples: |
| 48 | + # - dns01: |
| 49 | + # -- AWS Route53 example |
| 50 | + # route53: |
| 51 | + # region: "us-east-1" |
| 52 | + # accessKeyIDSecretRef: |
| 53 | + # name: "aws-credentials" |
| 54 | + # key: aws_access_key_id |
| 55 | + # secretAccessKeySecretRef: |
| 56 | + # name: "aws-credentials" |
| 57 | + # key: aws_secret_access_key |
| 58 | + # hostedZoneID: "hosted-zone-id" |
| 59 | + # -- Azure example |
| 60 | + # azureDNS: |
| 61 | + # resourceGroupName: "my-resource-group" |
| 62 | + # subscriptionID: "my-subscription-id" |
| 63 | + # hostedZoneName: "my-hosted-zone-name" |
| 64 | + # environment: "AzurePublicCloud" |
| 65 | + # managedIdentity: |
| 66 | + # clientID: "my-client-id" |
| 67 | + # -- GCP example |
| 68 | + # cloudDNS: |
| 69 | + # project: "my-project" |
| 70 | + # serviceAccountSecretRef: |
| 71 | + # name: "my-service-account" |
| 72 | + # key: "my-key" |
| 73 | + # -- Cloudflare example |
| 74 | + # cloudflare: |
| 75 | + # apiTokenSecretRef: |
| 76 | + # name: "my-api-key" |
| 77 | + # key: "my-key" |
| 78 | + |
| 79 | + # -- Cloud credentials to use for the cert-manager (optional) |
| 80 | + # You can specify multiple cloud credentials for different cloud providers. |
| 81 | + # Used in combination with the solvers to create the DNS records. |
| 82 | + credentialsRequests: [] |
| 83 | + # -- AWS example |
| 84 | + # - name: aws |
| 85 | + # secretRef: |
| 86 | + # name: "aws-credentials" |
| 87 | + # namespace: "cert-manager" |
| 88 | + # providerSpec: |
| 89 | + # apiVersion: cloudcredential.openshift.io/v1 |
| 90 | + # kind: "AWSProviderSpec" |
| 91 | + # statementEntries: |
| 92 | + # - effect: Allow |
| 93 | + # action: |
| 94 | + # - route53:GetChange |
| 95 | + # resource: "arn:aws:route53:::change/*" |
| 96 | + # - effect: Allow |
| 97 | + # action: |
| 98 | + # - route53:ChangeResourceRecordSets |
| 99 | + # - route53:ListResourceRecordSets |
| 100 | + # resource: "arn:aws:route53:::hostedzone/*" |
| 101 | + # -- Can be removed if you specify the (optional) hostedZoneID. |
| 102 | + # - effect: Allow |
| 103 | + # action: |
| 104 | + # - route53:ListHostedZones |
| 105 | + # resource: "*" |
| 106 | + # -- Azure example |
| 107 | + # - name: azure |
| 108 | + # secretRef: |
| 109 | + # name: "azure-credentials" |
| 110 | + # namespace: "cert-manager" |
| 111 | + # providerSpec: |
| 112 | + # apiVersion: cloudcredential.openshift.io/v1 |
| 113 | + # kind: "AzureProviderSpec" |
| 114 | + # roleBindings: |
| 115 | + # - role: "DNS Zone Contributor" |
| 116 | + # -- GCP example |
| 117 | + # - name: gcp |
| 118 | + # secretRef: |
| 119 | + # name: "gcp-credentials" |
| 120 | + # namespace: "cert-manager" |
| 121 | + # providerSpec: |
| 122 | + # apiVersion: cloudcredential.openshift.io/v1 |
| 123 | + # kind: "GCPProviderSpec" |
| 124 | + # predefinedRoles: |
| 125 | + # - "roles/dns.admin" |
| 126 | + # gcpServiceAccount: "cert-manager-clusterName-dns" |
0 commit comments