ocp-certmanager-chart/values.yaml at main · validatedpatterns/ocp-certmanager-chart · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
---
# -- Dictionary of the global settings to configure this chart
# @default -- depends on the individual settings
global:

installerType: "argocd"

# -- String the channel to install cert-manager from (Defaults to "stable-v1")
operatorChannel: "stable-v1"

certmgrOperator:
  # -- List of DNS server (ip:port strings) for DNS01 challenges.
  # Defaults to [8.8.8.8:53, 1.1.1.1:53]. Necessary for DNS01 ACME solver;
  # openshift's internal split-view DNS servers typically won't work.
  # See: https://cert-manager.io/docs/configuration/acme/dns01/
  #      #setting-nameservers-for-dns01-self-check
  nameservers:
    - 8.8.8.8:53
    - 1.1.1.1:53

  # -- Arguments to pass to the cert-manager controller (optional)
  # Example:
  # additionalArgs:
  #   - "--acme-http01-solver-nameservers=8.8.8.8:53,1.1.1.1:53"
  #   - "--v=2"
  additionalArgs: [ ]

  # -- Issuers to use for the cert-manager (optional)
  # You can specify multiple issuers for different challenges.
  issuers: [ ]

  # -- ACME settings
  # - acme:
  #     -- Email to use for ACME account
  #     email: "user@example.com"
  #     -- Secret resource to store ACME account's private key
  #     privateKeySecretRef:
  #       name: "acme-account-key"
  #     -- ACME server to use
  #     Examples:
  #     - https://acme-staging-v02.api.letsencrypt.org/directory
  #     - https://acme-v02.api.letsencrypt.org/directory
  #     server: "https://acme-staging-v02.api.letsencrypt.org/directory"
  #     -- ACME solvers to use (optional)
  #     You can specify multiple solvers for different challenges.
  #     solvers: []
  #       Examples:
  #       - dns01:
  #         -- AWS Route53 example
  #         route53:
  #           region: "us-east-1"
  #           accessKeyIDSecretRef:
  #             name: "aws-credentials"
  #             key: aws_access_key_id
  #           secretAccessKeySecretRef:
  #             name: "aws-credentials"
  #             key: aws_secret_access_key
  #           hostedZoneID: "hosted-zone-id"
  #         -- Azure example
  #         azureDNS:
  #           resourceGroupName: "my-resource-group"
  #           subscriptionID: "my-subscription-id"
  #           hostedZoneName: "my-hosted-zone-name"
  #           environment: "AzurePublicCloud"
  #           managedIdentity:
  #             clientID: "my-client-id"
  #         -- GCP example
  #         cloudDNS:
  #           project: "my-project"
  #           serviceAccountSecretRef:
  #             name: "my-service-account"
  #             key: "my-key"
  #         -- Cloudflare example
  #         cloudflare:
  #           apiTokenSecretRef:
  #             name: "my-api-key"
  #             key: "my-key"

  # -- Cloud credentials to use for the cert-manager (optional)
  # You can specify multiple cloud credentials for different cloud providers.
  # Used in combination with the solvers to create the DNS records.
  credentialsRequests: [ ]
  # -- AWS example
  # - name: aws
  #   secretRef:
  #     name: "aws-credentials"
  #     namespace: "cert-manager"
  #   providerSpec:
  #     apiVersion: cloudcredential.openshift.io/v1
  #     kind: "AWSProviderSpec"
  #     statementEntries:
  #     - effect: Allow
  #       action:
  #         - route53:GetChange
  #       resource: "arn:aws:route53:::change/*"
  #     - effect: Allow
  #       action:
  #         - route53:ChangeResourceRecordSets
  #         - route53:ListResourceRecordSets
  #       resource: "arn:aws:route53:::hostedzone/*"
  #     -- Can be removed if you specify the (optional) hostedZoneID.
  #     - effect: Allow
  #       action:
  #         - route53:ListHostedZones
  #       resource: "*"
  # -- Azure example
  # - name: azure
  #   secretRef:
  #     name: "azure-credentials"
  #     namespace: "cert-manager"
  #   providerSpec:
  #     apiVersion: cloudcredential.openshift.io/v1
  #     kind: "AzureProviderSpec"
  #     roleBindings:
  #       - role: "DNS Zone Contributor"
  # -- GCP example
  # - name: gcp
  #   secretRef:
  #     name: "gcp-credentials"
  #     namespace: "cert-manager"
  #   providerSpec:
  #     apiVersion: cloudcredential.openshift.io/v1
  #     kind: "GCPProviderSpec"
  #     predefinedRoles:
  #       - "roles/dns.admin"
  #     gcpServiceAccount: "cert-manager-clusterName-dns"