Parameters
The parent key for all of the following parameters is cert_manager.
namespace
| type |
string |
| default |
|
The namespace in which to install cert-manager.
The component always adds label openshift.io/cluster-monitoring=true to the namespace.
Additionally, if component prometheus is installed on the cluster, the component registers the namespace to be monitored through the default Prometheus stack managed by that component.
dns01-recursive-nameservers
| type |
string |
| default |
|
Recursive nameservers to use for validating DNS01 challenges. See the cert-manager documentation for more details.
This parameter is injected into parameter helm_values as an extra argument to cert-manager (helm_values.extraArgs).
|
We additionally also set |
http_proxy
| type |
string |
| default |
`` |
The value of http_proxy is passed to cert-manager in environment variable HTTP_PROXY.
This parameter is injected into parameter helm_values in field extraEnv.
https_proxy
| type |
string |
| default |
`` |
The value of https_proxy is passed to cert-manager in environment variable HTTPS_PROXY.
This parameter is injected into parameter helm_values in field extraEnv.
no_proxy
| type |
string |
| default |
`` |
The value of no_proxy is passed to cert-manager in environment variable NO_PROXY.
This parameter is injected into parameter helm_values in field extraEnv.
letsencrypt_clusterissuers
| type |
dictionary |
| default |
|
This parameter allows users to control which Let’s Encrypt cluster issuers are generated by the component. Generally, we recommend deploying both the staging and production cluster issuers.
However, in certain cases it may make sense to not deploy the Let’s Encrypt cluster issuers. If you disable both Let’s Encrypt cluster issuers, you’ll have to setup suitable issuers or cluster issuers manually in order to make use of cert-manager.
solvers
| type |
dictionary |
| default |
see |
A dictionary holding the solvers for the default cluster issuers.
See cert-manager.io/docs/configuration/acme/#configuration for configurable parameters.
secrets
| type |
dictionary |
| default |
|
A dictionary holding secrets for DNS01 solvers.
Each key in the dictionary is used as the name of a secret.
The value of the key is merged directly into an empty Kubernetes Secret resource.
By default, secrets are created in the namespace in which cert-manager is deployed.
See the cert-manager documentation for DNS01 solvers which are supported by cert-manager.
acme_dns_api
| type |
dictionary |
| keys |
|
| default |
|
The component sets up a Job and Cronjob to register and check acme-dns client credentials if key endpoint is present and non-null in this parameter.
If key endpoint is missing or null the component doesn’t configure the acme-dns client registration.
For a detailed explanation of how the self-registration works, see the acme-dns self-registration documentation.
If key endpoint is present and non-null, the component expects that the other keys listed above are also present. The keys have the following meaning:
endpoint-
The HTTP API endpoint of the acme-dns instance
username-
The HTTP basic authorization username for the acme-dns instance
/registerendpoint password-
The HTTP basic authorization password for the acme-dns instance
/registerendpoint. We strongly recommend specifying the password as a Vault secret reference. fqdns-
A list of FQDNs for which the acme-dns instance can be used to solve DNS01 challenges. This list must contain at least one entry.
| See Using DNS01 challenges for instructions to setup and use the acme-dns self-registration mechanism. |
|
The entries in |
helm_values
| type |
dict |
| value |
The Helm values which the component uses to render the cert-manager Helm chart.
See the cert-manager Helm chart for all possible configurations.