Parameters
The parent key for all of the following parameters is cert_manager
.
dns01-recursive-nameservers
type |
string |
default |
|
Recursive nameservers to use for validating DNS01 challenges. See the cert-manager documentation for more details.
This parameter is injected into parameter helm_values
as an extra argument to cert-manager (helm_values.extraArgs
).
We additionally also set |
http_proxy
type |
string |
default |
`` |
The value of http_proxy
is passed to cert-manager in environment variable HTTP_PROXY
.
This parameter is injected into parameter helm_values
in field extraEnv
.
https_proxy
type |
string |
default |
`` |
The value of https_proxy
is passed to cert-manager in environment variable HTTPS_PROXY
.
This parameter is injected into parameter helm_values
in field extraEnv
.
no_proxy
type |
string |
default |
`` |
The value of no_proxy
is passed to cert-manager in environment variable NO_PROXY
.
This parameter is injected into parameter helm_values
in field extraEnv
.
solvers
type |
dictionary |
default |
see |
A dictionary holding the solvers for the default cluster issuers.
See cert-manager.io/docs/configuration/acme/#configuration for configurable parameters.
secrets
type |
dictionary |
default |
|
A dictionary holding secrets for DNS01 solvers.
Each key in the dictionary is used as the name of a secret.
The value of the key is merged directly into an empty Kubernetes Secret
resource.
By default, secrets are created in the namespace in which cert-manager is deployed.
See the cert-manager documentation for DNS01 solvers which are supported by cert-manager.
acme_dns_api
type |
dictionary |
keys |
|
default |
|
The component sets up a Job and Cronjob to register and check acme-dns client credentials if key endpoint
is present and non-null in this parameter.
If key endpoint
is missing or null
the component doesn’t configure the acme-dns client registration.
For a detailed explanation of how the self-registration works, see the acme-dns self-registration documentation.
If key endpoint
is present and non-null, the component expects that the other keys listed above are also present. The keys have the following meaning:
endpoint
-
The HTTP API endpoint of the acme-dns instance
username
-
The HTTP basic authorization username for the acme-dns instance
/register
endpoint password
-
The HTTP basic authorization password for the acme-dns instance
/register
endpoint. We strongly recommend specifying the password as a Vault secret reference. fqdns
-
A list of FQDNs for which the acme-dns instance can be used to solve DNS01 challenges. This list must contain at least one entry.
See Using DNS01 challenges for instructions to setup and use the acme-dns self-registration mechanism. |
The entries in |
helm_values
type |
dict |
value |
The Helm values which the component uses to render the cert-manager Helm chart.
See the cert-manager Helm chart for all possible configurations.