-
Notifications
You must be signed in to change notification settings - Fork 81
/
values.yaml
185 lines (155 loc) · 4.77 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# +docs:section=AWS Private CA Issuer
# Number of replicas to run of the issuer
replicaCount: 1
image:
# Image repository
repository: public.ecr.aws/k1n1h4h4/cert-manager-aws-privateca-issuer
# Image pull policy
pullPolicy: IfNotPresent
# Image tag
tag: ""
# Disable waiting for CertificateRequests to be Approved before signing
disableApprovedCheck: false
# Disables Kubernetes client-side rate limiting (only use if API Priority & Fairness is enabled on the cluster).
disableClientSideRateLimiting: false
# Optional secrets used for pulling the container image
#
# For example:
# imagePullSecrets:
# - name: secret-name
imagePullSecrets: []
# Override the name of the objects created by this chart
nameOverride: ""
# Override the name of the objects created by this chart
fullnameOverride: ""
# Number deployment revisions to keep
revisionHistoryLimit: 10
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
rbac:
# Specifies whether RBAC should be created
create: true
service:
# Type of service to create
type: ClusterIP
# Port the service should listen on
port: 8080
# Annotations to add to the issuer Pod
podAnnotations: {}
# Pod security context
# +docs:property
podSecurityContext:
runAsUser: 65532
# Container security context
# +docs:property
securityContext:
allowPrivilegeEscalation: false
# Kubernetes pod resources requests/limits
#
# For example:
# resources:
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources: {}
# Kubernetes node selector: node labels for pod assignment
nodeSelector: {}
# Kubernetes pod tolerations for cert-manager-csi-driver
#
# For example:
# tolerations:
# - operator: "Exists"
tolerations: []
# A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core
#
# For example:
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: foo.bar.com/role
# operator: In
# values:
# - master
affinity: {}
# List of Kubernetes TopologySpreadConstraints; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core
#
# For example:
# topologySpreadConstraints:
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: ScheduleAnyway
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: aws-privateca-issuer
topologySpreadConstraints: []
# Additional environment variables to set in the Pod
# +docs:type=object
env:
# Additional labels to add to the Pod
podLabels: {}
# Additional volumes on the operator container.
volumes: []
# Additional VolumeMounts on the operator container.
volumeMounts: []
# Configures a disruption budget for the deployment.
#
# Expects input structure similar to https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudgetspec-v1-policy
# WITHOUT the pod selector, which is handled by the chart.
# Per https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudgetspec-v1-policy, `maxUnavailable` is mutually
# exclusive with `minAvailable`, you cannot set both.
#
# For example:
# podDisruptionBudget:
# maxUnavailable: 1
#
# Or:
# podDisruptionBudget:
# minAvailable: 1
#
# But NOT:
# podDisruptionBudget:
# minAvailable: 1
# maxUnavailable: 1
podDisruptionBudget: {}
# +docs:section=Autoscaling
autoscaling:
# Enable auto scaling using a HorizontalPodAutoscaler
enabled: false
# Minimum number of replicas to deploy
minReplicas: 1
# Maximum number of replicas to deploy
maxReplicas: 100
# CPU threshold to scale at as a percentage of the requested CPUs
targetCPUUtilizationPercentage: 80
# Memory threshold to scale at as a percentage of the requested memory
# +docs:property
# targetMemoryUtilizationPercentage: 80
# +docs:section=Approver Role
# Options for configuring a target ServiceAccount with the role to approve
# all awspca.cert-manager.io requests.
approverRole:
# Create the ClusterRole to allow the issuer to approve certificate requests
enabled: true
# Service account give approval permission
serviceAccountName: cert-manager
# Namespace the service account resides in
namespace: cert-manager
# +docs:section=Monitoring
serviceMonitor:
# Create Prometheus ServiceMonitor
create: false
# Annotations to add to the Prometheus ServiceMonitor
annotations: {}
# Labels to add to the Prometheus ServiceMonitor
labels: {}