Skip to content

Commit 2dc3c59

Browse files
francesco-furlanyoderme
francesco-furlan
and
yoderme
authored
feat(shield): add support to cert-manager on cluster-shield (#2411)
Co-authored-by: Mike Yoder <[email protected]>
1 parent 3c88fca commit 2dc3c59

File tree

9 files changed

+841
-2
lines changed

9 files changed

+841
-2
lines changed

charts/shield/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,5 @@ maintainers:
1313
- name: mavimo
1414
email: [email protected]
1515
type: application
16-
version: 1.22.0
16+
version: 1.23.0
1717
appVersion: "1.0.0"

charts/shield/README.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,17 @@ The following table lists the configurable parameters of the `shield` chart and
221221
| cluster.validatingwebhookconfiguration.create | Create the validatingwebhookconfiguration resources for the cluster shield | <code>true</code> |
222222
| cluster.tls_certificates.create | Create the TLS certificates for the cluster shield | <code>true</code> |
223223
| cluster.tls_certificates.secret_name | The name of the secret that contains the TLS certificates | <code></code> |
224+
| cluster.tls_certificates.cert_manager.enabled | Enable cert-manager for certificate management | <code>false</code> |
225+
| cluster.tls_certificates.cert_manager.ca.create | Create the CA certificate using cert-manager | <code>false</code> |
226+
| cluster.tls_certificates.cert_manager.ca.secret_template | The template for the CA certificate secret (if create=true) will automatically add the annotation `cert-manager.io/allow-direct-injection: "true"` if not present | <code>{}</code> |
227+
| cluster.tls_certificates.cert_manager.ca.secret_name | The name of the existing CA certificate secret (if create=false) has to be annotated with `cert-manager.io/allow-direct-injection: "true"` | <code>""</code> |
228+
| cluster.tls_certificates.cert_manager.ca.secret_namespace | The namespace of the existing CA certificate secret (if create=false) | <code>""</code> |
229+
| cluster.tls_certificates.cert_manager.issuer.create | Create the Issuer instead of using an existing one | <code>false</code> |
230+
| cluster.tls_certificates.cert_manager.issuer.name | The name of the existing issuer | <code>""</code> |
231+
| cluster.tls_certificates.cert_manager.issuer.kind | The kind of the existing issuer (Issuer, ClusterIssuer) | <code>Issuer</code> |
232+
| cluster.tls_certificates.cert_manager.issuer.group | The group of the existing issuer | <code>cert-manager.io</code> |
233+
| cluster.tls_certificates.cert_manager.duration | Certificate duration (default: 30 days) | <code>"720h"</code> |
234+
| cluster.tls_certificates.cert_manager.renew_before | How long before expiry to renew (default: 15 days) | <code>"360h"</code> |
224235
| cluster.resources.requests.cpu | The CPU request for the cluster shield | <code>500m</code> |
225236
| cluster.resources.requests.memory | The memory request for the cluster shield | <code>512Mi</code> |
226237
| cluster.resources.limits.cpu | The CPU limit for the cluster shield | <code>1500m</code> |

0 commit comments

Comments
 (0)