|
|
@@ -148,10 +148,9 @@ The command removes all the Kubernetes components associated with the chart and
|
|
|
| serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
|
|
|
| tolerations | list | `[]` | |
|
|
|
| topologySpreadConstraints | list | `[]` | |
|
|
|
+| webhook.addCustomCertSecretInjectorAnnotations | bool | `false` | Although webhook.certManager may be disabled, cert-manager still needs to be installed (and this chart does not install it for you). "cert-manager" is used to inject the caBundle into Kind=CustomResourceDefinition for conversion webhooks and Kind=ValidatingWebhookConfiguration for validating admission webhook. The Secret resource MUST have an `cert-manager.io/allow-direct-injection: "true"` annotation. |
|
|
|
| webhook.affinity | object | `{}` | |
|
|
|
| webhook.certCheckInterval | string | `"5m"` | Specifices the time to check if the cert is valid |
|
|
|
-| webhook.certSecretNameOverride | string | `""` | If its value is different from the default one, it overrides the name of the secret resource where the webhook certificates are stored. |
|
|
|
-| webhook.createWebhookSecret | bool | `true` | Whether to create the webhook secret resource (doesn't interfere with `webhook.certManager.cert.create`). |
|
|
|
| webhook.certDir | string | `"/tmp/certs"` | |
|
|
|
| webhook.certManager.addInjectorAnnotations | bool | `true` | Automatically add the cert-manager.io/inject-ca-from annotation to the webhooks and CRDs. As long as you have the cert-manager CA Injector enabled, this will automatically setup your webhook's CA to the one used by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector |
|
|
|
| webhook.certManager.cert.annotations | object | `{}` | Add extra annotations to the Certificate resource. |
|
|
|
@@ -160,7 +159,9 @@ The command removes all the Kubernetes components associated with the chart and
|
|
|
| webhook.certManager.cert.issuerRef | object | `{"group":"cert-manager.io","kind":"Issuer","name":"my-issuer"}` | For the Certificate created by this chart, setup the issuer. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec |
|
|
|
| webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. |
|
|
|
| webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ |
|
|
|
+| webhook.certSecretNameOverride | string | `""` | If not empty, overrides the name of the secret resource where the webhook certificates are stored. If the secret resource you want to use already exists, also check the following values: `certController.create`; `webhook.certManager.enabled`; `webhook.createWebhookSecret`; `webhook.addCustomCertSecretInjectorAnnotations`. |
|
|
|
| webhook.create | bool | `true` | Specifies whether a webhook deployment be created. |
|
|
|
+| webhook.createWebhookSecret | bool | `true` | Whether to create the webhook secret resource (doesn't interfere with webhook.certManager.cert.create). |
|
|
|
| webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
|
|
|
| webhook.extraArgs | object | `{}` | |
|
|
|
| webhook.extraEnv | list | `[]` | |
|
Leonardo M. Miranda