Skip to content

Commit

Permalink
[helm] expose enable-certificate-owner-ref and -dns01-recursive-names…
Browse files Browse the repository at this point in the history
…ervers as helm value

Signed-off-by: Jan-Otto Kröpke <[email protected]>
  • Loading branch information
jkroepke committed Jan 14, 2023
1 parent 9b24e88 commit b952058
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 3 deletions.
3 changes: 3 additions & 0 deletions deploy/charts/cert-manager/README.template.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,9 @@ The following table lists the configurable parameters of the cert-manager chart
| `http_proxy` | Value of the `HTTP_PROXY` environment variable in the cert-manager pod | |
| `https_proxy` | Value of the `HTTPS_PROXY` environment variable in the cert-manager pod | |
| `no_proxy` | Value of the `NO_PROXY` environment variable in the cert-manager pod | |
| `dns01RecursiveNameservers` | Comma separated string with host and port of the recursive nameservers cert-manager should query | `` |
| `dns01RecursiveNameserversOnly` | Forces cert-manager to only use the recursive nameservers for verification. | `false` |
| `enableCertificateOwnerRef` | When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted | `false` |
| `webhook.replicaCount` | Number of cert-manager webhook replicas | `1` |
| `webhook.timeoutSeconds` | Seconds the API server should wait the webhook to respond before treating the call as a failure. | `10` |
| `webhook.podAnnotations` | Annotations to add to the webhook pods | `{}` |
Expand Down
9 changes: 9 additions & 0 deletions deploy/charts/cert-manager/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,15 @@ spec:
{{- if .Values.maxConcurrentChallenges }}
- --max-concurrent-challenges={{ .Values.maxConcurrentChallenges }}
{{- end }}
{{- if .Values.enableCertificateOwnerRef }}
- --enable-certificate-owner-ref=true
{{- end }}
{{- if .Values.dns01RecursiveNameserversOnly }}
- --dns01-recursive-nameservers-only=true
{{- end }}
{{- with .Values.dns01RecursiveNameservers }}
- --dns01-recursive-nameservers={{ . }}
{{- end }}
ports:
- containerPort: 9402
name: http-metrics
Expand Down
15 changes: 13 additions & 2 deletions deploy/charts/cert-manager/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -107,11 +107,22 @@ serviceAccount:
# Automounting API credentials for a particular pod
# automountServiceAccountToken: true

# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
enableCertificateOwnerRef: false

# Setting Nameservers for DNS01 Self Check
# See: https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check

# Comma separated string with host and port of the recursive nameservers cert-manager should query
dns01RecursiveNameservers: ""

# Forces cert-manager to only use the recursive nameservers for verification.
# Enabling this option could cause the DNS01 self check to take longer due to caching performed by the recursive nameservers
dns01RecursiveNameserversOnly: false

# Additional command line flags to pass to cert-manager controller binary.
# To see all available flags run docker run quay.io/jetstack/cert-manager-controller:<version> --help
extraArgs: []
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
# - --enable-certificate-owner-ref=true
# Use this flag to enable or disable arbitrary controllers, for example, disable the CertificiateRequests approver
# - --controllers=*,-certificaterequests-approver

Expand Down
3 changes: 2 additions & 1 deletion make/e2e-setup.mk
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,8 @@ e2e-setup-certmanager: $(BINDIR)/cert-manager.tgz $(foreach binaryname,controlle
--set featureGates="$(feature_gates_controller)" \
--set "webhook.extraArgs={--feature-gates=$(feature_gates_webhook)}" \
--set "cainjector.extraArgs={--feature-gates=$(feature_gates_cainjector)}" \
--set "extraArgs={--dns01-recursive-nameservers=$(SERVICE_IP_PREFIX).16:53,--dns01-recursive-nameservers-only=true}" \
--set "dns01RecursiveNameservers=$(SERVICE_IP_PREFIX).16:53" \
--set "dns01RecursiveNameserversOnly=true" \
cert-manager $< >/dev/null

.PHONY: e2e-setup-bind
Expand Down

0 comments on commit b952058

Please sign in to comment.