yk8s.k8s-service-layer.cert-manager
The used Cert-Manager controller setup will be explained in more detail soon :)
Note
To enable cert-manager,
k8s-service-layer.cert-manager.enabled
needs to be set totrue
.
yk8s.k8s-service-layer.cert-manager.chart_ref
Type::
non-empty string
Default::
"jetstack/cert-manager"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.chart_version
Type::
string
Default::
"1.15.2"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.enabled
Whether to enable management of a cert-manager.io instance.
Type::
boolean
Default::
false
Example::
true
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.helm_repo_url
Type::
non-empty string
Default::
"https://charts.jetstack.io"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.install
Install or uninstall cert manager. If set to false, the cert-manager will be uninstalled WITHOUT CHECK FOR DISRUPTION!
Type::
boolean
Default::
true
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_email
If given, a cluster wide Let’s Encrypt issuer with that email address will be generated. Requires an ingress to work correctly. DO NOT ENABLE THIS IN CUSTOMER CLUSTERS, BECAUSE THEY SHOULD NOT CREATE CERTIFICATES UNDER OUR NAME. Customers are supposed to deploy their own ACME/Let’s Encrypt issuer.
Type::
null or non-empty string
Default::
null
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_ingress
The ingress class to use for responding to the ACME challenge. The default value works for the default k8s-service-layer.ingress configuration and may need to be adapted in case a different ingress is to be used.
Type::
non-empty string
Default::
"nginx"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_preferred_chain
By default, the ACME issuer will let the server choose the certificate chain to use for the certificate. This can be used to override it.
Type::
null or non-empty string
Default::
null
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_server
This variable let’s you specify the endpoint of the ACME issuer. A common usecase is to switch between staging and production. See https://letsencrypt.org/docs/staging-environment/
Type::
non-empty string
Default::
"https://acme-v02.api.letsencrypt.org/directory"
Example::
"https://acme-staging-v02.api.letsencrypt.org/directory"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.namespace
Configure in which namespace the cert-manager is run. The namespace is created automatically, but never deleted automatically.
Type::
non-empty string
Default::
"k8s-svc-cert-manager"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.release_name
Type::
non-empty string
Default::
"cert-manager"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.scheduling_key
Scheduling key for the cert manager instance and its resources. Has no default.
Type::
null or non-empty string
Default::
null
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix