yk8s.k8s-service-layer.cert-manager
The used Cert-Manager controller setup will be explained in more detail soon :)
Note
To enable cert-manager, yk8s.k8s-service-layer.cert-manager.enabled needs to be set to
true.
yk8s.k8s-service-layer.cert-manager.enabled
Whether to enable management of a cert-manager.io instance.
Type::
boolean
Default::
false
Example::
true
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.helm.chart_ref
The chart reference (relative to the repository) of the cert-manager Helm chart.
Type::
RFC3986 relative URL path
Default::
"cert-manager"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.helm.chart_repo_url
The URL to the Helm repository for the cert-manager Helm chart.
Type::
RFC3986 HTTP(S) URL
Default::
"https://charts.jetstack.io"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.helm.chart_version
Version of the cert-manager Helm chart to be used.
If the version shall be unpinned, set to: null.
Type::
null or Helm chart version (Semantic version 2 string or OCI image tag)
Default::
"1.19.1"
Example::
"1.2.3"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.helm.release_name
The release name inside the cluster for cert-manager.
Type::
non-empty string
Default::
"cert-manager"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.helm.release_namespace
The namespace in which to install cert-manager.
Type::
RFC1123 subdomain label (lowercase) or RFC1035 subdomain label (lowercase)
Default::
"k8s-svc-cert-manager"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.helm.values
Helm values for the cert-manager helm chart.
Some values are set by default through Tarook, but arbitrary values can be set. For a full list of possible values, see https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml
Type::
JSON value
Default::
{ }
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.install
Install or uninstall cert manager. If set to false, the cert-manager will be uninstalled WITHOUT CHECK FOR DISRUPTION!
Type::
boolean
Default::
true
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_email
If given, a cluster wide Let’s Encrypt issuer with that email address will be generated. Requires an ingress to work correctly. DO NOT ENABLE THIS IN CUSTOMER CLUSTERS, BECAUSE THEY SHOULD NOT CREATE CERTIFICATES UNDER OUR NAME. Customers are supposed to deploy their own ACME/Let’s Encrypt issuer.
Type::
null or RFC5322 email address
Default::
null
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_ingress
The ingress class to use for responding to the ACME challenge. The default value works for the default k8s-service-layer.ingress configuration and may need to be adapted in case a different ingress is to be used.
Type::
non-empty string
Default::
"nginx"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_preferred_chain
By default, the ACME issuer will let the server choose the certificate chain to use for the certificate. This can be used to override it.
Type::
null or non-empty string
Default::
null
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.letsencrypt_server
This variable let’s you specify the endpoint of the ACME issuer. A common usecase is to switch between staging and production. See https://letsencrypt.org/docs/staging-environment/
Type::
RFC3986 HTTP(S) URL (scheme, authority and path only)
Default::
"https://acme-v02.api.letsencrypt.org/directory"
Example::
"https://acme-staging-v02.api.letsencrypt.org/directory"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix
yk8s.k8s-service-layer.cert-manager.scheduling_key
Scheduling key for the cert manager instance and its resources. Has no default.
Type::
null or Kubernetes label
Default::
null
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/cert-manager.nix