Using certmanager-issuer for CertManager Issuer creation

Tier: Free, Premium, Ultimate Offering: Self-managed

This chart is a helper for Jetstack’s CertManager Helm chart. It automatically provisions an Issuer object, used by CertManager when requesting TLS certificates for GitLab Ingresses.

Configuration

We describe all the major sections of the configuration below. When configuring from the parent chart, these values are:

certmanager-issuer:
  # Configure an ACME Issuer in cert-manager. Only used if global.ingress.configureCertmanager is true.
  server: https://acme-v02.api.letsencrypt.org/directory

  # Provide an email to associate with your TLS certificates
  # email:

  rbac:
    create: true

  resources:
    requests:
      cpu: 50m

  # Priority class assigned to pods
  priorityClassName: ""

  common:
    labels: {}

Installation parameters

This table contains all the possible charts configurations that can be supplied to the helm install command using the --set flags:

Parameter Default Description
server https://acme-v02.api.letsencrypt.org/directory Let’s Encrypt server for use with the ACME CertManager Issuer.
email   You must provide an email to associate with your TLS certificates. Let’s Encrypt uses this address to contact you about expiring certificates, and issues related to your account.
rbac.create true When true, creates RBAC-related resources to allow for manipulation of CertManager Issuer objects.
resources.requests.cpu 50m Requested CPU resources for the Issuer creation Job.
common.labels   Common labels to apply to the ServiceAccount, Job, ConfigMap, and Issuer.
priorityClassName   Priority class assigned to pods.
containerSecurityContext   Override container securityContext under which Certmanager is started
containerSecurityContext.runAsUser 65534 User ID under which the container should be started
containerSecurityContext.runAsGroup 65534 Group ID under which the container should be started
containerSecurityContext.allowPrivilegeEscalation false Controls whether a process can gain more privileges than its parent process
containerSecurityContext.runAsNonRoot true Controls whether the container runs with a non-root user
containerSecurityContext.capabilities.drop [ "ALL" ] Removes Linux capabilities for the container