Using certmanager-issuer for CertManager Issuer creation
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
This chart is a helper for Jetstack’s CertManager Helm chart. It automatically provisions an Issuer object, used by CertManager when requesting TLS certificates for GitLab Ingresses.
Configuration
We describe all the major sections of the configuration below. When configuring from the parent chart, these values are:
certmanager-issuer:
# Configure an ACME Issuer in cert-manager. Only used if global.ingress.configureCertmanager is true.
server: https://acme-v02.api.letsencrypt.org/directory
# Provide an email to associate with your TLS certificates
# email:
rbac:
create: true
resources:
requests:
cpu: 50m
# Priority class assigned to pods
priorityClassName: ""
common:
labels: {}Installation parameters
This table contains all the possible charts configurations that can be supplied
to the helm install command using the --set flags:
| Parameter | Default | Description |
|---|---|---|
server | https://acme-v02.api.letsencrypt.org/directory | Let’s Encrypt server for use with the ACME CertManager Issuer. |
email | You must provide an email to associate with your TLS certificates. Let’s Encrypt uses this address to contact you about expiring certificates, and issues related to your account. | |
rbac.create | true | When true, creates RBAC-related resources to allow for manipulation of CertManager Issuer objects. |
resources.requests.cpu | 50m | Requested CPU resources for the Issuer creation Job. |
common.labels | Common labels to apply to the ServiceAccount, Job, ConfigMap, and Issuer. | |
priorityClassName | Priority class assigned to pods. | |
containerSecurityContext | Override container securityContext under which Certmanager is started | |
containerSecurityContext.runAsUser | 65534 | User ID under which the container should be started |
containerSecurityContext.runAsGroup | 65534 | Group ID under which the container should be started |
containerSecurityContext.allowPrivilegeEscalation | false | Controls whether a process can gain more privileges than its parent process |
containerSecurityContext.runAsNonRoot | true | Controls whether the container runs with a non-root user |
containerSecurityContext.capabilities.drop | [ "ALL" ] | Removes Linux capabilities for the container |
ttlSecondsAfterFinished | 1800 | Controls when a finished job becomes eligible for cascading removal. |
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support