dvirlabs/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
infra/manifests/cert-manager-stack/values.yaml

95 lines
3.1 KiB
YAML
Raw Blame History

# =============================================================================
# Production values for cert-manager-stack
# This is the ONLY file you need to edit for your cert-manager deployment
# =============================================================================
# -----------------------------------------------------------------------------
# cert-manager Configuration (Upstream Chart)
# These values are passed directly to the embedded cert-manager subchart
# -----------------------------------------------------------------------------
cert-manager:
# Enable the embedded cert-manager subchart
enabled: true
# Install CRDs as part of the Helm release
crds:
enabled: true
keep: true
# Disable Prometheus monitoring (enable if needed)
prometheus:
enabled: false
# Global configuration
global:
leaderElection:
namespace: cert-manager
# Uncomment to configure resource limits
# resources:
# requests:
# cpu: 10m
# memory: 32Mi
# limits:
# cpu: 100m
# memory: 128Mi
# Uncomment to configure node selector
# nodeSelector:
# kubernetes.io/os: linux
# Additional cert-manager values can be added here
# See: https://artifacthub.io/packages/helm/cert-manager/cert-manager
# -----------------------------------------------------------------------------
# Cloudflare DNS Provider Configuration
# -----------------------------------------------------------------------------
cloudflare:
enabled: true
# TODO: Replace with your actual Cloudflare API token
# Get from: https://dash.cloudflare.com/profile/api-tokens
# Required permissions: Zone:DNS:Edit for all zones
apiToken: "cfat_yJtvwaY2oRNw8FI0Xd2F07Ai5fyeIO0n8dF2JYFWd7929bd6"
# Secret configuration (usually no need to change these)
secretName: cloudflare-api-token
secretKey: api-token
namespace: cert-manager
# -----------------------------------------------------------------------------
# ClusterIssuer Configuration (Let's Encrypt)
# -----------------------------------------------------------------------------
clusterIssuer:
enabled: true
# ClusterIssuer name - referenced in Certificate and Ingress resources
name: letsencrypt
# Email for Let's Encrypt account registration and notifications
email: dvirlabs@gmail.com
# ACME server URL
# Production (rate-limited): https://acme-v02.api.letsencrypt.org/directory
# Staging (for testing): https://acme-staging-v02.api.letsencrypt.org/directory
server: https://acme-v02.api.letsencrypt.org/directory
# Secret name for storing ACME account private key
privateKeySecretRef:
name: letsencrypt-account-key
# DNS-01 solver configuration using Cloudflare
dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token
key: api-token
# -----------------------------------------------------------------------------
# Migration Notes
# -----------------------------------------------------------------------------
# To migrate to External Secrets / Vault:
# 1. Create ExternalSecret resource in templates/
# 2. Set cloudflare.enabled: false
# 3. Keep cloudflare.secretName the same for ClusterIssuer reference
Reference in New Issue View Git Blame Copy Permalink