CSI driver Helm values¶
cert-manager CSI driver is a storage plugin that is deployed into your Kubernetes cluster that can honor volume requests specified on Pods.
The following cert-manager CSI driver Helm values are supported by the Venafi Kubernetes Manifest tool.
metrics.enabled¶
| Property | metrics.enabled |
|---|---|
| Type | bool |
| Default | |
Enable the metrics server on CSI Driver pods.
If false, the metrics server will be disabled, and the other metrics fields below will be ignored.
metrics.port¶
| Property | metrics.port |
|---|---|
| Type | number |
| Default | |
The TCP port on which the metrics server will listen.
metrics.podmonitor.enabled¶
| Property | metrics.podmonitor.enabled |
|---|---|
| Type | bool |
| Default | |
Create a PodMonitor to add CSI Driver to Prometheus if you use Prometheus Operator. See the Prometheus Operator documentation.
metrics.podmonitor.namespace¶
| Property | metrics.podmonitor.namespace |
|---|---|
| Type | string |
| Default |
The namespace that the pod monitor should live in, defaults to the cert-manager CSI Driver namespace.
metrics.podmonitor.prometheusInstance¶
| Property | metrics.podmonitor.prometheusInstance |
|---|---|
| Type | string |
| Default | |
Specifies the prometheus label on the created PodMonitor. This is used when different Prometheus instances have label selectors matching different PodMonitors.
metrics.podmonitor.interval¶
| Property | metrics.podmonitor.interval |
|---|---|
| Type | string |
| Default | |
The interval to scrape metrics.
metrics.podmonitor.scrapeTimeout¶
| Property | metrics.podmonitor.scrapeTimeout |
|---|---|
| Type | string |
| Default | |
The timeout before a metrics scrape fails.
metrics.podmonitor.labels¶
| Property | metrics.podmonitor.labels |
|---|---|
| Type | object |
| Default | |
Additional labels to add to the PodMonitor.
metrics.podmonitor.annotations¶
| Property | metrics.podmonitor.annotations |
|---|---|
| Type | object |
| Default | |
Additional annotations to add to the PodMonitor.
metrics.podmonitor.honorLabels¶
| Property | metrics.podmonitor.honorLabels |
|---|---|
| Type | bool |
| Default | |
Keep labels from scraped data, overriding server-side labels.
metrics.podmonitor.endpointAdditionalProperties¶
| Property | metrics.podmonitor.endpointAdditionalProperties |
|---|---|
| Type | object |
| Default | |
EndpointAdditionalProperties allows setting additional properties on the endpoint, such as relabelings, metricRelabelings, etc.
For example:
endpointAdditionalProperties:
relabelings:
- action: replace
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: instance
image.registry¶
| Property | image.registry |
|---|---|
| Type | string |
| Default |
Target image registry. This value is prepended to the target image repository, if set.
For example:
registry: quay.io
repository: jetstack/cert-manager-csi-driver
image.repository¶
| Property | image.repository |
|---|---|
| Type | string |
| Default | |
Target image repository.
image.tag¶
| Property | image.tag |
|---|---|
| Type | string |
| Default |
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion is used.
image.digest¶
| Property | image.digest |
|---|---|
| Type | string |
| Default |
Target image digest. Override any tag, if set.
For example:
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
image.pullPolicy¶
| Property | image.pullPolicy |
|---|---|
| Type | string |
| Default | |
Kubernetes imagePullPolicy on Deployment.
imagePullSecrets¶
| Property | imagePullSecrets |
|---|---|
| Type | array |
| Default | |
Optional secrets used for pulling the CSI Driver container image.
For example:
imagePullSecrets:
- name: secret-name
commonLabels¶
| Property | commonLabels |
|---|---|
| Type | object |
| Default | |
Labels to apply to all resources.
nodeDriverRegistrarImage.registry¶
| Property | nodeDriverRegistrarImage.registry |
|---|---|
| Type | string |
| Default |
Target image registry. This value is prepended to the target image repository, if set.
For example:
registry: registry.k8s.io
repository: sig-storage/csi-node-driver-registrar
nodeDriverRegistrarImage.repository¶
| Property | nodeDriverRegistrarImage.repository |
|---|---|
| Type | string |
| Default | |
Target image repository.
nodeDriverRegistrarImage.tag¶
| Property | nodeDriverRegistrarImage.tag |
|---|---|
| Type | string |
| Default | |
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion is used.
nodeDriverRegistrarImage.digest¶
| Property | nodeDriverRegistrarImage.digest |
|---|---|
| Type | string |
| Default |
Target image digest. Override any tag, if set.
For example:
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
nodeDriverRegistrarImage.pullPolicy¶
| Property | nodeDriverRegistrarImage.pullPolicy |
|---|---|
| Type | string |
| Default | |
Kubernetes imagePullPolicy on Deployment.
livenessProbeImage.registry¶
| Property | livenessProbeImage.registry |
|---|---|
| Type | string |
| Default |
Target image registry. This value is prepended to the target image repository, if set.
For example:
registry: registry.k8s.io
repository: sig-storage/livenessprobe
livenessProbeImage.repository¶
| Property | livenessProbeImage.repository |
|---|---|
| Type | string |
| Default | |
Target image repository.
livenessProbeImage.tag¶
| Property | livenessProbeImage.tag |
|---|---|
| Type | string |
| Default | |
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion is used.
livenessProbeImage.digest¶
| Property | livenessProbeImage.digest |
|---|---|
| Type | string |
| Default |
Target image digest. Override any tag, if set.
For example:
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
livenessProbeImage.pullPolicy¶
| Property | livenessProbeImage.pullPolicy |
|---|---|
| Type | string |
| Default | |
Kubernetes imagePullPolicy on Deployment.
app.logLevel¶
| Property | app.logLevel |
|---|---|
| Type | number |
| Default | |
Verbosity of cert-manager CSI Driver logging.
app.driver.name¶
| Property | app.driver.name |
|---|---|
| Type | string |
| Default | |
Name of the driver to be registered with Kubernetes.
app.driver.useTokenRequest¶
| Property | app.driver.useTokenRequest |
|---|---|
| Type | bool |
| Default | |
If enabled, this uses a CSI token request for creating. CertificateRequests. CertificateRequests are created by mounting the pod's service accounts.
app.driver.csiDataDir¶
| Property | app.driver.csiDataDir |
|---|---|
| Type | string |
| Default | |
Configures the hostPath directory that the driver writes and mounts volumes from.
app.livenessProbe.port¶
| Property | app.livenessProbe.port |
|---|---|
| Type | number |
| Default | |
The port that will expose the liveness of the CSI Driver.
app.kubeletRootDir¶
| Property | app.kubeletRootDir |
|---|---|
| Type | string |
| Default | |
Overrides the path to root kubelet directory in case of a non-standard Kubernetes install.
daemonSetAnnotations¶
| Property | daemonSetAnnotations |
|---|---|
| Type | object |
| Default | |
Optional additional annotations to add to the CSI Driver DaemonSet.
podAnnotations¶
| Property | podAnnotations |
|---|---|
| Type | object |
| Default | |
Optional additional annotations to add to the CSI Driver pods.
podLabels¶
| Property | podLabels |
|---|---|
| Type | object |
| Default | |
Optional additional labels to add to the CSI Driver pods.
resources¶
| Property | resources |
|---|---|
| Type | object |
| Default | |
Kubernetes pod resources requests/limits for cert-manager CSI Driver.
For example:
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
nodeSelector¶
| Property | nodeSelector |
|---|---|
| Type | object |
| Default | |
Kubernetes node selector: node labels for pod assignment.
affinity¶
| Property | affinity |
|---|---|
| Type | object |
| Default | |
Kubernetes affinity: constraints for pod assignment.
For example:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: foo.bar.com/role
operator: In
values:
- master
tolerations¶
| Property | tolerations |
|---|---|
| Type | array |
| Default | |
Kubernetes pod tolerations for cert-manager CSI Driver.
For example:
tolerations:
- operator: "Exists"
priorityClassName¶
| Property | priorityClassName |
|---|---|
| Type | string |
| Default | |
Optional priority class to be used for the CSI Driver pods.
openshift.securityContextConstraint.enabled¶
| Property | openshift.securityContextConstraint.enabled |
|---|---|
| Type | boolean,string,null |
| Default | |
Include RBAC to allow the DaemonSet to "use" the specified
SecurityContextConstraints.
This value can either be a boolean true or false, or the string "detect". If set to "detect" then the securityContextConstraint is automatically enabled for OpenShift installs.
openshift.securityContextConstraint.name¶
| Property | openshift.securityContextConstraint.name |
|---|---|
| Type | string |
| Default | |
Name of the SecurityContextConstraints to create RBAC for.