Skip to content

CSI driver Helm values

cert-manager CSI driver is a storage plugin that is deployed into your Kubernetes cluster that can honor volume requests specified on Pods.

The following cert-manager CSI Driver Helm values are supported by the Venafi Kubernetes Manifest tool.

image.repository

Property image.repository
Type string
Default
quay.io/jetstack/cert-manager-csi-driver

Target image repository.

image.tag

Property image.tag
Type string
Default
v0.0.0

Target image version tag.

image.pullPolicy

Property image.pullPolicy
Type string
Default
IfNotPresent

Kubernetes imagePullPolicy on the csi-driver.

imagePullSecrets

Property imagePullSecrets
Type array
Default
[]

Optional secrets used for pulling the csi-driver container image.

For example:

imagePullSecrets:
- name: secret-name

commonLabels

Property commonLabels
Type object
Default
{}

Labels to apply to all resources.

nodeDriverRegistrarImage.repository

Property nodeDriverRegistrarImage.repository
Type string
Default
registry.k8s.io/sig-storage/csi-node-driver-registrar

Target image repository.

nodeDriverRegistrarImage.tag

Property nodeDriverRegistrarImage.tag
Type string
Default
v2.10.0

Target image version tag.

nodeDriverRegistrarImage.pullPolicy

Property nodeDriverRegistrarImage.pullPolicy
Type string
Default
IfNotPresent

Kubernetes imagePullPolicy on the node-driver.

livenessProbeImage.repository

Property livenessProbeImage.repository
Type string
Default
registry.k8s.io/sig-storage/livenessprobe

Target image repository.

livenessProbeImage.tag

Property livenessProbeImage.tag
Type string
Default
v2.12.0

Target image version tag.

livenessProbeImage.pullPolicy

Property livenessProbeImage.pullPolicy
Type string
Default
IfNotPresent

Kubernetes imagePullPolicy on the liveness probe.

app.logLevel

Property app.logLevel
Type number
Default
1

Verbosity of cert-manager-csi-driver logging.

app.driver.name

Property app.driver.name
Type string
Default
csi.cert-manager.io

Name of the driver to be registered with Kubernetes.

app.driver.useTokenRequest

Property app.driver.useTokenRequest
Type bool
Default
false

If enabled, this uses a CSI token request for creating. CertificateRequests. CertificateRequests are created by mounting the pod's service accounts.

app.driver.csiDataDir

Property app.driver.csiDataDir
Type string
Default
/tmp/cert-manager-csi-driver

Configures the hostPath directory that the driver writes and mounts volumes from.

app.livenessProbe.port

Property app.livenessProbe.port
Type number
Default
9809

The port that will expose the liveness of the csi-driver.

app.kubeletRootDir

Property app.kubeletRootDir
Type string
Default
/var/lib/kubelet

Overrides the path to root kubelet directory in case of a non-standard Kubernetes install.

daemonSetAnnotations

Property daemonSetAnnotations
Type object
Default
{}

Optional additional annotations to add to the csi-driver DaemonSet.

podAnnotations

Property podAnnotations
Type object
Default
{}

Optional additional annotations to add to the csi-driver pods.

podLabels

Property podLabels
Type object
Default
{}

Optional additional labels to add to the csi-driver pods.

resources

Property resources
Type object
Default
{}

Kubernetes pod resources requests/limits for cert-manager-csi-driver.

For example:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

nodeSelector

Property nodeSelector
Type object
Default
{}

Kubernetes node selector: node labels for pod assignment. For example, use this to allow scheduling of DaemonSet on Linux nodes only:

nodeSelector:
  kubernetes.io/os: linux

affinity

Property affinity
Type object
Default
{}

Kubernetes affinity: constraints for pod assignment.

For example:

affinity:
  nodeAffinity:
   requiredDuringSchedulingIgnoredDuringExecution:
     nodeSelectorTerms:
     - matchExpressions:
       - key: foo.bar.com/role
         operator: In
         values:
         - master

tolerations

Property tolerations
Type array
Default
[]

Kubernetes pod tolerations for cert-manager-csi-driver.

For example:

tolerations:
- operator: "Exists"

priorityClassName

Property priorityClassName
Type string
Default
""

Optional priority class to be used for the csi-driver pods.

openshift.securityContextConstraint.enabled

Property openshift.securityContextConstraint.enabled
Type boolean,string,null
Default
detect

Include RBAC to allow the DaemonSet to "use" the specified
SecurityContextConstraints.

This value can either be a boolean true or false, or the string "detect". If set to "detect" then the securityContextConstraint is automatically enabled for openshift installs.

openshift.securityContextConstraint.name

Property openshift.securityContextConstraint.name
Type string
Default
privileged

Name of the SecurityContextConstraints to create RBAC for.