Skip to content

CSI driver Helm values

cert-manager CSI driver is a storage plugin that is deployed into your Kubernetes cluster that can honor volume requests specified on Pods.

The following cert-manager CSI driver Helm values are supported by the Venafi Kubernetes Manifest tool.

metrics.enabled

Property metrics.enabled
Type bool
Default
true

Enable the metrics server on CSI Driver pods.
If false, the metrics server will be disabled, and the other metrics fields below will be ignored.

metrics.port

Property metrics.port
Type number
Default
9402

The TCP port on which the metrics server will listen.

metrics.podmonitor.enabled

Property metrics.podmonitor.enabled
Type bool
Default
false

Create a PodMonitor to add CSI Driver to Prometheus if you use Prometheus Operator. See the Prometheus Operator documentation.

metrics.podmonitor.namespace

Property metrics.podmonitor.namespace
Type string
Default

The namespace that the pod monitor should live in, defaults to the cert-manager CSI Driver namespace.

metrics.podmonitor.prometheusInstance

Property metrics.podmonitor.prometheusInstance
Type string
Default
default

Specifies the prometheus label on the created PodMonitor. This is used when different Prometheus instances have label selectors matching different PodMonitors.

metrics.podmonitor.interval

Property metrics.podmonitor.interval
Type string
Default
60s

The interval to scrape metrics.

metrics.podmonitor.scrapeTimeout

Property metrics.podmonitor.scrapeTimeout
Type string
Default
30s

The timeout before a metrics scrape fails.

metrics.podmonitor.labels

Property metrics.podmonitor.labels
Type object
Default
{}

Additional labels to add to the PodMonitor.

metrics.podmonitor.annotations

Property metrics.podmonitor.annotations
Type object
Default
{}

Additional annotations to add to the PodMonitor.

metrics.podmonitor.honorLabels

Property metrics.podmonitor.honorLabels
Type bool
Default
false

Keep labels from scraped data, overriding server-side labels.

metrics.podmonitor.endpointAdditionalProperties

Property metrics.podmonitor.endpointAdditionalProperties
Type object
Default
{}

EndpointAdditionalProperties allows setting additional properties on the endpoint, such as relabelings, metricRelabelings, etc.

For example:

endpointAdditionalProperties:
 relabelings:
 - action: replace
   sourceLabels:
   - __meta_kubernetes_pod_node_name
   targetLabel: instance

image.registry

Property image.registry
Type string
Default

Target image registry. This value is prepended to the target image repository, if set.
For example:

registry: quay.io
repository: jetstack/cert-manager-csi-driver

image.repository

Property image.repository
Type string
Default
quay.io/jetstack/cert-manager-csi-driver

Target image repository.

image.tag

Property image.tag
Type string
Default

Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion is used.

image.digest

Property image.digest
Type string
Default

Target image digest. Override any tag, if set.
For example:

digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20

image.pullPolicy

Property image.pullPolicy
Type string
Default
IfNotPresent

Kubernetes imagePullPolicy on Deployment.

imagePullSecrets

Property imagePullSecrets
Type array
Default
[]

Optional secrets used for pulling the CSI Driver container image.

For example:

imagePullSecrets:
- name: secret-name

commonLabels

Property commonLabels
Type object
Default
{}

Labels to apply to all resources.

nodeDriverRegistrarImage.registry

Property nodeDriverRegistrarImage.registry
Type string
Default

Target image registry. This value is prepended to the target image repository, if set.
For example:

registry: registry.k8s.io
repository: sig-storage/csi-node-driver-registrar

nodeDriverRegistrarImage.repository

Property nodeDriverRegistrarImage.repository
Type string
Default
registry.k8s.io/sig-storage/csi-node-driver-registrar

Target image repository.

nodeDriverRegistrarImage.tag

Property nodeDriverRegistrarImage.tag
Type string
Default
v2.12.0

Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion is used.

nodeDriverRegistrarImage.digest

Property nodeDriverRegistrarImage.digest
Type string
Default

Target image digest. Override any tag, if set.
For example:

digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20

nodeDriverRegistrarImage.pullPolicy

Property nodeDriverRegistrarImage.pullPolicy
Type string
Default
IfNotPresent

Kubernetes imagePullPolicy on Deployment.

livenessProbeImage.registry

Property livenessProbeImage.registry
Type string
Default

Target image registry. This value is prepended to the target image repository, if set.
For example:

registry: registry.k8s.io
repository: sig-storage/livenessprobe

livenessProbeImage.repository

Property livenessProbeImage.repository
Type string
Default
registry.k8s.io/sig-storage/livenessprobe

Target image repository.

livenessProbeImage.tag

Property livenessProbeImage.tag
Type string
Default
v2.12.0

Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion is used.

livenessProbeImage.digest

Property livenessProbeImage.digest
Type string
Default

Target image digest. Override any tag, if set.
For example:

digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20

livenessProbeImage.pullPolicy

Property livenessProbeImage.pullPolicy
Type string
Default
IfNotPresent

Kubernetes imagePullPolicy on Deployment.

app.logLevel

Property app.logLevel
Type number
Default
1

Verbosity of cert-manager CSI Driver logging.

app.driver.name

Property app.driver.name
Type string
Default
csi.cert-manager.io

Name of the driver to be registered with Kubernetes.

app.driver.useTokenRequest

Property app.driver.useTokenRequest
Type bool
Default
false

If enabled, this uses a CSI token request for creating. CertificateRequests. CertificateRequests are created by mounting the pod's service accounts.

app.driver.csiDataDir

Property app.driver.csiDataDir
Type string
Default
/tmp/cert-manager-csi-driver

Configures the hostPath directory that the driver writes and mounts volumes from.

app.livenessProbe.port

Property app.livenessProbe.port
Type number
Default
9809

The port that will expose the liveness of the CSI Driver.

app.kubeletRootDir

Property app.kubeletRootDir
Type string
Default
/var/lib/kubelet

Overrides the path to root kubelet directory in case of a non-standard Kubernetes install.

daemonSetAnnotations

Property daemonSetAnnotations
Type object
Default
{}

Optional additional annotations to add to the CSI Driver DaemonSet.

podAnnotations

Property podAnnotations
Type object
Default
{}

Optional additional annotations to add to the CSI Driver pods.

podLabels

Property podLabels
Type object
Default
{}

Optional additional labels to add to the CSI Driver pods.

resources

Property resources
Type object
Default
{}

Kubernetes pod resources requests/limits for cert-manager CSI Driver.

For example:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

nodeSelector

Property nodeSelector
Type object
Default
kubernetes.io/os: linux

Kubernetes node selector: node labels for pod assignment.

affinity

Property affinity
Type object
Default
{}

Kubernetes affinity: constraints for pod assignment.

For example:

affinity:
  nodeAffinity:
   requiredDuringSchedulingIgnoredDuringExecution:
     nodeSelectorTerms:
     - matchExpressions:
       - key: foo.bar.com/role
         operator: In
         values:
         - master

tolerations

Property tolerations
Type array
Default
[]

Kubernetes pod tolerations for cert-manager CSI Driver.

For example:

tolerations:
- operator: "Exists"

priorityClassName

Property priorityClassName
Type string
Default
""

Optional priority class to be used for the CSI Driver pods.

openshift.securityContextConstraint.enabled

Property openshift.securityContextConstraint.enabled
Type boolean,string,null
Default
detect

Include RBAC to allow the DaemonSet to "use" the specified
SecurityContextConstraints.

This value can either be a boolean true or false, or the string "detect". If set to "detect" then the securityContextConstraint is automatically enabled for OpenShift installs.

openshift.securityContextConstraint.name

Property openshift.securityContextConstraint.name
Type string
Default
privileged

Name of the SecurityContextConstraints to create RBAC for.