Venafi Enhanced Issuer image flags¶
Venafi Enhanced Issuer is a cert-manager issuer that can be either cluster-wide or per namespace. This component enables your clusters to issue certificates from Venafi Control Plane.
Usage¶
venafi-enhanced-issuer [flags]
Application flags¶
| Flags | Type | Description |
|---|---|---|
-cluster-resource-namespace | string | The namespace in which VenafiConnections for cluster-scoped issuers are found. Defaults to the namespace in which the controller is running. |
-health-probe-bind-address | string | The address the probe endpoint binds to. The default is :8081. |
-installation-namespace | string | The namespace where the venafi-connection service account lives. This is the service account that is used to create JWT tokens for SAs or read credential secrets. This defaults to the namespace in which the controller is running. |
-kubeconfig | string | Paths to a kubeconfig. Only required if out-of-cluster. Enables leader election for controller manager. Enabling this flag ensures there is only one active controller manager. Default to true. |
-max-retry-duration | duration | The maximum amount of time after certificate request creation to retry when an error occurs. The default is 2m0s. |
-metrics-bind-address | string | The address the metric endpoint binds to. The default is :8080. If true, the CA status field is set on the CertificateRequest resource. This can be used for backwards compatibility with the open-source Venafi Issuer. Prints the version to stdout and exitDevelopment Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error). |
--set-ca-on-certificate-request | If true, the CA status field will be set on the CertificateRequest resource. This can be used for backwards compatibility with the OSS Venafi Issuer. This is discouraged for production environments. The use of Trust Manager is recommended for a more secure and controlled approach to distributing trusted CA anchors. | |
-zap-encoder | value | Zap log encoding (one of json or console). |
-zap-log-level | value | Zap Level to configure the verbosity of logging. Can be one of debug, info, error, or any integer value > 0 which corresponds to custom debug levels of increasing verbosity. |
-zap-stacktrace-level | value | Zap Level at and above which stacktraces are captured (one of info, error, or panic). |
-zap-time-encoding | value | Zap time encoding (one of epoch, millis, nano, iso8601, rfc3339, or rfc3339nano). Defaults to epoch. |