kubernetes-cert-manager.CertManager
Explore with Pulumi AI
Automates the management and issuance of TLS certificates from various issuing sources within Kubernetes
Create CertManager Resource
new CertManager(name: string, args?: CertManagerArgs, opts?: CustomResourceOptions);
@overload
def CertManager(resource_name: str,
opts: Optional[ResourceOptions] = None,
affinity: Optional[pulumi_kubernetes.core.v1.AffinityArgs] = None,
cainjector: Optional[CertManagerCaInjectorArgs] = None,
cluster_resource_namespace: Optional[str] = None,
container_security_context: Optional[pulumi_kubernetes.core.v1.SecurityContextArgs] = None,
deployment_annotations: Optional[Mapping[str, str]] = None,
extra_args: Optional[Sequence[str]] = None,
extra_env: Optional[Sequence[pulumi_kubernetes.core.v1.EnvVarArgs]] = None,
extra_volume_mounts: Optional[Sequence[pulumi_kubernetes.core.v1.VolumeMountArgs]] = None,
extra_volumes: Optional[Sequence[pulumi_kubernetes.core.v1.VolumeArgs]] = None,
feature_gates: Optional[str] = None,
global_: Optional[CertManagerGlobalArgs] = None,
helm_options: Optional[ReleaseArgs] = None,
http_proxy: Optional[str] = None,
https_proxy: Optional[str] = None,
image: Optional[CertManagerImageArgs] = None,
ingress_shim: Optional[CertManagerIngressShimArgs] = None,
install_crds: Optional[bool] = None,
no_proxy: Optional[Sequence[str]] = None,
node_selector: Optional[pulumi_kubernetes.core.v1.NodeSelectorArgs] = None,
pod_annotations: Optional[Mapping[str, str]] = None,
pod_dns_config: Optional[pulumi_kubernetes.core.v1.PodDNSConfigArgs] = None,
pod_dns_policy: Optional[str] = None,
pod_labels: Optional[Mapping[str, str]] = None,
prometheus: Optional[CertManagerPrometheusArgs] = None,
replica_count: Optional[int] = None,
resources: Optional[pulumi_kubernetes.core.v1.ResourceRequirementsArgs] = None,
security_context: Optional[pulumi_kubernetes.core.v1.PodSecurityContextArgs] = None,
service_account: Optional[CertManagerServiceAccountArgs] = None,
service_annotations: Optional[Mapping[str, str]] = None,
service_labels: Optional[Mapping[str, str]] = None,
startupapicheck: Optional[CertManagerStartupAPICheckArgs] = None,
strategy: Optional[pulumi_kubernetes.apps.v1.DeploymentStrategyArgs] = None,
tolerations: Optional[Sequence[pulumi_kubernetes.core.v1.TolerationArgs]] = None,
webhook: Optional[CertManagerWebhookArgs] = None)
@overload
def CertManager(resource_name: str,
args: Optional[CertManagerArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewCertManager(ctx *Context, name string, args *CertManagerArgs, opts ...ResourceOption) (*CertManager, error)
public CertManager(string name, CertManagerArgs? args = null, CustomResourceOptions? opts = null)
public CertManager(String name, CertManagerArgs args)
public CertManager(String name, CertManagerArgs args, CustomResourceOptions options)
type: kubernetes-cert-manager:CertManager
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertManagerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertManagerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertManagerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertManagerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertManagerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CertManager Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CertManager resource accepts the following input properties:
- Affinity
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Affinity - Cainjector
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Ca Injector - Cluster
Resource stringNamespace Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart.
- Container
Security Pulumi.Context Kubernetes. Types. Inputs. Core. V1. Security Context Container Security Context to be set on the controller component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Deployment
Annotations Dictionary<string, string> Optional additional annotations to add to the controller Deployment
- Extra
Args List<string> Optional additional arguments.
- Extra
Env List<Pulumi.Kubernetes. Types. Inputs. Core. V1. Env Var> - Extra
Volume List<Pulumi.Mounts Kubernetes. Types. Inputs. Core. V1. Volume Mount> - Extra
Volumes List<Pulumi.Kubernetes. Types. Inputs. Core. V1. Volume> - Feature
Gates string Comma separated list of feature gates that should be enabled on the controller pod.
- Global
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Global - Helm
Options Pulumi.Kubernetes Cert Manager. Inputs. Release HelmOptions is an escape hatch that lets the end user control any aspect of the Helm deployment. This exposes the entirety of the underlying Helm Release component args.
- Http_
proxy string - Https_
proxy string - Image
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Image - Ingress
Shim Pulumi.Kubernetes Cert Manager. Inputs. Cert Manager Ingress Shim - Install
CRDs bool - No_
proxy List<string> - Node
Selector Pulumi.Kubernetes. Types. Inputs. Core. V1. Node Selector - Pod
Annotations Dictionary<string, string> Optional additional annotations to add to the controller Pods
- Pod
Dns Pulumi.Config Kubernetes. Types. Inputs. Core. V1. Pod DNSConfig - Pod
Dns stringPolicy Optional DNS settings, useful if you have a public and private DNS zone for the same domain on Route 53. What follows is an example of ensuring cert-manager can access an ingress or DNS TXT records at all times. NOTE: This requires Kubernetes 1.10 or
CustomPodDNS
feature gate enabled for the cluster to work.- Pod
Labels Dictionary<string, string> - Prometheus
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Prometheus - Replica
Count int - Resources
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Resource Requirements - Security
Context Pulumi.Kubernetes. Types. Inputs. Core. V1. Pod Security Context Pod Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Service
Account Pulumi.Kubernetes Cert Manager. Inputs. Cert Manager Service Account - Service
Annotations Dictionary<string, string> Optional additional annotations to add to the controller service
- Service
Labels Dictionary<string, string> Optional additional labels to add to the controller Service
- Startupapicheck
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Startup APICheck - Strategy
Pulumi.
Kubernetes. Types. Inputs. Apps. V1. Deployment Strategy - Tolerations
List<Pulumi.
Kubernetes. Types. Inputs. Core. V1. Toleration> - Webhook
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Webhook
- Affinity
Affinity
Args - Cainjector
Cert
Manager Ca Injector Args - Cluster
Resource stringNamespace Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart.
- Container
Security SecurityContext Context Args Container Security Context to be set on the controller component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Deployment
Annotations map[string]string Optional additional annotations to add to the controller Deployment
- Extra
Args []string Optional additional arguments.
- Extra
Env EnvVar Args - Extra
Volume VolumeMounts Mount Args - Extra
Volumes VolumeArgs - Feature
Gates string Comma separated list of feature gates that should be enabled on the controller pod.
- Global
Cert
Manager Global Args - Helm
Options ReleaseArgs HelmOptions is an escape hatch that lets the end user control any aspect of the Helm deployment. This exposes the entirety of the underlying Helm Release component args.
- Http_
proxy string - Https_
proxy string - Image
Cert
Manager Image Args - Ingress
Shim CertManager Ingress Shim Args - Install
CRDs bool - No_
proxy []string - Node
Selector NodeSelector Args - Pod
Annotations map[string]string Optional additional annotations to add to the controller Pods
- Pod
Dns PodConfig DNSConfig Args - Pod
Dns stringPolicy Optional DNS settings, useful if you have a public and private DNS zone for the same domain on Route 53. What follows is an example of ensuring cert-manager can access an ingress or DNS TXT records at all times. NOTE: This requires Kubernetes 1.10 or
CustomPodDNS
feature gate enabled for the cluster to work.- Pod
Labels map[string]string - Prometheus
Cert
Manager Prometheus Args - Replica
Count int - Resources
Resource
Requirements Args - Security
Context PodSecurity Context Args Pod Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Service
Account CertManager Service Account Args - Service
Annotations map[string]string Optional additional annotations to add to the controller service
- Service
Labels map[string]string Optional additional labels to add to the controller Service
- Startupapicheck
Cert
Manager Startup APICheck Args - Strategy
Deployment
Strategy Args - Tolerations
Toleration
Args - Webhook
Cert
Manager Webhook Args
- affinity Affinity
- cainjector
Cert
Manager Ca Injector - cluster
Resource StringNamespace Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart.
- container
Security SecurityContext Context Container Security Context to be set on the controller component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations Map<String,String> Optional additional annotations to add to the controller Deployment
- extra
Args List<String> Optional additional arguments.
- extra
Env List<EnvVar> - extra
Volume List<VolumeMounts Mount> - extra
Volumes List<Volume> - feature
Gates String Comma separated list of feature gates that should be enabled on the controller pod.
- global
Cert
Manager Global - helm
Options Release HelmOptions is an escape hatch that lets the end user control any aspect of the Helm deployment. This exposes the entirety of the underlying Helm Release component args.
- http_
proxy String - https_
proxy String - image
Cert
Manager Image - ingress
Shim CertManager Ingress Shim - install
CRDs Boolean - no_
proxy List<String> - node
Selector NodeSelector - pod
Annotations Map<String,String> Optional additional annotations to add to the controller Pods
- pod
Dns PodConfig DNSConfig - pod
Dns StringPolicy Optional DNS settings, useful if you have a public and private DNS zone for the same domain on Route 53. What follows is an example of ensuring cert-manager can access an ingress or DNS TXT records at all times. NOTE: This requires Kubernetes 1.10 or
CustomPodDNS
feature gate enabled for the cluster to work.- pod
Labels Map<String,String> - prometheus
Cert
Manager Prometheus - replica
Count Integer - resources
Resource
Requirements - security
Context PodSecurity Context Pod Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account CertManager Service Account - service
Annotations Map<String,String> Optional additional annotations to add to the controller service
- service
Labels Map<String,String> Optional additional labels to add to the controller Service
- startupapicheck
Cert
Manager Startup APICheck - strategy
Deployment
Strategy - tolerations List<Toleration>
- webhook
Cert
Manager Webhook
- affinity
pulumi
Kubernetestypesinputcorev1Affinity - cainjector
Cert
Manager Ca Injector - cluster
Resource stringNamespace Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart.
- container
Security pulumiContext Kubernetestypesinputcorev1Security Context Container Security Context to be set on the controller component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations {[key: string]: string} Optional additional annotations to add to the controller Deployment
- extra
Args string[] Optional additional arguments.
- extra
Env pulumiKubernetestypesinputcorev1Env Var[] - extra
Volume pulumiMounts Kubernetestypesinputcorev1Volume Mount[] - extra
Volumes pulumiKubernetestypesinputcorev1Volume[] - feature
Gates string Comma separated list of feature gates that should be enabled on the controller pod.
- global
Cert
Manager Global - helm
Options Release HelmOptions is an escape hatch that lets the end user control any aspect of the Helm deployment. This exposes the entirety of the underlying Helm Release component args.
- http_
proxy string - https_
proxy string - image
Cert
Manager Image - ingress
Shim CertManager Ingress Shim - install
CRDs boolean - no_
proxy string[] - node
Selector pulumiKubernetestypesinputcorev1Node Selector - pod
Annotations {[key: string]: string} Optional additional annotations to add to the controller Pods
- pod
Dns pulumiConfig Kubernetestypesinputcorev1Pod DNSConfig - pod
Dns stringPolicy Optional DNS settings, useful if you have a public and private DNS zone for the same domain on Route 53. What follows is an example of ensuring cert-manager can access an ingress or DNS TXT records at all times. NOTE: This requires Kubernetes 1.10 or
CustomPodDNS
feature gate enabled for the cluster to work.- pod
Labels {[key: string]: string} - prometheus
Cert
Manager Prometheus - replica
Count number - resources
pulumi
Kubernetestypesinputcorev1Resource Requirements - security
Context pulumiKubernetestypesinputcorev1Pod Security Context Pod Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account CertManager Service Account - service
Annotations {[key: string]: string} Optional additional annotations to add to the controller service
- service
Labels {[key: string]: string} Optional additional labels to add to the controller Service
- startupapicheck
Cert
Manager Startup APICheck - strategy
pulumi
Kubernetestypesinputappsv1Deployment Strategy - tolerations
pulumi
Kubernetestypesinputcorev1Toleration[] - webhook
Cert
Manager Webhook
- affinity
Affinity
Args - cainjector
Cert
Manager Ca Injector Args - cluster_
resource_ strnamespace Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart.
- container_
security_ Securitycontext Context Args Container Security Context to be set on the controller component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment_
annotations Mapping[str, str] Optional additional annotations to add to the controller Deployment
- extra_
args Sequence[str] Optional additional arguments.
- extra_
env EnvVar Args] - extra_
volume_ Volumemounts Mount Args] - extra_
volumes VolumeArgs] - feature_
gates str Comma separated list of feature gates that should be enabled on the controller pod.
- global_
Cert
Manager Global Args - helm_
options ReleaseArgs HelmOptions is an escape hatch that lets the end user control any aspect of the Helm deployment. This exposes the entirety of the underlying Helm Release component args.
- http_
proxy str - https_
proxy str - image
Cert
Manager Image Args - ingress_
shim CertManager Ingress Shim Args - install_
crds bool - no_
proxy Sequence[str] - node_
selector NodeSelector Args - pod_
annotations Mapping[str, str] Optional additional annotations to add to the controller Pods
- pod_
dns_ Podconfig DNSConfig Args - pod_
dns_ strpolicy Optional DNS settings, useful if you have a public and private DNS zone for the same domain on Route 53. What follows is an example of ensuring cert-manager can access an ingress or DNS TXT records at all times. NOTE: This requires Kubernetes 1.10 or
CustomPodDNS
feature gate enabled for the cluster to work.- pod_
labels Mapping[str, str] - prometheus
Cert
Manager Prometheus Args - replica_
count int - resources
Resource
Requirements Args - security_
context PodSecurity Context Args Pod Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service_
account CertManager Service Account Args - service_
annotations Mapping[str, str] Optional additional annotations to add to the controller service
- service_
labels Mapping[str, str] Optional additional labels to add to the controller Service
- startupapicheck
Cert
Manager Startup APICheck Args - strategy
Deployment
Strategy Args - tolerations
Toleration
Args] - webhook
Cert
Manager Webhook Args
- affinity Property Map
- cainjector Property Map
- cluster
Resource StringNamespace Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart.
- container
Security Property MapContext Container Security Context to be set on the controller component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations Map<String> Optional additional annotations to add to the controller Deployment
- extra
Args List<String> Optional additional arguments.
- extra
Env List<Property Map> - extra
Volume List<Property Map>Mounts - extra
Volumes List<Property Map> - feature
Gates String Comma separated list of feature gates that should be enabled on the controller pod.
- global Property Map
- helm
Options Property Map HelmOptions is an escape hatch that lets the end user control any aspect of the Helm deployment. This exposes the entirety of the underlying Helm Release component args.
- http_
proxy String - https_
proxy String - image Property Map
- ingress
Shim Property Map - install
CRDs Boolean - no_
proxy List<String> - node
Selector Property Map - pod
Annotations Map<String> Optional additional annotations to add to the controller Pods
- pod
Dns Property MapConfig - pod
Dns StringPolicy Optional DNS settings, useful if you have a public and private DNS zone for the same domain on Route 53. What follows is an example of ensuring cert-manager can access an ingress or DNS TXT records at all times. NOTE: This requires Kubernetes 1.10 or
CustomPodDNS
feature gate enabled for the cluster to work.- pod
Labels Map<String> - prometheus Property Map
- replica
Count Number - resources Property Map
- security
Context Property Map Pod Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account Property Map - service
Annotations Map<String> Optional additional annotations to add to the controller service
- service
Labels Map<String> Optional additional labels to add to the controller Service
- startupapicheck Property Map
- strategy Property Map
- tolerations List<Property Map>
- webhook Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the CertManager resource produces the following output properties:
- Status
Pulumi.
Kubernetes Cert Manager. Outputs. Release Status Detailed information about the status of the underlying Helm deployment.
- Status
Release
Status Detailed information about the status of the underlying Helm deployment.
- status
Release
Status Detailed information about the status of the underlying Helm deployment.
- status
Release
Status Detailed information about the status of the underlying Helm deployment.
- status
Release
Status Detailed information about the status of the underlying Helm deployment.
- status Property Map
Detailed information about the status of the underlying Helm deployment.
Supporting Types
CertManagerCaInjector, CertManagerCaInjectorArgs
- Affinity
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Affinity - Container
Security Pulumi.Context Kubernetes. Types. Inputs. Core. V1. Security Context Container Security Context to be set on the cainjector component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Deployment
Annotations Dictionary<string, string> Optional additional annotations to add to the cainjector Deployment
- Extra
Args List<string> Optional additional arguments for cainjector
- Image
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Image - Node
Selector Dictionary<string, string> - Pod
Annotations Dictionary<string, string> Optional additional annotations to add to the cainjector Pods
- Pod
Labels Dictionary<string, string> Optional additional labels to add to the Webhook Pods
- Pod
Security Pulumi.Context Kubernetes. Types. Inputs. Core. V1. Pod Security Context Pod Security Context to be set on the cainjector component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Replica
Count int - Resources
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Resource Requirements - Service
Account Pulumi.Kubernetes Cert Manager. Inputs. Cert Manager Service Account - Strategy
Pulumi.
Kubernetes. Types. Inputs. Apps. V1. Deployment Strategy - Timeout
Seconds int - Tolerations
List<Pulumi.
Kubernetes. Types. Inputs. Core. V1. Toleration>
- Affinity Affinity
- Container
Security SecurityContext Context Container Security Context to be set on the cainjector component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Deployment
Annotations map[string]string Optional additional annotations to add to the cainjector Deployment
- Extra
Args []string Optional additional arguments for cainjector
- Image
Cert
Manager Image - Node
Selector map[string]string - Pod
Annotations map[string]string Optional additional annotations to add to the cainjector Pods
- Pod
Labels map[string]string Optional additional labels to add to the Webhook Pods
- Pod
Security PodContext Security Context Pod Security Context to be set on the cainjector component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Replica
Count int - Resources
Resource
Requirements - Service
Account CertManager Service Account - Strategy
Deployment
Strategy - Timeout
Seconds int - Tolerations Toleration
- affinity Affinity
- container
Security SecurityContext Context Container Security Context to be set on the cainjector component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations Map<String,String> Optional additional annotations to add to the cainjector Deployment
- extra
Args List<String> Optional additional arguments for cainjector
- image
Cert
Manager Image - node
Selector Map<String,String> - pod
Annotations Map<String,String> Optional additional annotations to add to the cainjector Pods
- pod
Labels Map<String,String> Optional additional labels to add to the Webhook Pods
- pod
Security PodContext Security Context Pod Security Context to be set on the cainjector component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- replica
Count Integer - resources
Resource
Requirements - service
Account CertManager Service Account - strategy
Deployment
Strategy - timeout
Seconds Integer - tolerations List<Toleration>
- affinity
pulumi
Kubernetestypesinputcorev1Affinity - container
Security pulumiContext Kubernetestypesinputcorev1Security Context Container Security Context to be set on the cainjector component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations {[key: string]: string} Optional additional annotations to add to the cainjector Deployment
- extra
Args string[] Optional additional arguments for cainjector
- image
Cert
Manager Image - node
Selector {[key: string]: string} - pod
Annotations {[key: string]: string} Optional additional annotations to add to the cainjector Pods
- pod
Labels {[key: string]: string} Optional additional labels to add to the Webhook Pods
- pod
Security pulumiContext Kubernetestypesinputcorev1Pod Security Context Pod Security Context to be set on the cainjector component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- replica
Count number - resources
pulumi
Kubernetestypesinputcorev1Resource Requirements - service
Account CertManager Service Account - strategy
pulumi
Kubernetestypesinputappsv1Deployment Strategy - timeout
Seconds number - tolerations
pulumi
Kubernetestypesinputcorev1Toleration[]
- affinity
Affinity
Args - container_
security_ Securitycontext Context Args Container Security Context to be set on the cainjector component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment_
annotations Mapping[str, str] Optional additional annotations to add to the cainjector Deployment
- extra_
args Sequence[str] Optional additional arguments for cainjector
- image
Cert
Manager Image - node_
selector Mapping[str, str] - pod_
annotations Mapping[str, str] Optional additional annotations to add to the cainjector Pods
- pod_
labels Mapping[str, str] Optional additional labels to add to the Webhook Pods
- pod_
security_ Podcontext Security Context Args Pod Security Context to be set on the cainjector component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- replica_
count int - resources
Resource
Requirements Args - service_
account CertManager Service Account - strategy
Deployment
Strategy Args - timeout_
seconds int - tolerations
Toleration
Args]
- affinity Property Map
- container
Security Property MapContext Container Security Context to be set on the cainjector component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations Map<String> Optional additional annotations to add to the cainjector Deployment
- extra
Args List<String> Optional additional arguments for cainjector
- image Property Map
- node
Selector Map<String> - pod
Annotations Map<String> Optional additional annotations to add to the cainjector Pods
- pod
Labels Map<String> Optional additional labels to add to the Webhook Pods
- pod
Security Property MapContext Pod Security Context to be set on the cainjector component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- replica
Count Number - resources Property Map
- service
Account Property Map - strategy Property Map
- timeout
Seconds Number - tolerations List<Property Map>
CertManagerGlobal, CertManagerGlobalArgs
- Image
Pull List<Pulumi.Secrets Kubernetes. Types. Inputs. Core. V1. Local Object Reference> Reference to one or more secrets to be used when pulling images. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- Leader
Election Pulumi.Kubernetes Cert Manager. Inputs. Cert Manager Global Leader Election - Log
Level int Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
- Pod
Security Pulumi.Policy Kubernetes Cert Manager. Inputs. Cert Manager Global Pod Security Policy - Priority
Class stringName Optional priority class to be used for the cert-manager pods.
- Rbac
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Global Rbac
- Image
Pull LocalSecrets Object Reference Reference to one or more secrets to be used when pulling images. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- Leader
Election CertManager Global Leader Election - Log
Level int Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
- Pod
Security CertPolicy Manager Global Pod Security Policy - Priority
Class stringName Optional priority class to be used for the cert-manager pods.
- Rbac
Cert
Manager Global Rbac
- image
Pull List<LocalSecrets Object Reference> Reference to one or more secrets to be used when pulling images. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- leader
Election CertManager Global Leader Election - log
Level Integer Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
- pod
Security CertPolicy Manager Global Pod Security Policy - priority
Class StringName Optional priority class to be used for the cert-manager pods.
- rbac
Cert
Manager Global Rbac
- image
Pull pulumiSecrets Kubernetestypesinputcorev1Local Object Reference[] Reference to one or more secrets to be used when pulling images. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- leader
Election CertManager Global Leader Election - log
Level number Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
- pod
Security CertPolicy Manager Global Pod Security Policy - priority
Class stringName Optional priority class to be used for the cert-manager pods.
- rbac
Cert
Manager Global Rbac
- image_
pull_ Localsecrets Object Reference Args] Reference to one or more secrets to be used when pulling images. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- leader_
election CertManager Global Leader Election - log_
level int Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
- pod_
security_ Certpolicy Manager Global Pod Security Policy - priority_
class_ strname Optional priority class to be used for the cert-manager pods.
- rbac
Cert
Manager Global Rbac
- image
Pull List<Property Map>Secrets Reference to one or more secrets to be used when pulling images. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- leader
Election Property Map - log
Level Number Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
- pod
Security Property MapPolicy - priority
Class StringName Optional priority class to be used for the cert-manager pods.
- rbac Property Map
CertManagerGlobalLeaderElection, CertManagerGlobalLeaderElectionArgs
- Lease
Duration string The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate.
- Namespace string
Override the namespace used to store the ConfigMap for leader election.
- Renew
Deadline string The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration.
- Lease
Duration string The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate.
- Namespace string
Override the namespace used to store the ConfigMap for leader election.
- Renew
Deadline string The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration.
- lease
Duration String The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate.
- namespace String
Override the namespace used to store the ConfigMap for leader election.
- renew
Deadline String The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration.
- lease
Duration string The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate.
- namespace string
Override the namespace used to store the ConfigMap for leader election.
- renew
Deadline string The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration.
- lease_
duration str The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate.
- namespace str
Override the namespace used to store the ConfigMap for leader election.
- renew_
deadline str The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration.
- lease
Duration String The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate.
- namespace String
Override the namespace used to store the ConfigMap for leader election.
- renew
Deadline String The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration.
CertManagerGlobalPodSecurityPolicy, CertManagerGlobalPodSecurityPolicyArgs
- Enabled bool
- Use
App boolArmor
- Enabled bool
- Use
App boolArmor
- enabled Boolean
- use
App BooleanArmor
- enabled boolean
- use
App booleanArmor
- enabled bool
- use_
app_ boolarmor
- enabled Boolean
- use
App BooleanArmor
CertManagerGlobalRbac, CertManagerGlobalRbacArgs
- Create bool
- Create bool
- create Boolean
- create boolean
- create bool
- create Boolean
CertManagerImage, CertManagerImageArgs
- Digest string
Setting a digest will override any tag, e.g.
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
.- Pull
Policy string - Registry string
You can manage a registry with
registry: quay.io
.- Repository string
You can manage a registry with
repository: jetstack/cert-manager-controller
.- Tag string
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used.
- Digest string
Setting a digest will override any tag, e.g.
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
.- Pull
Policy string - Registry string
You can manage a registry with
registry: quay.io
.- Repository string
You can manage a registry with
repository: jetstack/cert-manager-controller
.- Tag string
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used.
- digest String
Setting a digest will override any tag, e.g.
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
.- pull
Policy String - registry String
You can manage a registry with
registry: quay.io
.- repository String
You can manage a registry with
repository: jetstack/cert-manager-controller
.- tag String
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used.
- digest string
Setting a digest will override any tag, e.g.
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
.- pull
Policy string - registry string
You can manage a registry with
registry: quay.io
.- repository string
You can manage a registry with
repository: jetstack/cert-manager-controller
.- tag string
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used.
- digest str
Setting a digest will override any tag, e.g.
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
.- pull_
policy str - registry str
You can manage a registry with
registry: quay.io
.- repository str
You can manage a registry with
repository: jetstack/cert-manager-controller
.- tag str
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used.
- digest String
Setting a digest will override any tag, e.g.
digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
.- pull
Policy String - registry String
You can manage a registry with
registry: quay.io
.- repository String
You can manage a registry with
repository: jetstack/cert-manager-controller
.- tag String
Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used.
CertManagerIngressShim, CertManagerIngressShimArgs
- Default
Issuer stringGroup - Default
Issuer stringKind - Default
Issuer stringName
- Default
Issuer stringGroup - Default
Issuer stringKind - Default
Issuer stringName
- default
Issuer StringGroup - default
Issuer StringKind - default
Issuer StringName
- default
Issuer stringGroup - default
Issuer stringKind - default
Issuer stringName
- default
Issuer StringGroup - default
Issuer StringKind - default
Issuer StringName
CertManagerPrometheus, CertManagerPrometheusArgs
- enabled Boolean
- service
Monitor Property Map
CertManagerPrometheusServiceMonitor, CertManagerPrometheusServiceMonitorArgs
- Enabled bool
- Interval string
- Labels Dictionary<string, string>
- Path string
- Prometheus
Instance string - String string
- Target
Port int
- Enabled bool
- Interval string
- Labels map[string]string
- Path string
- Prometheus
Instance string - String string
- Target
Port int
- enabled Boolean
- interval String
- labels Map<String,String>
- path String
- prometheus
Instance String - string String
- target
Port Integer
- enabled boolean
- interval string
- labels {[key: string]: string}
- path string
- prometheus
Instance string - string string
- target
Port number
- enabled bool
- interval str
- labels Mapping[str, str]
- path str
- prometheus_
instance str - string str
- target_
port int
- enabled Boolean
- interval String
- labels Map<String>
- path String
- prometheus
Instance String - string String
- target
Port Number
CertManagerServiceAccount, CertManagerServiceAccountArgs
- Annotations Dictionary<string, string>
Optional additional annotations to add to the controller's ServiceAccount.
- Automount
Service boolAccount Token Automount API credentials for a Service Account.
- Create bool
Specifies whether a service account should be created
- Name string
The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
- Annotations map[string]string
Optional additional annotations to add to the controller's ServiceAccount.
- Automount
Service boolAccount Token Automount API credentials for a Service Account.
- Create bool
Specifies whether a service account should be created
- Name string
The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
- annotations Map<String,String>
Optional additional annotations to add to the controller's ServiceAccount.
- automount
Service BooleanAccount Token Automount API credentials for a Service Account.
- create Boolean
Specifies whether a service account should be created
- name String
The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
- annotations {[key: string]: string}
Optional additional annotations to add to the controller's ServiceAccount.
- automount
Service booleanAccount Token Automount API credentials for a Service Account.
- create boolean
Specifies whether a service account should be created
- name string
The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
- annotations Mapping[str, str]
Optional additional annotations to add to the controller's ServiceAccount.
- automount_
service_ boolaccount_ token Automount API credentials for a Service Account.
- create bool
Specifies whether a service account should be created
- name str
The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
- annotations Map<String>
Optional additional annotations to add to the controller's ServiceAccount.
- automount
Service BooleanAccount Token Automount API credentials for a Service Account.
- create Boolean
Specifies whether a service account should be created
- name String
The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
CertManagerStartupAPICheck, CertManagerStartupAPICheckArgs
- Affinity
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Affinity - Backoff
Limit int Job backoffLimit
- Enabled bool
- Extra
Args List<string> Optional additional arguments for startupapicheck
- Image
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Image - Job
Annotations Dictionary<string, string> Optional additional annotations to add to the startupapicheck Job
- Node
Selector Dictionary<string, string> - Pod
Annotations Dictionary<string, string> Optional additional annotations to add to the startupapicheck Pods
- Pod
Labels Dictionary<string, string> Optional additional labels to add to the startupapicheck Pods
- Rbac
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Startup APICheck RBAC - Resources
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Resource Requirements - Security
Context Pulumi.Kubernetes. Types. Inputs. Core. V1. Pod Security Context Pod Security Context to be set on the startupapicheck component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Service
Account Pulumi.Kubernetes Cert Manager. Inputs. Cert Manager Service Account - Timeout string
Timeout for 'kubectl check api' command
- Tolerations
List<Pulumi.
Kubernetes. Types. Inputs. Core. V1. Toleration>
- Affinity Affinity
- Backoff
Limit int Job backoffLimit
- Enabled bool
- Extra
Args []string Optional additional arguments for startupapicheck
- Image
Cert
Manager Image - Job
Annotations map[string]string Optional additional annotations to add to the startupapicheck Job
- Node
Selector map[string]string - Pod
Annotations map[string]string Optional additional annotations to add to the startupapicheck Pods
- Pod
Labels map[string]string Optional additional labels to add to the startupapicheck Pods
- Rbac
Cert
Manager Startup APICheck RBAC - Resources
Resource
Requirements - Security
Context PodSecurity Context Pod Security Context to be set on the startupapicheck component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Service
Account CertManager Service Account - Timeout string
Timeout for 'kubectl check api' command
- Tolerations Toleration
- affinity Affinity
- backoff
Limit Integer Job backoffLimit
- enabled Boolean
- extra
Args List<String> Optional additional arguments for startupapicheck
- image
Cert
Manager Image - job
Annotations Map<String,String> Optional additional annotations to add to the startupapicheck Job
- node
Selector Map<String,String> - pod
Annotations Map<String,String> Optional additional annotations to add to the startupapicheck Pods
- pod
Labels Map<String,String> Optional additional labels to add to the startupapicheck Pods
- rbac
Cert
Manager Startup APICheck RBAC - resources
Resource
Requirements - security
Context PodSecurity Context Pod Security Context to be set on the startupapicheck component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account CertManager Service Account - timeout String
Timeout for 'kubectl check api' command
- tolerations List<Toleration>
- affinity
pulumi
Kubernetestypesinputcorev1Affinity - backoff
Limit number Job backoffLimit
- enabled boolean
- extra
Args string[] Optional additional arguments for startupapicheck
- image
Cert
Manager Image - job
Annotations {[key: string]: string} Optional additional annotations to add to the startupapicheck Job
- node
Selector {[key: string]: string} - pod
Annotations {[key: string]: string} Optional additional annotations to add to the startupapicheck Pods
- pod
Labels {[key: string]: string} Optional additional labels to add to the startupapicheck Pods
- rbac
Cert
Manager Startup APICheck RBAC - resources
pulumi
Kubernetestypesinputcorev1Resource Requirements - security
Context pulumiKubernetestypesinputcorev1Pod Security Context Pod Security Context to be set on the startupapicheck component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account CertManager Service Account - timeout string
Timeout for 'kubectl check api' command
- tolerations
pulumi
Kubernetestypesinputcorev1Toleration[]
- affinity
Affinity
Args - backoff_
limit int Job backoffLimit
- enabled bool
- extra_
args Sequence[str] Optional additional arguments for startupapicheck
- image
Cert
Manager Image - job_
annotations Mapping[str, str] Optional additional annotations to add to the startupapicheck Job
- node_
selector Mapping[str, str] - pod_
annotations Mapping[str, str] Optional additional annotations to add to the startupapicheck Pods
- pod_
labels Mapping[str, str] Optional additional labels to add to the startupapicheck Pods
- rbac
Cert
Manager Startup APICheck RBAC - resources
Resource
Requirements Args - security_
context PodSecurity Context Args Pod Security Context to be set on the startupapicheck component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service_
account CertManager Service Account - timeout str
Timeout for 'kubectl check api' command
- tolerations
Toleration
Args]
- affinity Property Map
- backoff
Limit Number Job backoffLimit
- enabled Boolean
- extra
Args List<String> Optional additional arguments for startupapicheck
- image Property Map
- job
Annotations Map<String> Optional additional annotations to add to the startupapicheck Job
- node
Selector Map<String> - pod
Annotations Map<String> Optional additional annotations to add to the startupapicheck Pods
- pod
Labels Map<String> Optional additional labels to add to the startupapicheck Pods
- rbac Property Map
- resources Property Map
- security
Context Property Map Pod Security Context to be set on the startupapicheck component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account Property Map - timeout String
Timeout for 'kubectl check api' command
- tolerations List<Property Map>
CertManagerStartupAPICheckRBAC, CertManagerStartupAPICheckRBACArgs
- Annotations Dictionary<string, string>
annotations for the startup API Check job RBAC and PSP resources
- Annotations map[string]string
annotations for the startup API Check job RBAC and PSP resources
- annotations Map<String,String>
annotations for the startup API Check job RBAC and PSP resources
- annotations {[key: string]: string}
annotations for the startup API Check job RBAC and PSP resources
- annotations Mapping[str, str]
annotations for the startup API Check job RBAC and PSP resources
- annotations Map<String>
annotations for the startup API Check job RBAC and PSP resources
CertManagerWebhook, CertManagerWebhookArgs
- Affinity
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Affinity - Container
Security Pulumi.Context Kubernetes. Types. Inputs. Core. V1. Security Context Container Security Context to be set on the webhook component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Deployment
Annotations Dictionary<string, string> Optional additional annotations to add to the webhook Deployment
- Extra
Args List<string> Optional additional arguments for webhook
- Host
Network bool Specifies if the webhook should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working Since the default port for the webhook conflicts with kubelet on the host network,
webhook.securePort
should be changed to an available port if running in hostNetwork mode.- Image
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Image - Liveness
Probe Pulumi.Kubernetes. Types. Inputs. Core. V1. Probe Liveness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- Load
Balancer stringIP - Mutating
Webhook Dictionary<string, string>Configuration Annotations Optional additional annotations to add to the webhook MutatingWebhookConfiguration
- Node
Selector Dictionary<string, string> - Pod
Annotations Dictionary<string, string> Optional additional annotations to add to the webhook Pods
- Pod
Labels Dictionary<string, string> Optional additional labels to add to the Webhook Pods
- Readiness
Probe Pulumi.Kubernetes. Types. Inputs. Core. V1. Probe Readiness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- Replica
Count int - Resources
Pulumi.
Kubernetes. Types. Inputs. Core. V1. Resource Requirements - Secure
Port int The port that the webhook should listen on for requests. In GKE private clusters, by default kubernetes apiservers are allowed to talk to the cluster nodes only on 443 and 10250. so configuring securePort: 10250, will work out of the box without needing to add firewall rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
- Security
Context Pulumi.Kubernetes. Types. Inputs. Core. V1. Pod Security Context Pod Security Context to be set on the webhook component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Service
Account Pulumi.Kubernetes Cert Manager. Inputs. Cert Manager Service Account - Service
Annotations Dictionary<string, string> Optional additional annotations to add to the webhook service
- Service
Labels Dictionary<string, string> Optional additional labels to add to the Webhook Service
- Service
Type string Specifies how the service should be handled. Useful if you want to expose the webhook to outside of the cluster. In some cases, the control plane cannot reach internal services.
- Strategy
Pulumi.
Kubernetes. Types. Inputs. Apps. V1. Deployment Strategy - Timeout
Seconds int - Tolerations
List<Pulumi.
Kubernetes. Types. Inputs. Core. V1. Toleration> - Url
Pulumi.
Kubernetes Cert Manager. Inputs. Cert Manager Webhook URL Overrides the mutating webhook and validating webhook so they reach the webhook service using the
url
field instead of a service.- Validating
Webhook Dictionary<string, string>Configuration Annotations Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
- Affinity Affinity
- Container
Security SecurityContext Context Container Security Context to be set on the webhook component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Deployment
Annotations map[string]string Optional additional annotations to add to the webhook Deployment
- Extra
Args []string Optional additional arguments for webhook
- Host
Network bool Specifies if the webhook should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working Since the default port for the webhook conflicts with kubelet on the host network,
webhook.securePort
should be changed to an available port if running in hostNetwork mode.- Image
Cert
Manager Image - Liveness
Probe Probe Liveness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- Load
Balancer stringIP - Mutating
Webhook map[string]stringConfiguration Annotations Optional additional annotations to add to the webhook MutatingWebhookConfiguration
- Node
Selector map[string]string - Pod
Annotations map[string]string Optional additional annotations to add to the webhook Pods
- Pod
Labels map[string]string Optional additional labels to add to the Webhook Pods
- Readiness
Probe Probe Readiness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- Replica
Count int - Resources
Resource
Requirements - Secure
Port int The port that the webhook should listen on for requests. In GKE private clusters, by default kubernetes apiservers are allowed to talk to the cluster nodes only on 443 and 10250. so configuring securePort: 10250, will work out of the box without needing to add firewall rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
- Security
Context PodSecurity Context Pod Security Context to be set on the webhook component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Service
Account CertManager Service Account - Service
Annotations map[string]string Optional additional annotations to add to the webhook service
- Service
Labels map[string]string Optional additional labels to add to the Webhook Service
- Service
Type string Specifies how the service should be handled. Useful if you want to expose the webhook to outside of the cluster. In some cases, the control plane cannot reach internal services.
- Strategy
Deployment
Strategy - Timeout
Seconds int - Tolerations Toleration
- Url
Cert
Manager Webhook URL Overrides the mutating webhook and validating webhook so they reach the webhook service using the
url
field instead of a service.- Validating
Webhook map[string]stringConfiguration Annotations Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
- affinity Affinity
- container
Security SecurityContext Context Container Security Context to be set on the webhook component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations Map<String,String> Optional additional annotations to add to the webhook Deployment
- extra
Args List<String> Optional additional arguments for webhook
- host
Network Boolean Specifies if the webhook should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working Since the default port for the webhook conflicts with kubelet on the host network,
webhook.securePort
should be changed to an available port if running in hostNetwork mode.- image
Cert
Manager Image - liveness
Probe Probe Liveness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- load
Balancer StringIP - mutating
Webhook Map<String,String>Configuration Annotations Optional additional annotations to add to the webhook MutatingWebhookConfiguration
- node
Selector Map<String,String> - pod
Annotations Map<String,String> Optional additional annotations to add to the webhook Pods
- pod
Labels Map<String,String> Optional additional labels to add to the Webhook Pods
- readiness
Probe Probe Readiness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- replica
Count Integer - resources
Resource
Requirements - secure
Port Integer The port that the webhook should listen on for requests. In GKE private clusters, by default kubernetes apiservers are allowed to talk to the cluster nodes only on 443 and 10250. so configuring securePort: 10250, will work out of the box without needing to add firewall rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
- security
Context PodSecurity Context Pod Security Context to be set on the webhook component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account CertManager Service Account - service
Annotations Map<String,String> Optional additional annotations to add to the webhook service
- service
Labels Map<String,String> Optional additional labels to add to the Webhook Service
- service
Type String Specifies how the service should be handled. Useful if you want to expose the webhook to outside of the cluster. In some cases, the control plane cannot reach internal services.
- strategy
Deployment
Strategy - timeout
Seconds Integer - tolerations List<Toleration>
- url
Cert
Manager Webhook URL Overrides the mutating webhook and validating webhook so they reach the webhook service using the
url
field instead of a service.- validating
Webhook Map<String,String>Configuration Annotations Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
- affinity
pulumi
Kubernetestypesinputcorev1Affinity - container
Security pulumiContext Kubernetestypesinputcorev1Security Context Container Security Context to be set on the webhook component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations {[key: string]: string} Optional additional annotations to add to the webhook Deployment
- extra
Args string[] Optional additional arguments for webhook
- host
Network boolean Specifies if the webhook should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working Since the default port for the webhook conflicts with kubelet on the host network,
webhook.securePort
should be changed to an available port if running in hostNetwork mode.- image
Cert
Manager Image - liveness
Probe pulumiKubernetestypesinputcorev1Probe Liveness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- load
Balancer stringIP - mutating
Webhook {[key: string]: string}Configuration Annotations Optional additional annotations to add to the webhook MutatingWebhookConfiguration
- node
Selector {[key: string]: string} - pod
Annotations {[key: string]: string} Optional additional annotations to add to the webhook Pods
- pod
Labels {[key: string]: string} Optional additional labels to add to the Webhook Pods
- readiness
Probe pulumiKubernetestypesinputcorev1Probe Readiness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- replica
Count number - resources
pulumi
Kubernetestypesinputcorev1Resource Requirements - secure
Port number The port that the webhook should listen on for requests. In GKE private clusters, by default kubernetes apiservers are allowed to talk to the cluster nodes only on 443 and 10250. so configuring securePort: 10250, will work out of the box without needing to add firewall rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
- security
Context pulumiKubernetestypesinputcorev1Pod Security Context Pod Security Context to be set on the webhook component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account CertManager Service Account - service
Annotations {[key: string]: string} Optional additional annotations to add to the webhook service
- service
Labels {[key: string]: string} Optional additional labels to add to the Webhook Service
- service
Type string Specifies how the service should be handled. Useful if you want to expose the webhook to outside of the cluster. In some cases, the control plane cannot reach internal services.
- strategy
pulumi
Kubernetestypesinputappsv1Deployment Strategy - timeout
Seconds number - tolerations
pulumi
Kubernetestypesinputcorev1Toleration[] - url
Cert
Manager Webhook URL Overrides the mutating webhook and validating webhook so they reach the webhook service using the
url
field instead of a service.- validating
Webhook {[key: string]: string}Configuration Annotations Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
- affinity
Affinity
Args - container_
security_ Securitycontext Context Args Container Security Context to be set on the webhook component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment_
annotations Mapping[str, str] Optional additional annotations to add to the webhook Deployment
- extra_
args Sequence[str] Optional additional arguments for webhook
- host_
network bool Specifies if the webhook should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working Since the default port for the webhook conflicts with kubelet on the host network,
webhook.securePort
should be changed to an available port if running in hostNetwork mode.- image
Cert
Manager Image - liveness_
probe ProbeArgs Liveness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- load_
balancer_ strip - mutating_
webhook_ Mapping[str, str]configuration_ annotations Optional additional annotations to add to the webhook MutatingWebhookConfiguration
- node_
selector Mapping[str, str] - pod_
annotations Mapping[str, str] Optional additional annotations to add to the webhook Pods
- pod_
labels Mapping[str, str] Optional additional labels to add to the Webhook Pods
- readiness_
probe ProbeArgs Readiness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- replica_
count int - resources
Resource
Requirements Args - secure_
port int The port that the webhook should listen on for requests. In GKE private clusters, by default kubernetes apiservers are allowed to talk to the cluster nodes only on 443 and 10250. so configuring securePort: 10250, will work out of the box without needing to add firewall rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
- security_
context PodSecurity Context Args Pod Security Context to be set on the webhook component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service_
account CertManager Service Account - service_
annotations Mapping[str, str] Optional additional annotations to add to the webhook service
- service_
labels Mapping[str, str] Optional additional labels to add to the Webhook Service
- service_
type str Specifies how the service should be handled. Useful if you want to expose the webhook to outside of the cluster. In some cases, the control plane cannot reach internal services.
- strategy
Deployment
Strategy Args - timeout_
seconds int - tolerations
Toleration
Args] - url
Cert
Manager Webhook URL Overrides the mutating webhook and validating webhook so they reach the webhook service using the
url
field instead of a service.- validating_
webhook_ Mapping[str, str]configuration_ annotations Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
- affinity Property Map
- container
Security Property MapContext Container Security Context to be set on the webhook component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- deployment
Annotations Map<String> Optional additional annotations to add to the webhook Deployment
- extra
Args List<String> Optional additional arguments for webhook
- host
Network Boolean Specifies if the webhook should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working Since the default port for the webhook conflicts with kubelet on the host network,
webhook.securePort
should be changed to an available port if running in hostNetwork mode.- image Property Map
- liveness
Probe Property Map Liveness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- load
Balancer StringIP - mutating
Webhook Map<String>Configuration Annotations Optional additional annotations to add to the webhook MutatingWebhookConfiguration
- node
Selector Map<String> - pod
Annotations Map<String> Optional additional annotations to add to the webhook Pods
- pod
Labels Map<String> Optional additional labels to add to the Webhook Pods
- readiness
Probe Property Map Readiness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- replica
Count Number - resources Property Map
- secure
Port Number The port that the webhook should listen on for requests. In GKE private clusters, by default kubernetes apiservers are allowed to talk to the cluster nodes only on 443 and 10250. so configuring securePort: 10250, will work out of the box without needing to add firewall rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
- security
Context Property Map Pod Security Context to be set on the webhook component Pod. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- service
Account Property Map - service
Annotations Map<String> Optional additional annotations to add to the webhook service
- service
Labels Map<String> Optional additional labels to add to the Webhook Service
- service
Type String Specifies how the service should be handled. Useful if you want to expose the webhook to outside of the cluster. In some cases, the control plane cannot reach internal services.
- strategy Property Map
- timeout
Seconds Number - tolerations List<Property Map>
- url Property Map
Overrides the mutating webhook and validating webhook so they reach the webhook service using the
url
field instead of a service.- validating
Webhook Map<String>Configuration Annotations Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
CertManagerWebhookURL, CertManagerWebhookURLArgs
- Host string
- Host string
- host String
- host string
- host str
- host String
Release, ReleaseArgs
- Atomic bool
If set, installation process purges chart on fail.
skipAwait
will be disabled automatically if atomic is used.- Chart string
Chart name to be installed. A path may be used.
- Cleanup
On boolFail Allow deletion of new resources created in this upgrade when upgrade fails.
- Create
Namespace bool Create the namespace if it does not exist.
- Dependency
Update bool Run helm dependency update before installing the chart.
- Description string
Add a custom description
- Devel bool
Use chart development versions, too. Equivalent to version '>0.0.0-0'. If
version
is set, this is ignored.- Disable
CRDHooks bool Prevent CRD hooks from, running, but run other hooks. See helm install --no-crd-hook
- Disable
Openapi boolValidation If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema
- Disable
Webhooks bool Prevent hooks from running.
- Force
Update bool Force resource update through delete/recreate if needed.
- Keyring string
Location of public keys used for verification. Used only if
verify
is true- Lint bool
Run helm lint when planning.
- Manifest Dictionary<string, object>
The rendered manifests as JSON. Not yet supported.
- Max
History int Limit the maximum number of revisions saved per release. Use 0 for no limit.
- Name string
Release name.
- Namespace string
Namespace to install the release into.
- Postrender string
Postrender command to run.
- Recreate
Pods bool Perform pods restart during upgrade/rollback.
- Render
Subchart boolNotes If set, render subchart notes along with the parent.
- Replace bool
Re-use the given name, even if that name is already used. This is unsafe in production
- Repository
Opts Pulumi.Kubernetes Cert Manager. Inputs. Repository Opts Specification defining the Helm chart repository to use.
- Reset
Values bool When upgrading, reset the values to the ones built into the chart.
- Resource
Names Dictionary<string, ImmutableArray<string>> Names of resources created by the release grouped by "kind/version".
- Reuse
Values bool When upgrading, reuse the last release's values and merge in any overrides. If 'resetValues' is specified, this is ignored
- Skip
Await bool By default, the provider waits until all resources are in a ready state before marking the release as successful. Setting this to true will skip such await logic.
- Skip
Crds bool If set, no CRDs will be installed. By default, CRDs are installed if not already present.
- Timeout int
Time in seconds to wait for any individual kubernetes operation.
- Value
Yaml List<AssetFiles Or Archive> List of assets (raw yaml files). Content is read and merged with values. Not yet supported.
- Values Dictionary<string, object>
Custom values set for the release.
- Verify bool
Verify the package before installing it.
- Version string
Specify the exact chart version to install. If this is not specified, the latest version is installed.
- Wait
For boolJobs Will wait until all Jobs have been completed before marking the release as successful. This is ignored if
skipAwait
is enabled.
- Atomic bool
If set, installation process purges chart on fail.
skipAwait
will be disabled automatically if atomic is used.- Chart string
Chart name to be installed. A path may be used.
- Cleanup
On boolFail Allow deletion of new resources created in this upgrade when upgrade fails.
- Create
Namespace bool Create the namespace if it does not exist.
- Dependency
Update bool Run helm dependency update before installing the chart.
- Description string
Add a custom description
- Devel bool
Use chart development versions, too. Equivalent to version '>0.0.0-0'. If
version
is set, this is ignored.- Disable
CRDHooks bool Prevent CRD hooks from, running, but run other hooks. See helm install --no-crd-hook
- Disable
Openapi boolValidation If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema
- Disable
Webhooks bool Prevent hooks from running.
- Force
Update bool Force resource update through delete/recreate if needed.
- Keyring string
Location of public keys used for verification. Used only if
verify
is true- Lint bool
Run helm lint when planning.
- Manifest map[string]interface{}
The rendered manifests as JSON. Not yet supported.
- Max
History int Limit the maximum number of revisions saved per release. Use 0 for no limit.
- Name string
Release name.
- Namespace string
Namespace to install the release into.
- Postrender string
Postrender command to run.
- Recreate
Pods bool Perform pods restart during upgrade/rollback.
- Render
Subchart boolNotes If set, render subchart notes along with the parent.
- Replace bool
Re-use the given name, even if that name is already used. This is unsafe in production
- Repository
Opts RepositoryOpts Specification defining the Helm chart repository to use.
- Reset
Values bool When upgrading, reset the values to the ones built into the chart.
- Resource
Names map[string][]string Names of resources created by the release grouped by "kind/version".
- Reuse
Values bool When upgrading, reuse the last release's values and merge in any overrides. If 'resetValues' is specified, this is ignored
- Skip
Await bool By default, the provider waits until all resources are in a ready state before marking the release as successful. Setting this to true will skip such await logic.
- Skip
Crds bool If set, no CRDs will be installed. By default, CRDs are installed if not already present.
- Timeout int
Time in seconds to wait for any individual kubernetes operation.
- Value
Yaml AssetFiles Or Archive List of assets (raw yaml files). Content is read and merged with values. Not yet supported.
- Values map[string]interface{}
Custom values set for the release.
- Verify bool
Verify the package before installing it.
- Version string
Specify the exact chart version to install. If this is not specified, the latest version is installed.
- Wait
For boolJobs Will wait until all Jobs have been completed before marking the release as successful. This is ignored if
skipAwait
is enabled.
- atomic Boolean
If set, installation process purges chart on fail.
skipAwait
will be disabled automatically if atomic is used.- chart String
Chart name to be installed. A path may be used.
- cleanup
On BooleanFail Allow deletion of new resources created in this upgrade when upgrade fails.
- create
Namespace Boolean Create the namespace if it does not exist.
- dependency
Update Boolean Run helm dependency update before installing the chart.
- description String
Add a custom description
- devel Boolean
Use chart development versions, too. Equivalent to version '>0.0.0-0'. If
version
is set, this is ignored.- disable
CRDHooks Boolean Prevent CRD hooks from, running, but run other hooks. See helm install --no-crd-hook
- disable
Openapi BooleanValidation If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema
- disable
Webhooks Boolean Prevent hooks from running.
- force
Update Boolean Force resource update through delete/recreate if needed.
- keyring String
Location of public keys used for verification. Used only if
verify
is true- lint Boolean
Run helm lint when planning.
- manifest Map<String,Object>
The rendered manifests as JSON. Not yet supported.
- max
History Integer Limit the maximum number of revisions saved per release. Use 0 for no limit.
- name String
Release name.
- namespace String
Namespace to install the release into.
- postrender String
Postrender command to run.
- recreate
Pods Boolean Perform pods restart during upgrade/rollback.
- render
Subchart BooleanNotes If set, render subchart notes along with the parent.
- replace Boolean
Re-use the given name, even if that name is already used. This is unsafe in production
- repository
Opts RepositoryOpts Specification defining the Helm chart repository to use.
- reset
Values Boolean When upgrading, reset the values to the ones built into the chart.
- resource
Names Map<String,List<String>> Names of resources created by the release grouped by "kind/version".
- reuse
Values Boolean When upgrading, reuse the last release's values and merge in any overrides. If 'resetValues' is specified, this is ignored
- skip
Await Boolean By default, the provider waits until all resources are in a ready state before marking the release as successful. Setting this to true will skip such await logic.
- skip
Crds Boolean If set, no CRDs will be installed. By default, CRDs are installed if not already present.
- timeout Integer
Time in seconds to wait for any individual kubernetes operation.
- value
Yaml List<AssetFiles Or Archive> List of assets (raw yaml files). Content is read and merged with values. Not yet supported.
- values Map<String,Object>
Custom values set for the release.
- verify Boolean
Verify the package before installing it.
- version String
Specify the exact chart version to install. If this is not specified, the latest version is installed.
- wait
For BooleanJobs Will wait until all Jobs have been completed before marking the release as successful. This is ignored if
skipAwait
is enabled.
- atomic boolean
If set, installation process purges chart on fail.
skipAwait
will be disabled automatically if atomic is used.- chart string
Chart name to be installed. A path may be used.
- cleanup
On booleanFail Allow deletion of new resources created in this upgrade when upgrade fails.
- create
Namespace boolean Create the namespace if it does not exist.
- dependency
Update boolean Run helm dependency update before installing the chart.
- description string
Add a custom description
- devel boolean
Use chart development versions, too. Equivalent to version '>0.0.0-0'. If
version
is set, this is ignored.- disable
CRDHooks boolean Prevent CRD hooks from, running, but run other hooks. See helm install --no-crd-hook
- disable
Openapi booleanValidation If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema
- disable
Webhooks boolean Prevent hooks from running.
- force
Update boolean Force resource update through delete/recreate if needed.
- keyring string
Location of public keys used for verification. Used only if
verify
is true- lint boolean
Run helm lint when planning.
- manifest {[key: string]: any}
The rendered manifests as JSON. Not yet supported.
- max
History number Limit the maximum number of revisions saved per release. Use 0 for no limit.
- name string
Release name.
- namespace string
Namespace to install the release into.
- postrender string
Postrender command to run.
- recreate
Pods boolean Perform pods restart during upgrade/rollback.
- render
Subchart booleanNotes If set, render subchart notes along with the parent.
- replace boolean
Re-use the given name, even if that name is already used. This is unsafe in production
- repository
Opts RepositoryOpts Specification defining the Helm chart repository to use.
- reset
Values boolean When upgrading, reset the values to the ones built into the chart.
- resource
Names {[key: string]: string[]} Names of resources created by the release grouped by "kind/version".
- reuse
Values boolean When upgrading, reuse the last release's values and merge in any overrides. If 'resetValues' is specified, this is ignored
- skip
Await boolean By default, the provider waits until all resources are in a ready state before marking the release as successful. Setting this to true will skip such await logic.
- skip
Crds boolean If set, no CRDs will be installed. By default, CRDs are installed if not already present.
- timeout number
Time in seconds to wait for any individual kubernetes operation.
- value
Yaml (pulumiassetFiles Asset | pulumiasset Archive)[] List of assets (raw yaml files). Content is read and merged with values. Not yet supported.
- values {[key: string]: any}
Custom values set for the release.
- verify boolean
Verify the package before installing it.
- version string
Specify the exact chart version to install. If this is not specified, the latest version is installed.
- wait
For booleanJobs Will wait until all Jobs have been completed before marking the release as successful. This is ignored if
skipAwait
is enabled.
- atomic bool
If set, installation process purges chart on fail.
skipAwait
will be disabled automatically if atomic is used.- chart str
Chart name to be installed. A path may be used.
- cleanup_
on_ boolfail Allow deletion of new resources created in this upgrade when upgrade fails.
- create_
namespace bool Create the namespace if it does not exist.
- dependency_
update bool Run helm dependency update before installing the chart.
- description str
Add a custom description
- devel bool
Use chart development versions, too. Equivalent to version '>0.0.0-0'. If
version
is set, this is ignored.- disable_
crd_ boolhooks Prevent CRD hooks from, running, but run other hooks. See helm install --no-crd-hook
- disable_
openapi_ boolvalidation If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema
- disable_
webhooks bool Prevent hooks from running.
- force_
update bool Force resource update through delete/recreate if needed.
- keyring str
Location of public keys used for verification. Used only if
verify
is true- lint bool
Run helm lint when planning.
- manifest Mapping[str, Any]
The rendered manifests as JSON. Not yet supported.
- max_
history int Limit the maximum number of revisions saved per release. Use 0 for no limit.
- name str
Release name.
- namespace str
Namespace to install the release into.
- postrender str
Postrender command to run.
- recreate_
pods bool Perform pods restart during upgrade/rollback.
- render_
subchart_ boolnotes If set, render subchart notes along with the parent.
- replace bool
Re-use the given name, even if that name is already used. This is unsafe in production
- repository_
opts RepositoryOpts Specification defining the Helm chart repository to use.
- reset_
values bool When upgrading, reset the values to the ones built into the chart.
- resource_
names Mapping[str, Sequence[str]] Names of resources created by the release grouped by "kind/version".
- reuse_
values bool When upgrading, reuse the last release's values and merge in any overrides. If 'resetValues' is specified, this is ignored
- skip_
await bool By default, the provider waits until all resources are in a ready state before marking the release as successful. Setting this to true will skip such await logic.
- skip_
crds bool If set, no CRDs will be installed. By default, CRDs are installed if not already present.
- timeout int
Time in seconds to wait for any individual kubernetes operation.
- value_
yaml_ Archive]]files List of assets (raw yaml files). Content is read and merged with values. Not yet supported.
- values Mapping[str, Any]
Custom values set for the release.
- verify bool
Verify the package before installing it.
- version str
Specify the exact chart version to install. If this is not specified, the latest version is installed.
- wait_
for_ booljobs Will wait until all Jobs have been completed before marking the release as successful. This is ignored if
skipAwait
is enabled.
- atomic Boolean
If set, installation process purges chart on fail.
skipAwait
will be disabled automatically if atomic is used.- chart String
Chart name to be installed. A path may be used.
- cleanup
On BooleanFail Allow deletion of new resources created in this upgrade when upgrade fails.
- create
Namespace Boolean Create the namespace if it does not exist.
- dependency
Update Boolean Run helm dependency update before installing the chart.
- description String
Add a custom description
- devel Boolean
Use chart development versions, too. Equivalent to version '>0.0.0-0'. If
version
is set, this is ignored.- disable
CRDHooks Boolean Prevent CRD hooks from, running, but run other hooks. See helm install --no-crd-hook
- disable
Openapi BooleanValidation If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema
- disable
Webhooks Boolean Prevent hooks from running.
- force
Update Boolean Force resource update through delete/recreate if needed.
- keyring String
Location of public keys used for verification. Used only if
verify
is true- lint Boolean
Run helm lint when planning.
- manifest Map<Any>
The rendered manifests as JSON. Not yet supported.
- max
History Number Limit the maximum number of revisions saved per release. Use 0 for no limit.
- name String
Release name.
- namespace String
Namespace to install the release into.
- postrender String
Postrender command to run.
- recreate
Pods Boolean Perform pods restart during upgrade/rollback.
- render
Subchart BooleanNotes If set, render subchart notes along with the parent.
- replace Boolean
Re-use the given name, even if that name is already used. This is unsafe in production
- repository
Opts Property Map Specification defining the Helm chart repository to use.
- reset
Values Boolean When upgrading, reset the values to the ones built into the chart.
- resource
Names Map<List<String>> Names of resources created by the release grouped by "kind/version".
- reuse
Values Boolean When upgrading, reuse the last release's values and merge in any overrides. If 'resetValues' is specified, this is ignored
- skip
Await Boolean By default, the provider waits until all resources are in a ready state before marking the release as successful. Setting this to true will skip such await logic.
- skip
Crds Boolean If set, no CRDs will be installed. By default, CRDs are installed if not already present.
- timeout Number
Time in seconds to wait for any individual kubernetes operation.
- value
Yaml List<Asset>Files List of assets (raw yaml files). Content is read and merged with values. Not yet supported.
- values Map<Any>
Custom values set for the release.
- verify Boolean
Verify the package before installing it.
- version String
Specify the exact chart version to install. If this is not specified, the latest version is installed.
- wait
For BooleanJobs Will wait until all Jobs have been completed before marking the release as successful. This is ignored if
skipAwait
is enabled.
ReleaseStatus, ReleaseStatusArgs
- App
Version string The version number of the application being deployed.
- Chart string
The name of the chart.
- Name string
Name is the name of the release.
- Namespace string
Namespace is the kubernetes namespace of the release.
- Revision int
Version is an int32 which represents the version of the release.
- Status string
Status of the release.
- Version string
A SemVer 2 conformant version string of the chart.
- App
Version string The version number of the application being deployed.
- Chart string
The name of the chart.
- Name string
Name is the name of the release.
- Namespace string
Namespace is the kubernetes namespace of the release.
- Revision int
Version is an int32 which represents the version of the release.
- Status string
Status of the release.
- Version string
A SemVer 2 conformant version string of the chart.
- app
Version String The version number of the application being deployed.
- chart String
The name of the chart.
- name String
Name is the name of the release.
- namespace String
Namespace is the kubernetes namespace of the release.
- revision Integer
Version is an int32 which represents the version of the release.
- status String
Status of the release.
- version String
A SemVer 2 conformant version string of the chart.
- app
Version string The version number of the application being deployed.
- chart string
The name of the chart.
- name string
Name is the name of the release.
- namespace string
Namespace is the kubernetes namespace of the release.
- revision number
Version is an int32 which represents the version of the release.
- status string
Status of the release.
- version string
A SemVer 2 conformant version string of the chart.
- app_
version str The version number of the application being deployed.
- chart str
The name of the chart.
- name str
Name is the name of the release.
- namespace str
Namespace is the kubernetes namespace of the release.
- revision int
Version is an int32 which represents the version of the release.
- status str
Status of the release.
- version str
A SemVer 2 conformant version string of the chart.
- app
Version String The version number of the application being deployed.
- chart String
The name of the chart.
- name String
Name is the name of the release.
- namespace String
Namespace is the kubernetes namespace of the release.
- revision Number
Version is an int32 which represents the version of the release.
- status String
Status of the release.
- version String
A SemVer 2 conformant version string of the chart.
RepositoryOpts, RepositoryOptsArgs
- Ca
File string The Repository's CA File
- Cert
File string The repository's cert file
- Key
File string The repository's cert key file
- Password string
Password for HTTP basic authentication
- Repo string
Repository where to locate the requested chart. If is a URL the chart is installed without installing the repository.
- Username string
Username for HTTP basic authentication
- Ca
File string The Repository's CA File
- Cert
File string The repository's cert file
- Key
File string The repository's cert key file
- Password string
Password for HTTP basic authentication
- Repo string
Repository where to locate the requested chart. If is a URL the chart is installed without installing the repository.
- Username string
Username for HTTP basic authentication
- ca
File String The Repository's CA File
- cert
File String The repository's cert file
- key
File String The repository's cert key file
- password String
Password for HTTP basic authentication
- repo String
Repository where to locate the requested chart. If is a URL the chart is installed without installing the repository.
- username String
Username for HTTP basic authentication
- ca
File string The Repository's CA File
- cert
File string The repository's cert file
- key
File string The repository's cert key file
- password string
Password for HTTP basic authentication
- repo string
Repository where to locate the requested chart. If is a URL the chart is installed without installing the repository.
- username string
Username for HTTP basic authentication
- ca_
file str The Repository's CA File
- cert_
file str The repository's cert file
- key_
file str The repository's cert key file
- password str
Password for HTTP basic authentication
- repo str
Repository where to locate the requested chart. If is a URL the chart is installed without installing the repository.
- username str
Username for HTTP basic authentication
- ca
File String The Repository's CA File
- cert
File String The repository's cert file
- key
File String The repository's cert key file
- password String
Password for HTTP basic authentication
- repo String
Repository where to locate the requested chart. If is a URL the chart is installed without installing the repository.
- username String
Username for HTTP basic authentication
Package Details
- Repository
- Jetstack Cert Manager (Helm)
- License