96 lines
2.1 KiB
YAML
96 lines
2.1 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: cert-manager
|
|
namespace: argocd
|
|
labels:
|
|
app.kubernetes.io/name: cert-manager
|
|
app.kubernetes.io/part-of: platform
|
|
app.kubernetes.io/managed-by: argocd
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
project: default
|
|
|
|
source:
|
|
repoURL: https://charts.jetstack.io
|
|
chart: cert-manager
|
|
targetRevision: "v1.14.0"
|
|
|
|
helm:
|
|
values: |
|
|
# Install CustomResourceDefinitions
|
|
installCRDs: true
|
|
|
|
# Global configuration
|
|
global:
|
|
leaderElection:
|
|
namespace: cert-manager
|
|
|
|
# Webhook configuration
|
|
webhook:
|
|
enabled: true
|
|
replicaCount: 1
|
|
timeoutSeconds: 10
|
|
# Disable Istio sidecar injection for webhook to avoid mTLS issues
|
|
podAnnotations:
|
|
sidecar.istio.io/inject: "false"
|
|
|
|
# CA Injector
|
|
caInjector:
|
|
enabled: true
|
|
replicaCount: 1
|
|
# Disable Istio sidecar injection for CA injector
|
|
podAnnotations:
|
|
sidecar.istio.io/inject: "false"
|
|
|
|
# Disable Istio sidecar for main controller pods
|
|
podAnnotations:
|
|
sidecar.istio.io/inject: "false"
|
|
|
|
# Security context
|
|
podSecurityPolicy:
|
|
enabled: false
|
|
|
|
# Resources
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
# Service account
|
|
serviceAccount:
|
|
create: true
|
|
name: cert-manager
|
|
|
|
# Enable debug logging if needed (set to false for production)
|
|
logLevel: 2
|
|
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: cert-manager
|
|
|
|
# Patch namespace to disable Istio injection
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
allowEmpty: false
|
|
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- Validate=true
|
|
- ServerSideApply=true
|
|
- Replace=false
|
|
|
|
timeout: 300s
|
|
retry:
|
|
limit: 5
|
|
backoff:
|
|
duration: 5s
|
|
factor: 2
|
|
maxDuration: 3m
|