UNPKG

@pulumi/kubernetes-cert-manager

Version:

This repo contains the Pulumi Cert Manager component for Kubernetes. This add-on automates the management and issuance of TLS certificates from various issuing sources. It ensures certificates are valid and up to date periodically, and attempts to renew c

pulumi.io

pulumi/pulumi-kubernetes-cert-manager

109 lines (108 loc) 5.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as pulumiKubernetes from "@pulumi/kubernetes"; /** * Automates the management and issuance of TLS certificates from various issuing sources within Kubernetes */ export declare class CertManager extends pulumi.ComponentResource { /** * Returns true if the given object is an instance of CertManager. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CertManager; /** * Detailed information about the status of the underlying Helm deployment. */ readonly status: pulumi.Output<outputs.ReleaseStatus>; /** * Create a CertManager resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: CertManagerArgs, opts?: pulumi.ComponentResourceOptions); } /** * The set of arguments for constructing a CertManager resource. */ export interface CertManagerArgs { affinity?: pulumi.Input<pulumiKubernetes.types.input.core.v1.Affinity>; cainjector?: pulumi.Input<inputs.CertManagerCaInjectorArgs>; /** * Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart. */ clusterResourceNamespace?: pulumi.Input<string>; /** * Container Security Context to be set on the controller component container. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ */ containerSecurityContext?: pulumi.Input<pulumiKubernetes.types.input.core.v1.SecurityContext>; /** * Optional additional annotations to add to the controller Deployment */ deploymentAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Optional additional arguments. */ extraArgs?: pulumi.Input<pulumi.Input<string>[]>; extraEnv?: pulumi.Input<pulumi.Input<pulumiKubernetes.types.input.core.v1.EnvVar>[]>; extraVolumeMounts?: pulumi.Input<pulumi.Input<pulumiKubernetes.types.input.core.v1.VolumeMount>[]>; extraVolumes?: pulumi.Input<pulumi.Input<pulumiKubernetes.types.input.core.v1.Volume>[]>; /** * Comma separated list of feature gates that should be enabled on the controller pod. */ featureGates?: pulumi.Input<string>; global?: pulumi.Input<inputs.CertManagerGlobalArgs>; /** * HelmOptions is an escape hatch that lets the end user control any aspect of the Helm deployment. This exposes the entirety of the underlying Helm Release component args. */ helmOptions?: inputs.ReleaseArgs; http_proxy?: pulumi.Input<string>; https_proxy?: pulumi.Input<string>; image?: pulumi.Input<inputs.CertManagerImageArgs>; ingressShim?: pulumi.Input<inputs.CertManagerIngressShimArgs>; installCRDs?: pulumi.Input<boolean>; no_proxy?: pulumi.Input<pulumi.Input<string>[]>; nodeSelector?: pulumi.Input<pulumiKubernetes.types.input.core.v1.NodeSelector>; /** * Optional additional annotations to add to the controller Pods */ podAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; podDnsConfig?: pulumi.Input<pulumiKubernetes.types.input.core.v1.PodDNSConfig>; /** * Optional DNS settings, useful if you have a public and private DNS zone for the same domain on Route 53. What follows is an example of ensuring cert-manager can access an ingress or DNS TXT records at all times. NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for the cluster to work. */ podDnsPolicy?: pulumi.Input<string>; podLabels?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; prometheus?: pulumi.Input<inputs.CertManagerPrometheusArgs>; replicaCount?: pulumi.Input<number>; resources?: pulumi.Input<pulumiKubernetes.types.input.core.v1.ResourceRequirements>; /** * Pod Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ */ securityContext?: pulumi.Input<pulumiKubernetes.types.input.core.v1.PodSecurityContext>; serviceAccount?: pulumi.Input<inputs.CertManagerServiceAccountArgs>; /** * Optional additional annotations to add to the controller service */ serviceAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Optional additional labels to add to the controller Service */ serviceLabels?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; startupapicheck?: pulumi.Input<inputs.CertManagerStartupAPICheckArgs>; strategy?: pulumi.Input<pulumiKubernetes.types.input.apps.v1.DeploymentStrategy>; tolerations?: pulumi.Input<pulumi.Input<pulumiKubernetes.types.input.core.v1.Toleration>[]>; webhook?: pulumi.Input<inputs.CertManagerWebhookArgs>; }