github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/overrides/cert-manager-values.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/overrides/cert-manager-values.yaml (about)

     1  # Copyright (c) 2021, 2023, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  # NOTE: The image you're looking for isn't here. The cert-manager-controller image now comes from
     5  # the bill of materials file (verrazzano-bom.json).
     6  
     7  ingressShim:
     8    defaultIssuerName: verrazzano-cluster-issuer
     9    defaultIssuerKind: ClusterIssuer
    10  
    11  # NOTE: The acme solver image you're looking for isn't here. The image now comes from the bill of materials
    12  # file (verrazzano-bom.json), and the override string is built in the install_cert_manager() shell function
    13  # in the 2-install-system-components.sh install script
    14  
    15  # Pod Security Context
    16  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    17  securityContext:
    18    runAsNonRoot: true
    19    seccompProfile:
    20      type: RuntimeDefault
    21  
    22  # Container Security Context to be set on the controller component container
    23  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    24  containerSecurityContext:
    25    allowPrivilegeEscalation: false
    26    privileged: false
    27    readOnlyRootFilesystem: true
    28    runAsNonRoot: true
    29    runAsUser: 65534
    30    runAsGroup: 65534
    31    capabilities:
    32     drop:
    33     - ALL
    34  
    35  # Pod Security Context for cert-manager-cainjector
    36  cainjector:
    37    securityContext:
    38      runAsNonRoot: true
    39      seccompProfile:
    40        type: RuntimeDefault
    41    containerSecurityContext:
    42      allowPrivilegeEscalation: false
    43      privileged: false
    44      readOnlyRootFilesystem: true
    45      runAsNonRoot: true
    46      runAsUser: 65534
    47      runAsGroup: 65534
    48      capabilities:
    49        drop:
    50          - ALL
    51  
    52  # Pod Security Context for cert-manager-webhook
    53  webhook:
    54    securityContext:
    55      runAsNonRoot: true
    56      seccompProfile:
    57        type: RuntimeDefault
    58    containerSecurityContext:
    59      allowPrivilegeEscalation: false
    60      privileged: false
    61      readOnlyRootFilesystem: true
    62      runAsNonRoot: true
    63      runAsUser: 65534
    64      runAsGroup: 65534
    65      capabilities:
    66        drop:
    67          - ALL
    68  
    69  startupapicheck:
    70    enabled: true