github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/README.md (about)

     1  # cert-manager
     2  
     3  cert-manager is a Kubernetes addon to automate the management and issuance of
     4  TLS certificates from various issuing sources.
     5  
     6  It will ensure certificates are valid and up to date periodically, and attempt
     7  to renew certificates at an appropriate time before expiry.
     8  
     9  ## Prerequisites
    10  
    11  - Kubernetes 1.18+
    12  
    13  ## Installing the Chart
    14  
    15  Full installation instructions, including details on how to configure extra
    16  functionality in cert-manager can be found in the [installation docs](https://cert-manager.io/docs/installation/kubernetes/).
    17  
    18  Before installing the chart, you must first install the cert-manager CustomResourceDefinition resources.
    19  This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.
    20  
    21  ```bash
    22  $ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
    23  ```
    24  
    25  To install the chart with the release name `my-release`:
    26  
    27  ```console
    28  ## Add the Jetstack Helm repository
    29  $ helm repo add jetstack https://charts.jetstack.io
    30  
    31  ## Install the cert-manager helm chart
    32  $ helm install my-release --namespace cert-manager --version v1.9.1 jetstack/cert-manager
    33  ```
    34  
    35  In order to begin issuing certificates, you will need to set up a ClusterIssuer
    36  or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
    37  
    38  More information on the different types of issuers and how to configure them
    39  can be found in [our documentation](https://cert-manager.io/docs/configuration/).
    40  
    41  For information on how to configure cert-manager to automatically provision
    42  Certificates for Ingress resources, take a look at the
    43  [Securing Ingresses documentation](https://cert-manager.io/docs/usage/ingress/).
    44  
    45  > **Tip**: List all releases using `helm list`
    46  
    47  ## Upgrading the Chart
    48  
    49  Special considerations may be required when upgrading the Helm chart, and these
    50  are documented in our full [upgrading guide](https://cert-manager.io/docs/installation/upgrading/).
    51  
    52  **Please check here before performing upgrades!**
    53  
    54  ## Uninstalling the Chart
    55  
    56  To uninstall/delete the `my-release` deployment:
    57  
    58  ```console
    59  $ helm delete my-release
    60  ```
    61  
    62  The command removes all the Kubernetes components associated with the chart and deletes the release.
    63  
    64  If you want to completely uninstall cert-manager from your cluster, you will also need to
    65  delete the previously installed CustomResourceDefinition resources:
    66  
    67  ```console
    68  $ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
    69  ```
    70  
    71  ## Configuration
    72  
    73  The following table lists the configurable parameters of the cert-manager chart and their default values.
    74  
    75  | Parameter                                                     | Description                                                                                                                                                                                                                                                                                                                                                                         | Default                                    |
    76  | ------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
    77  | `global.imagePullSecrets`                                     | Reference to one or more secrets to be used when pulling images                                                                                                                                                                                                                                                                                                                     | `[]`                                       |
    78  | `global.rbac.create`                                          | If `true`, create and use RBAC resources (includes sub-charts)                                                                                                                                                                                                                                                                                                                      | `true`                                     |
    79  | `global.priorityClassName`                                    | Priority class name for cert-manager and webhook pods                                                                                                                                                                                                                                                                                                                               | `""`                                       |
    80  | `global.podSecurityPolicy.enabled`                            | If `true`, create and use PodSecurityPolicy (includes sub-charts)                                                                                                                                                                                                                                                                                                                   | `false`                                    |
    81  | `global.podSecurityPolicy.useAppArmor`                        | If `true`, use Apparmor seccomp profile in PSP                                                                                                                                                                                                                                                                                                                                      | `true`                                     |
    82  | `global.leaderElection.namespace`                             | Override the namespace used to store the ConfigMap for leader election                                                                                                                                                                                                                                                                                                              | `kube-system`                              |
    83  | `global.leaderElection.leaseDuration`                         | The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate                                                                                                  |                                            |
    84  | `global.leaderElection.renewDeadline`                         | The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration                                                                                                                                                                                                                        |                                            |
    85  | `global.leaderElection.retryPeriod`                           | The duration the clients should wait between attempting acquisition and renewal of a leadership                                                                                                                                                                                                                                                                                     |                                            |
    86  | `installCRDs`                                                 | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED                                                                                                                                                                                                | `false`                                    |
    87  | `image.repository`                                            | Image repository                                                                                                                                                                                                                                                                                                                                                                    | `quay.io/jetstack/cert-manager-controller` |
    88  | `image.tag`                                                   | Image tag                                                                                                                                                                                                                                                                                                                                                                           | `v1.9.1`                                   |
    89  | `image.pullPolicy`                                            | Image pull policy                                                                                                                                                                                                                                                                                                                                                                   | `IfNotPresent`                             |
    90  | `replicaCount`                                                | Number of cert-manager replicas                                                                                                                                                                                                                                                                                                                                                     | `1`                                        |
    91  | `clusterResourceNamespace`                                    | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources                                                                                                                                                                                                                                                                                      | Same namespace as cert-manager pod         |
    92  | `featureGates`                                                | Set of comma-separated key=value pairs that describe feature gates on the controller. Some feature gates may also have to be enabled on other components, and can be set supplying the `feature-gate` flag to `<component>.extraArgs`                                                                                                                                               | ``                                         |
    93  | `extraArgs`                                                   | Optional flags for cert-manager                                                                                                                                                                                                                                                                                                                                                     | `[]`                                       |
    94  | `extraEnv`                                                    | Optional environment variables for cert-manager                                                                                                                                                                                                                                                                                                                                     | `[]`                                       |
    95  | `serviceAccount.create`                                       | If `true`, create a new service account                                                                                                                                                                                                                                                                                                                                             | `true`                                     |
    96  | `serviceAccount.name`                                         | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template                                                                                                                                                                                                                                                       |                                            |
    97  | `serviceAccount.annotations`                                  | Annotations to add to the service account                                                                                                                                                                                                                                                                                                                                           |                                            |
    98  | `serviceAccount.automountServiceAccountToken`                 | Automount API credentials for the Service Account                                                                                                                                                                                                                                                                                                                                   | `true`                                     |
    99  | `volumes`                                                     | Optional volumes for cert-manager                                                                                                                                                                                                                                                                                                                                                   | `[]`                                       |
   100  | `volumeMounts`                                                | Optional volume mounts for cert-manager                                                                                                                                                                                                                                                                                                                                             | `[]`                                       |
   101  | `resources`                                                   | CPU/memory resource requests/limits                                                                                                                                                                                                                                                                                                                                                 | `{}`                                       |
   102  | `securityContext`                                             | Optional security context. The yaml block should adhere to the [SecurityContext spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core)                                                                                                                                                                                                 | `{}`                                       |
   103  | `containerSecurityContext`                                    | Security context to be set on the controller component container                                                                                                                                                                                                                                                                                                                    | `{}`                                       |
   104  | `nodeSelector`                                                | Node labels for pod assignment                                                                                                                                                                                                                                                                                                                                                      | `{}`                                       |
   105  | `affinity`                                                    | Node affinity for pod assignment                                                                                                                                                                                                                                                                                                                                                    | `{}`                                       |
   106  | `tolerations`                                                 | Node tolerations for pod assignment                                                                                                                                                                                                                                                                                                                                                 | `[]`                                       |
   107  | `ingressShim.defaultIssuerName`                               | Optional default issuer to use for ingress resources                                                                                                                                                                                                                                                                                                                                |                                            |
   108  | `ingressShim.defaultIssuerKind`                               | Optional default issuer kind to use for ingress resources                                                                                                                                                                                                                                                                                                                           |                                            |
   109  | `ingressShim.defaultIssuerGroup`                              | Optional default issuer group to use for ingress resources                                                                                                                                                                                                                                                                                                                          |                                            |
   110  | `prometheus.enabled`                                          | Enable Prometheus monitoring                                                                                                                                                                                                                                                                                                                                                        | `true`                                     |
   111  | `prometheus.servicemonitor.enabled`                           | Enable Prometheus Operator ServiceMonitor monitoring                                                                                                                                                                                                                                                                                                                                | `false`                                    |
   112  | `prometheus.servicemonitor.namespace`                         | Define namespace where to deploy the ServiceMonitor resource                                                                                                                                                                                                                                                                                                                        | (namespace where you are deploying)        |
   113  | `prometheus.servicemonitor.prometheusInstance`                | Prometheus Instance definition                                                                                                                                                                                                                                                                                                                                                      | `default`                                  |
   114  | `prometheus.servicemonitor.targetPort`                        | Prometheus scrape port                                                                                                                                                                                                                                                                                                                                                              | `9402`                                     |
   115  | `prometheus.servicemonitor.path`                              | Prometheus scrape path                                                                                                                                                                                                                                                                                                                                                              | `/metrics`                                 |
   116  | `prometheus.servicemonitor.interval`                          | Prometheus scrape interval                                                                                                                                                                                                                                                                                                                                                          | `60s`                                      |
   117  | `prometheus.servicemonitor.labels`                            | Add custom labels to ServiceMonitor                                                                                                                                                                                                                                                                                                                                                 |                                            |
   118  | `prometheus.servicemonitor.scrapeTimeout`                     | Prometheus scrape timeout                                                                                                                                                                                                                                                                                                                                                           | `30s`                                      |
   119  | `prometheus.servicemonitor.honorLabels`                       | Enable label honoring for metrics scraped by Prometheus (see [Prometheus scrape config docs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) for details). By setting `honorLabels` to `true`, Prometheus will prefer label contents given by cert-manager on conflicts. Can be used to remove the "exported_namespace" label for example. | `false`                                    |
   120  | `podAnnotations`                                              | Annotations to add to the cert-manager pod                                                                                                                                                                                                                                                                                                                                          | `{}`                                       |
   121  | `deploymentAnnotations`                                       | Annotations to add to the cert-manager deployment                                                                                                                                                                                                                                                                                                                                   | `{}`                                       |
   122  | `podDnsPolicy`                                                | Optional cert-manager pod [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy)                                                                                                                                                                                                                                                    |                                            |
   123  | `podDnsConfig`                                                | Optional cert-manager pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config)                                                                                                                                                                                                                                            |                                            |
   124  | `podLabels`                                                   | Labels to add to the cert-manager pod                                                                                                                                                                                                                                                                                                                                               | `{}`                                       |
   125  | `serviceLabels`                                               | Labels to add to the cert-manager controller service                                                                                                                                                                                                                                                                                                                                | `{}`                                       |
   126  | `serviceAnnotations`                                          | Annotations to add to the cert-manager service                                                                                                                                                                                                                                                                                                                                      | `{}`                                       |
   127  | `http_proxy`                                                  | Value of the `HTTP_PROXY` environment variable in the cert-manager pod                                                                                                                                                                                                                                                                                                              |                                            |
   128  | `https_proxy`                                                 | Value of the `HTTPS_PROXY` environment variable in the cert-manager pod                                                                                                                                                                                                                                                                                                             |                                            |
   129  | `no_proxy`                                                    | Value of the `NO_PROXY` environment variable in the cert-manager pod                                                                                                                                                                                                                                                                                                                |                                            |
   130  | `webhook.replicaCount`                                        | Number of cert-manager webhook replicas                                                                                                                                                                                                                                                                                                                                             | `1`                                        |
   131  | `webhook.timeoutSeconds`                                      | Seconds the API server should wait the webhook to respond before treating the call as a failure.                                                                                                                                                                                                                                                                                    | `10`                                       |
   132  | `webhook.podAnnotations`                                      | Annotations to add to the webhook pods                                                                                                                                                                                                                                                                                                                                              | `{}`                                       |
   133  | `webhook.podLabels`                                           | Labels to add to the cert-manager webhook pod                                                                                                                                                                                                                                                                                                                                       | `{}`                                       |
   134  | `webhook.serviceLabels`                                       | Labels to add to the cert-manager webhook service                                                                                                                                                                                                                                                                                                                                   | `{}`                                       |
   135  | `webhook.deploymentAnnotations`                               | Annotations to add to the webhook deployment                                                                                                                                                                                                                                                                                                                                        | `{}`                                       |
   136  | `webhook.mutatingWebhookConfigurationAnnotations`             | Annotations to add to the mutating webhook configuration                                                                                                                                                                                                                                                                                                                            | `{}`                                       |
   137  | `webhook.validatingWebhookConfigurationAnnotations`           | Annotations to add to the validating webhook configuration                                                                                                                                                                                                                                                                                                                          | `{}`                                       |
   138  | `webhook.serviceAnnotations`                                  | Annotations to add to the webhook service                                                                                                                                                                                                                                                                                                                                           | `{}`                                       |
   139  | `webhook.config`                                              | WebhookConfiguration YAML used to configure flags for the webhook. Generates a ConfigMap containing contents of the field. See `values.yaml` for example.                                                                                                                                                                                                                           | `{}`                                       |
   140  | `webhook.extraArgs`                                           | Optional flags for cert-manager webhook component                                                                                                                                                                                                                                                                                                                                   | `[]`                                       |
   141  | `webhook.serviceAccount.create`                               | If `true`, create a new service account for the webhook component                                                                                                                                                                                                                                                                                                                   | `true`                                     |
   142  | `webhook.serviceAccount.name`                                 | Service account for the webhook component to be used. If not set and `webhook.serviceAccount.create` is `true`, a name is generated using the fullname template                                                                                                                                                                                                                     |                                            |
   143  | `webhook.serviceAccount.annotations`                          | Annotations to add to the service account for the webhook component                                                                                                                                                                                                                                                                                                                 |                                            |
   144  | `webhook.serviceAccount.automountServiceAccountToken`         | Automount API credentials for the webhook Service Account                                                                                                                                                                                                                                                                                                                           |                                            |
   145  | `webhook.resources`                                           | CPU/memory resource requests/limits for the webhook pods                                                                                                                                                                                                                                                                                                                            | `{}`                                       |
   146  | `webhook.nodeSelector`                                        | Node labels for webhook pod assignment                                                                                                                                                                                                                                                                                                                                              | `{}`                                       |
   147  | `webhook.affinity`                                            | Node affinity for webhook pod assignment                                                                                                                                                                                                                                                                                                                                            | `{}`                                       |
   148  | `webhook.tolerations`                                         | Node tolerations for webhook pod assignment                                                                                                                                                                                                                                                                                                                                         | `[]`                                       |
   149  | `webhook.image.repository`                                    | Webhook image repository                                                                                                                                                                                                                                                                                                                                                            | `quay.io/jetstack/cert-manager-webhook`    |
   150  | `webhook.image.tag`                                           | Webhook image tag                                                                                                                                                                                                                                                                                                                                                                   | `v1.9.1`                                   |
   151  | `webhook.image.pullPolicy`                                    | Webhook image pull policy                                                                                                                                                                                                                                                                                                                                                           | `IfNotPresent`                             |
   152  | `webhook.securePort`                                          | The port that the webhook should listen on for requests.                                                                                                                                                                                                                                                                                                                            | `10250`                                    |
   153  | `webhook.securityContext`                                     | Security context for webhook pod assignment                                                                                                                                                                                                                                                                                                                                         | `{}`                                       |
   154  | `webhook.containerSecurityContext`                            | Security context to be set on the webhook component container                                                                                                                                                                                                                                                                                                                       | `{}`                                       |
   155  | `webhook.hostNetwork`                                         | If `true`, run the Webhook on the host network.                                                                                                                                                                                                                                                                                                                                     | `false`                                    |
   156  | `webhook.serviceType`                                         | The type of the `Service`.                                                                                                                                                                                                                                                                                                                                                          | `ClusterIP`                                |
   157  | `webhook.loadBalancerIP`                                      | The specific load balancer IP to use (when `serviceType` is `LoadBalancer`).                                                                                                                                                                                                                                                                                                        |                                            |
   158  | `webhook.url.host`                                            | The host to use to reach the webhook, instead of using internal cluster DNS for the service.                                                                                                                                                                                                                                                                                        |                                            |
   159  | `webhook.livenessProbe.failureThreshold`                      | The liveness probe failure threshold                                                                                                                                                                                                                                                                                                                                                | `3`                                        |
   160  | `webhook.livenessProbe.initialDelaySeconds`                   | The liveness probe initial delay (in seconds)                                                                                                                                                                                                                                                                                                                                       | `60`                                       |
   161  | `webhook.livenessProbe.periodSeconds`                         | The liveness probe period (in seconds)                                                                                                                                                                                                                                                                                                                                              | `10`                                       |
   162  | `webhook.livenessProbe.successThreshold`                      | The liveness probe success threshold                                                                                                                                                                                                                                                                                                                                                | `1`                                        |
   163  | `webhook.livenessProbe.timeoutSeconds`                        | The liveness probe timeout (in seconds)                                                                                                                                                                                                                                                                                                                                             | `1`                                        |
   164  | `webhook.readinessProbe.failureThreshold`                     | The readiness probe failure threshold                                                                                                                                                                                                                                                                                                                                               | `3`                                        |
   165  | `webhook.readinessProbe.initialDelaySeconds`                  | The readiness probe initial delay (in seconds)                                                                                                                                                                                                                                                                                                                                      | `5`                                        |
   166  | `webhook.readinessProbe.periodSeconds`                        | The readiness probe period (in seconds)                                                                                                                                                                                                                                                                                                                                             | `5`                                        |
   167  | `webhook.readinessProbe.successThreshold`                     | The readiness probe success threshold                                                                                                                                                                                                                                                                                                                                               | `1`                                        |
   168  | `webhook.readinessProbe.timeoutSeconds`                       | The readiness probe timeout (in seconds)                                                                                                                                                                                                                                                                                                                                            | `1`                                        |
   169  | `cainjector.enabled`                                          | Toggles whether the cainjector component should be installed (required for the webhook component to work)                                                                                                                                                                                                                                                                           | `true`                                     |
   170  | `cainjector.replicaCount`                                     | Number of cert-manager cainjector replicas                                                                                                                                                                                                                                                                                                                                          | `1`                                        |
   171  | `cainjector.podAnnotations`                                   | Annotations to add to the cainjector pods                                                                                                                                                                                                                                                                                                                                           | `{}`                                       |
   172  | `cainjector.podLabels`                                        | Labels to add to the cert-manager cainjector pod                                                                                                                                                                                                                                                                                                                                    | `{}`                                       |
   173  | `cainjector.deploymentAnnotations`                            | Annotations to add to the cainjector deployment                                                                                                                                                                                                                                                                                                                                     | `{}`                                       |
   174  | `cainjector.extraArgs`                                        | Optional flags for cert-manager cainjector component                                                                                                                                                                                                                                                                                                                                | `[]`                                       |
   175  | `cainjector.serviceAccount.create`                            | If `true`, create a new service account for the cainjector component                                                                                                                                                                                                                                                                                                                | `true`                                     |
   176  | `cainjector.serviceAccount.name`                              | Service account for the cainjector component to be used. If not set and `cainjector.serviceAccount.create` is `true`, a name is generated using the fullname template                                                                                                                                                                                                               |                                            |
   177  | `cainjector.serviceAccount.annotations`                       | Annotations to add to the service account for the cainjector component                                                                                                                                                                                                                                                                                                              |                                            |
   178  | `cainjector.serviceAccount.automountServiceAccountToken`      | Automount API credentials for the cainjector Service Account                                                                                                                                                                                                                                                                                                                        | `true`                                     |
   179  | `cainjector.resources`                                        | CPU/memory resource requests/limits for the cainjector pods                                                                                                                                                                                                                                                                                                                         | `{}`                                       |
   180  | `cainjector.nodeSelector`                                     | Node labels for cainjector pod assignment                                                                                                                                                                                                                                                                                                                                           | `{}`                                       |
   181  | `cainjector.affinity`                                         | Node affinity for cainjector pod assignment                                                                                                                                                                                                                                                                                                                                         | `{}`                                       |
   182  | `cainjector.tolerations`                                      | Node tolerations for cainjector pod assignment                                                                                                                                                                                                                                                                                                                                      | `[]`                                       |
   183  | `cainjector.image.repository`                                 | cainjector image repository                                                                                                                                                                                                                                                                                                                                                         | `quay.io/jetstack/cert-manager-cainjector` |
   184  | `cainjector.image.tag`                                        | cainjector image tag                                                                                                                                                                                                                                                                                                                                                                | `v1.9.1`                                   |
   185  | `cainjector.image.pullPolicy`                                 | cainjector image pull policy                                                                                                                                                                                                                                                                                                                                                        | `IfNotPresent`                             |
   186  | `cainjector.securityContext`                                  | Security context for cainjector pod assignment                                                                                                                                                                                                                                                                                                                                      | `{}`                                       |
   187  | `cainjector.containerSecurityContext`                         | Security context to be set on cainjector component container                                                                                                                                                                                                                                                                                                                        | `{}`                                       |
   188  | `startupapicheck.enabled`                                     | Toggles whether the startupapicheck Job should be installed                                                                                                                                                                                                                                                                                                                         | `true`                                     |
   189  | `startupapicheck.securityContext`                             | Pod Security Context to be set on the startupapicheck component Pod                                                                                                                                                                                                                                                                                                                 | `{}`                                       |
   190  | `startupapicheck.timeout`                                     | Timeout for 'kubectl check api' command                                                                                                                                                                                                                                                                                                                                             | `1m`                                       |
   191  | `startupapicheck.backoffLimit`                                | Job backoffLimit                                                                                                                                                                                                                                                                                                                                                                    | `4`                                        |
   192  | `startupapicheck.jobAnnotations`                              | Optional additional annotations to add to the startupapicheck Job                                                                                                                                                                                                                                                                                                                   | `{}`                                       |
   193  | `startupapicheck.podAnnotations`                              | Optional additional annotations to add to the startupapicheck Pods                                                                                                                                                                                                                                                                                                                  | `{}`                                       |
   194  | `startupapicheck.extraArgs`                                   | Optional additional arguments for startupapicheck                                                                                                                                                                                                                                                                                                                                   | `[]`                                       |
   195  | `startupapicheck.resources`                                   | CPU/memory resource requests/limits for the startupapicheck pod                                                                                                                                                                                                                                                                                                                     | `{}`                                       |
   196  | `startupapicheck.nodeSelector`                                | Node labels for startupapicheck pod assignment                                                                                                                                                                                                                                                                                                                                      | `{}`                                       |
   197  | `startupapicheck.affinity`                                    | Node affinity for startupapicheck pod assignment                                                                                                                                                                                                                                                                                                                                    | `{}`                                       |
   198  | `startupapicheck.tolerations`                                 | Node tolerations for startupapicheck pod assignment                                                                                                                                                                                                                                                                                                                                 | `[]`                                       |
   199  | `startupapicheck.podLabels`                                   | Optional additional labels to add to the startupapicheck Pods                                                                                                                                                                                                                                                                                                                       | `{}`                                       |
   200  | `startupapicheck.image.repository`                            | startupapicheck image repository                                                                                                                                                                                                                                                                                                                                                    | `quay.io/jetstack/cert-manager-ctl`        |
   201  | `startupapicheck.image.tag`                                   | startupapicheck image tag                                                                                                                                                                                                                                                                                                                                                           | `v1.9.1`                                   |
   202  | `startupapicheck.image.pullPolicy`                            | startupapicheck image pull policy                                                                                                                                                                                                                                                                                                                                                   | `IfNotPresent`                             |
   203  | `startupapicheck.serviceAccount.create`                       | If `true`, create a new service account for the startupapicheck component                                                                                                                                                                                                                                                                                                           | `true`                                     |
   204  | `startupapicheck.serviceAccount.name`                         | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template                                                                                                                                                                                                     |                                            |
   205  | `startupapicheck.serviceAccount.annotations`                  | Annotations to add to the service account for the startupapicheck component                                                                                                                                                                                                                                                                                                         |                                            |
   206  | `startupapicheck.serviceAccount.automountServiceAccountToken` | Automount API credentials for the startupapicheck Service Account                                                                                                                                                                                                                                                                                                                   | `true`                                     |
   207  
   208  Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
   209  
   210  Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
   211  
   212  ```console
   213  $ helm install my-release -f values.yaml .
   214  ```
   215  
   216  > **Tip**: You can use the default [values.yaml](https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml)
   217  
   218  ## Contributing
   219  
   220  This chart is maintained at [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager).