Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
cert-manager/deploy/charts/cert-manager/values.yaml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
689 lines (553 sloc)
21.7 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Default values for cert-manager. | |
| # This is a YAML-formatted file. | |
| # Declare variables to be passed into your templates. | |
| global: | |
| # Reference to one or more secrets to be used when pulling images | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | |
| imagePullSecrets: [] | |
| # - name: "image-pull-secret" | |
| # Labels to apply to all resources | |
| # Please note that this does not add labels to the resources created dynamically by the controllers. | |
| # For these resources, you have to add the labels in the template in the cert-manager custom resource: | |
| # eg. podTemplate/ ingressTemplate in ACMEChallengeSolverHTTP01Ingress | |
| # ref: https://cert-manager.io/docs/reference/api-docs/#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress | |
| # eg. secretTemplate in CertificateSpec | |
| # ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec | |
| commonLabels: {} | |
| # team_name: dev | |
| # Optional priority class to be used for the cert-manager pods | |
| priorityClassName: "" | |
| rbac: | |
| create: true | |
| # Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles | |
| aggregateClusterRoles: true | |
| podSecurityPolicy: | |
| enabled: false | |
| useAppArmor: true | |
| # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. | |
| logLevel: 2 | |
| leaderElection: | |
| # Override the namespace used for the leader election lease | |
| namespace: "kube-system" | |
| # The duration that non-leader candidates will wait after observing a | |
| # leadership renewal until attempting to acquire leadership of a led but | |
| # unrenewed leader slot. This is effectively the maximum duration that a | |
| # leader can be stopped before it is replaced by another candidate. | |
| # leaseDuration: 60s | |
| # The interval between attempts by the acting master to renew a leadership | |
| # slot before it stops leading. This must be less than or equal to the | |
| # lease duration. | |
| # renewDeadline: 40s | |
| # The duration the clients should wait between attempting acquisition and | |
| # renewal of a leadership. | |
| # retryPeriod: 15s | |
| installCRDs: false | |
| replicaCount: 1 | |
| strategy: {} | |
| # type: RollingUpdate | |
| # rollingUpdate: | |
| # maxSurge: 0 | |
| # maxUnavailable: 1 | |
| podDisruptionBudget: | |
| enabled: false | |
| minAvailable: 1 | |
| # maxUnavailable: 1 | |
| # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) | |
| # or a percentage value (e.g. 25%) | |
| # Comma separated list of feature gates that should be enabled on the | |
| # controller pod & webhook pod. | |
| featureGates: "" | |
| # The maximum number of challenges that can be scheduled as 'processing' at once | |
| maxConcurrentChallenges: 60 | |
| image: | |
| repository: quay.io/jetstack/cert-manager-controller | |
| # You can manage a registry with | |
| # registry: quay.io | |
| # repository: jetstack/cert-manager-controller | |
| # Override the image tag to deploy by setting this variable. | |
| # If no value is set, the chart's appVersion will be used. | |
| # tag: canary | |
| # Setting a digest will override any tag | |
| # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 | |
| pullPolicy: IfNotPresent | |
| # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer | |
| # resources. By default, the same namespace as cert-manager is deployed within is | |
| # used. This namespace will not be automatically created by the Helm chart. | |
| clusterResourceNamespace: "" | |
| # This namespace allows you to define where the services will be installed into | |
| # if not set then they will use the namespace of the release | |
| # This is helpful when installing cert manager as a chart dependency (sub chart) | |
| namespace: "" | |
| serviceAccount: | |
| # Specifies whether a service account should be created | |
| create: true | |
| # The name of the service account to use. | |
| # If not set and create is true, a name is generated using the fullname template | |
| # name: "" | |
| # Optional additional annotations to add to the controller's ServiceAccount | |
| # annotations: {} | |
| # Automount API credentials for a Service Account. | |
| # Optional additional labels to add to the controller's ServiceAccount | |
| # labels: {} | |
| automountServiceAccountToken: true | |
| # Automounting API credentials for a particular pod | |
| # automountServiceAccountToken: true | |
| # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted | |
| enableCertificateOwnerRef: false | |
| # Setting Nameservers for DNS01 Self Check | |
| # See: https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check | |
| # Comma separated string with host and port of the recursive nameservers cert-manager should query | |
| dns01RecursiveNameservers: "" | |
| # Forces cert-manager to only use the recursive nameservers for verification. | |
| # Enabling this option could cause the DNS01 self check to take longer due to caching performed by the recursive nameservers | |
| dns01RecursiveNameserversOnly: false | |
| # Additional command line flags to pass to cert-manager controller binary. | |
| # To see all available flags run docker run quay.io/jetstack/cert-manager-controller:<version> --help | |
| extraArgs: [] | |
| # Use this flag to enable or disable arbitrary controllers, for example, disable the CertificiateRequests approver | |
| # - --controllers=*,-certificaterequests-approver | |
| extraEnv: [] | |
| # - name: SOME_VAR | |
| # value: 'some value' | |
| resources: {} | |
| # requests: | |
| # cpu: 10m | |
| # memory: 32Mi | |
| # Pod Security Context | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| securityContext: | |
| runAsNonRoot: true | |
| seccompProfile: | |
| type: RuntimeDefault | |
| # Container Security Context to be set on the controller component container | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| containerSecurityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| # readOnlyRootFilesystem: true | |
| # runAsNonRoot: true | |
| volumes: [] | |
| volumeMounts: [] | |
| # Optional additional annotations to add to the controller Deployment | |
| # deploymentAnnotations: {} | |
| # Optional additional annotations to add to the controller Pods | |
| # podAnnotations: {} | |
| podLabels: {} | |
| # Optional annotations to add to the controller Service | |
| # serviceAnnotations: {} | |
| # Optional additional labels to add to the controller Service | |
| # serviceLabels: {} | |
| # Optional DNS settings, useful if you have a public and private DNS zone for | |
| # the same domain on Route 53. What follows is an example of ensuring | |
| # cert-manager can access an ingress or DNS TXT records at all times. | |
| # NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for | |
| # the cluster to work. | |
| # podDnsPolicy: "None" | |
| # podDnsConfig: | |
| # nameservers: | |
| # - "1.1.1.1" | |
| # - "8.8.8.8" | |
| nodeSelector: | |
| kubernetes.io/os: linux | |
| ingressShim: {} | |
| # defaultIssuerName: "" | |
| # defaultIssuerKind: "" | |
| # defaultIssuerGroup: "" | |
| prometheus: | |
| enabled: true | |
| servicemonitor: | |
| enabled: false | |
| prometheusInstance: default | |
| targetPort: 9402 | |
| path: /metrics | |
| interval: 60s | |
| scrapeTimeout: 30s | |
| labels: {} | |
| annotations: {} | |
| honorLabels: false | |
| # Use these variables to configure the HTTP_PROXY environment variables | |
| # http_proxy: "http://proxy:8080" | |
| # https_proxy: "https://proxy:8080" | |
| # no_proxy: 127.0.0.1,localhost | |
| # A Kubernetes Affinty, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core | |
| # for example: | |
| # affinity: | |
| # nodeAffinity: | |
| # requiredDuringSchedulingIgnoredDuringExecution: | |
| # nodeSelectorTerms: | |
| # - matchExpressions: | |
| # - key: foo.bar.com/role | |
| # operator: In | |
| # values: | |
| # - master | |
| affinity: {} | |
| # A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core | |
| # for example: | |
| # tolerations: | |
| # - key: foo.bar.com/role | |
| # operator: Equal | |
| # value: master | |
| # effect: NoSchedule | |
| tolerations: [] | |
| # A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core | |
| # for example: | |
| # topologySpreadConstraints: | |
| # - maxSkew: 2 | |
| # topologyKey: topology.kubernetes.io/zone | |
| # whenUnsatisfiable: ScheduleAnyway | |
| # labelSelector: | |
| # matchLabels: | |
| # app.kubernetes.io/instance: cert-manager | |
| # app.kubernetes.io/component: controller | |
| topologySpreadConstraints: [] | |
| # LivenessProbe settings for the controller container of the controller Pod. | |
| # | |
| # Disabled by default, because the controller has a leader election mechanism | |
| # which should cause it to exit if it is unable to renew its leader election | |
| # record. | |
| # LivenessProbe durations and thresholds are based on those used for the Kubernetes | |
| # controller-manager. See: | |
| # https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245 | |
| livenessProbe: | |
| enabled: false | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| timeoutSeconds: 15 | |
| successThreshold: 1 | |
| failureThreshold: 8 | |
| webhook: | |
| replicaCount: 1 | |
| timeoutSeconds: 10 | |
| # Used to configure options for the webhook pod. | |
| # This allows setting options that'd usually be provided via flags. | |
| # An APIVersion and Kind must be specified in your values.yaml file. | |
| # Flags will override options that are set here. | |
| config: | |
| # apiVersion: webhook.config.cert-manager.io/v1alpha1 | |
| # kind: WebhookConfiguration | |
| # The port that the webhook should listen on for requests. | |
| # In GKE private clusters, by default kubernetes apiservers are allowed to | |
| # talk to the cluster nodes only on 443 and 10250. so configuring | |
| # securePort: 10250, will work out of the box without needing to add firewall | |
| # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. | |
| # This should be uncommented and set as a default by the chart once we graduate | |
| # the apiVersion of WebhookConfiguration past v1alpha1. | |
| # securePort: 10250 | |
| strategy: {} | |
| # type: RollingUpdate | |
| # rollingUpdate: | |
| # maxSurge: 0 | |
| # maxUnavailable: 1 | |
| # Pod Security Context to be set on the webhook component Pod | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| securityContext: | |
| runAsNonRoot: true | |
| seccompProfile: | |
| type: RuntimeDefault | |
| podDisruptionBudget: | |
| enabled: false | |
| minAvailable: 1 | |
| # maxUnavailable: 1 | |
| # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) | |
| # or a percentage value (e.g. 25%) | |
| # Container Security Context to be set on the webhook component container | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| containerSecurityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| # readOnlyRootFilesystem: true | |
| # runAsNonRoot: true | |
| # Optional additional annotations to add to the webhook Deployment | |
| # deploymentAnnotations: {} | |
| # Optional additional annotations to add to the webhook Pods | |
| # podAnnotations: {} | |
| # Optional additional annotations to add to the webhook Service | |
| # serviceAnnotations: {} | |
| # Optional additional annotations to add to the webhook MutatingWebhookConfiguration | |
| # mutatingWebhookConfigurationAnnotations: {} | |
| # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration | |
| # validatingWebhookConfigurationAnnotations: {} | |
| # Additional command line flags to pass to cert-manager webhook binary. | |
| # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook:<version> --help | |
| extraArgs: [] | |
| # Path to a file containing a WebhookConfiguration object used to configure the webhook | |
| # - --config=<path-to-config-file> | |
| resources: {} | |
| # requests: | |
| # cpu: 10m | |
| # memory: 32Mi | |
| ## Liveness and readiness probe values | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes | |
| ## | |
| livenessProbe: | |
| failureThreshold: 3 | |
| initialDelaySeconds: 60 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 1 | |
| readinessProbe: | |
| failureThreshold: 3 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| successThreshold: 1 | |
| timeoutSeconds: 1 | |
| nodeSelector: | |
| kubernetes.io/os: linux | |
| affinity: {} | |
| tolerations: [] | |
| topologySpreadConstraints: [] | |
| # Optional additional labels to add to the Webhook Pods | |
| podLabels: {} | |
| # Optional additional labels to add to the Webhook Service | |
| serviceLabels: {} | |
| image: | |
| repository: quay.io/jetstack/cert-manager-webhook | |
| # You can manage a registry with | |
| # registry: quay.io | |
| # repository: jetstack/cert-manager-webhook | |
| # Override the image tag to deploy by setting this variable. | |
| # If no value is set, the chart's appVersion will be used. | |
| # tag: canary | |
| # Setting a digest will override any tag | |
| # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 | |
| pullPolicy: IfNotPresent | |
| serviceAccount: | |
| # Specifies whether a service account should be created | |
| create: true | |
| # The name of the service account to use. | |
| # If not set and create is true, a name is generated using the fullname template | |
| # name: "" | |
| # Optional additional annotations to add to the controller's ServiceAccount | |
| # annotations: {} | |
| # Optional additional labels to add to the webhook's ServiceAccount | |
| # labels: {} | |
| # Automount API credentials for a Service Account. | |
| automountServiceAccountToken: true | |
| # Automounting API credentials for a particular pod | |
| # automountServiceAccountToken: true | |
| # The port that the webhook should listen on for requests. | |
| # In GKE private clusters, by default kubernetes apiservers are allowed to | |
| # talk to the cluster nodes only on 443 and 10250. so configuring | |
| # securePort: 10250, will work out of the box without needing to add firewall | |
| # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000 | |
| securePort: 10250 | |
| # Specifies if the webhook should be started in hostNetwork mode. | |
| # | |
| # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom | |
| # CNI (such as calico), because control-plane managed by AWS cannot communicate | |
| # with pods' IP CIDR and admission webhooks are not working | |
| # | |
| # Since the default port for the webhook conflicts with kubelet on the host | |
| # network, `webhook.securePort` should be changed to an available port if | |
| # running in hostNetwork mode. | |
| hostNetwork: false | |
| # Specifies how the service should be handled. Useful if you want to expose the | |
| # webhook to outside of the cluster. In some cases, the control plane cannot | |
| # reach internal services. | |
| serviceType: ClusterIP | |
| # loadBalancerIP: | |
| # Overrides the mutating webhook and validating webhook so they reach the webhook | |
| # service using the `url` field instead of a service. | |
| url: {} | |
| # host: | |
| # Enables default network policies for webhooks. | |
| networkPolicy: | |
| enabled: false | |
| ingress: | |
| - from: | |
| - ipBlock: | |
| cidr: 0.0.0.0/0 | |
| egress: | |
| - ports: | |
| - port: 80 | |
| protocol: TCP | |
| - port: 443 | |
| protocol: TCP | |
| - port: 53 | |
| protocol: TCP | |
| - port: 53 | |
| protocol: UDP | |
| # On OpenShift and OKD, the Kubernetes API server listens on | |
| # port 6443. | |
| - port: 6443 | |
| protocol: TCP | |
| to: | |
| - ipBlock: | |
| cidr: 0.0.0.0/0 | |
| volumes: [] | |
| volumeMounts: [] | |
| cainjector: | |
| enabled: true | |
| replicaCount: 1 | |
| strategy: {} | |
| # type: RollingUpdate | |
| # rollingUpdate: | |
| # maxSurge: 0 | |
| # maxUnavailable: 1 | |
| # Pod Security Context to be set on the cainjector component Pod | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| securityContext: | |
| runAsNonRoot: true | |
| seccompProfile: | |
| type: RuntimeDefault | |
| podDisruptionBudget: | |
| enabled: false | |
| minAvailable: 1 | |
| # maxUnavailable: 1 | |
| # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) | |
| # or a percentage value (e.g. 25%) | |
| # Container Security Context to be set on the cainjector component container | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| containerSecurityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| # readOnlyRootFilesystem: true | |
| # runAsNonRoot: true | |
| # Optional additional annotations to add to the cainjector Deployment | |
| # deploymentAnnotations: {} | |
| # Optional additional annotations to add to the cainjector Pods | |
| # podAnnotations: {} | |
| # Additional command line flags to pass to cert-manager cainjector binary. | |
| # To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector:<version> --help | |
| extraArgs: [] | |
| # Enable profiling for cainjector | |
| # - --enable-profiling=true | |
| resources: {} | |
| # requests: | |
| # cpu: 10m | |
| # memory: 32Mi | |
| nodeSelector: | |
| kubernetes.io/os: linux | |
| affinity: {} | |
| tolerations: [] | |
| topologySpreadConstraints: [] | |
| # Optional additional labels to add to the CA Injector Pods | |
| podLabels: {} | |
| image: | |
| repository: quay.io/jetstack/cert-manager-cainjector | |
| # You can manage a registry with | |
| # registry: quay.io | |
| # repository: jetstack/cert-manager-cainjector | |
| # Override the image tag to deploy by setting this variable. | |
| # If no value is set, the chart's appVersion will be used. | |
| # tag: canary | |
| # Setting a digest will override any tag | |
| # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 | |
| pullPolicy: IfNotPresent | |
| serviceAccount: | |
| # Specifies whether a service account should be created | |
| create: true | |
| # The name of the service account to use. | |
| # If not set and create is true, a name is generated using the fullname template | |
| # name: "" | |
| # Optional additional annotations to add to the controller's ServiceAccount | |
| # annotations: {} | |
| # Automount API credentials for a Service Account. | |
| # Optional additional labels to add to the cainjector's ServiceAccount | |
| # labels: {} | |
| automountServiceAccountToken: true | |
| # Automounting API credentials for a particular pod | |
| # automountServiceAccountToken: true | |
| volumes: [] | |
| volumeMounts: [] | |
| acmesolver: | |
| image: | |
| repository: quay.io/jetstack/cert-manager-acmesolver | |
| # You can manage a registry with | |
| # registry: quay.io | |
| # repository: jetstack/cert-manager-acmesolver | |
| # Override the image tag to deploy by setting this variable. | |
| # If no value is set, the chart's appVersion will be used. | |
| # tag: canary | |
| # Setting a digest will override any tag | |
| # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 | |
| # This startupapicheck is a Helm post-install hook that waits for the webhook | |
| # endpoints to become available. | |
| # The check is implemented using a Kubernetes Job- if you are injecting mesh | |
| # sidecar proxies into cert-manager pods, you probably want to ensure that they | |
| # are not injected into this Job's pod. Otherwise the installation may time out | |
| # due to the Job never being completed because the sidecar proxy does not exit. | |
| # See https://github.com/cert-manager/cert-manager/pull/4414 for context. | |
| startupapicheck: | |
| enabled: true | |
| # Pod Security Context to be set on the startupapicheck component Pod | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| securityContext: | |
| runAsNonRoot: true | |
| seccompProfile: | |
| type: RuntimeDefault | |
| # Container Security Context to be set on the controller component container | |
| # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| containerSecurityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| # readOnlyRootFilesystem: true | |
| # runAsNonRoot: true | |
| # Timeout for 'kubectl check api' command | |
| timeout: 1m | |
| # Job backoffLimit | |
| backoffLimit: 4 | |
| # Optional additional annotations to add to the startupapicheck Job | |
| jobAnnotations: | |
| helm.sh/hook: post-install | |
| helm.sh/hook-weight: "1" | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| # Optional additional annotations to add to the startupapicheck Pods | |
| # podAnnotations: {} | |
| # Additional command line flags to pass to startupapicheck binary. | |
| # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl:<version> --help | |
| extraArgs: [] | |
| resources: {} | |
| # requests: | |
| # cpu: 10m | |
| # memory: 32Mi | |
| nodeSelector: | |
| kubernetes.io/os: linux | |
| affinity: {} | |
| tolerations: [] | |
| # Optional additional labels to add to the startupapicheck Pods | |
| podLabels: {} | |
| image: | |
| repository: quay.io/jetstack/cert-manager-ctl | |
| # You can manage a registry with | |
| # registry: quay.io | |
| # repository: jetstack/cert-manager-ctl | |
| # Override the image tag to deploy by setting this variable. | |
| # If no value is set, the chart's appVersion will be used. | |
| # tag: canary | |
| # Setting a digest will override any tag | |
| # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 | |
| pullPolicy: IfNotPresent | |
| rbac: | |
| # annotations for the startup API Check job RBAC and PSP resources | |
| annotations: | |
| helm.sh/hook: post-install | |
| helm.sh/hook-weight: "-5" | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| # Automounting API credentials for a particular pod | |
| # automountServiceAccountToken: true | |
| serviceAccount: | |
| # Specifies whether a service account should be created | |
| create: true | |
| # The name of the service account to use. | |
| # If not set and create is true, a name is generated using the fullname template | |
| # name: "" | |
| # Optional additional annotations to add to the Job's ServiceAccount | |
| annotations: | |
| helm.sh/hook: post-install | |
| helm.sh/hook-weight: "-5" | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| # Automount API credentials for a Service Account. | |
| automountServiceAccountToken: true | |
| # Optional additional labels to add to the startupapicheck's ServiceAccount | |
| # labels: {} | |
| volumes: [] | |
| volumeMounts: [] |