aws-privateca-issuer
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# +docs:section=AWS Private CA Issuer
2
3
# Number of replicas to run of the issuer
4
replicaCount: 2
5
image:
6
# Image repository
7
repository: cgr.dev/chainguard-private/aws-privateca-issuer
8
# Image pull policy
9
pullPolicy: IfNotPresent
10
# Image tag
11
tag: latest@sha256:3af2dad3e4a5dfb4ee17c063436089d150a443590bae2349da4eaa63f0924872
12
# Disable waiting for CertificateRequests to be Approved before signing
13
disableApprovedCheck: false
14
# Disables Kubernetes client-side rate limiting (only use if API Priority & Fairness is enabled on the cluster).
15
disableClientSideRateLimiting: false
16
# Optional secrets used for pulling the container image
17
#
18
# For example:
19
# imagePullSecrets:
20
# - name: secret-name
21
imagePullSecrets: []
22
# Override the name of the objects created by this chart
23
nameOverride: ""
24
# Override the name of the objects created by this chart
25
fullnameOverride: ""
26
# Number deployment revisions to keep
27
revisionHistoryLimit: 10
28
serviceAccount:
29
# Specifies whether a service account should be created
30
create: true
31
# Annotations to add to the service account
32
annotations: {}
33
# The name of the service account to use.
34
# If not set and create is true, a name is generated using the fullname template
35
name: ""
36
rbac:
37
# Specifies whether RBAC should be created
38
create: true
39
service:
40
# Type of service to create
41
type: ClusterIP
42
# Port the service should listen on
43
port: 8080
44
# Annotations to add to the issuer Pod
45
podAnnotations: {}
46
# Pod security context
47
# +docs:property
48
podSecurityContext:
49
runAsUser: 65532
50
# Container security context
51
# +docs:property
52
securityContext:
53
allowPrivilegeEscalation: false
54
# Kubernetes pod resources requests/limits
55
#+docs:property
56
resources:
57
limits:
58
cpu: 50m
59
memory: 64Mi
60
requests:
61
cpu: 50m
62
memory: 64Mi
63
# Kubernetes node selector: node labels for pod assignment
64
nodeSelector: {}
65
# Kubernetes pod tolerations for cert-manager-csi-driver
66
#
67
# For example:
68
# tolerations:
69
# - operator: "Exists"
70
tolerations: []
71
# A Kubernetes Affinity; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core
72
#
73
# For example:
74
# affinity:
75
# nodeAffinity:
76
# requiredDuringSchedulingIgnoredDuringExecution:
77
# nodeSelectorTerms:
78
# - matchExpressions:
79
# - key: foo.bar.com/role
80
# operator: In
81
# values:
82
# - master
83
#+docs:property
84
affinity:
85
nodeAffinity:
86
requiredDuringSchedulingIgnoredDuringExecution:
87
nodeSelectorTerms:
88
- matchExpressions:
89
- key: kubernetes.io/os
90
operator: In
91
values:
92
- linux
93
- key: kubernetes.io/arch
94
operator: In
95
values:
96
- amd64
97
- arm64
98
podAntiAffinity:
99
preferredDuringSchedulingIgnoredDuringExecution:
100
- podAffinityTerm:
101
labelSelector:
102
matchExpressions:
103
- key: app.kubernetes.io/name
104
operator: In
105
values:
106
- aws-privateca-issuer
107
topologyKey: kubernetes.io/hostname
108
weight: 100
109
# List of Kubernetes TopologySpreadConstraints; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core
110
#+docs:property
111
topologySpreadConstraints:
112
- maxSkew: 1
113
topologyKey: topology.kubernetes.io/zone
114
whenUnsatisfiable: ScheduleAnyway
115
labelSelector:
116
matchLabels:
117
app.kubernetes.io/name: aws-privateca-issuer
118
# Priority class name for the issuer pods
119
# If specified, this will set the priority class on pods, which can influence scheduling decisions
120
#
121
# For example:
122
# priorityClassName: high-priority
123
priorityClassName: ""
124
# Additional environment variables to set in the Pod
125
# +docs:type=object
126
env:
127
# Additional labels to add to the Pod
128
podLabels: {}
129
# Additional volumes on the operator container.
130
volumes: []
131
# Additional VolumeMounts on the operator container.
132
volumeMounts: []
133
# Extra containers to add to the pod spec in the deployment.
134
extraContainers: []
135
# Configures a disruption budget for the deployment.
136
#
137
# Expects input structure similar to https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudgetspec-v1-policy
138
# WITHOUT the pod selector, which is handled by the chart.
139
# Per https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudgetspec-v1-policy, `maxUnavailable` is mutually
140
# exclusive with `minAvailable`, you cannot set both.
141
#
142
# For example:
143
# podDisruptionBudget:
144
# maxUnavailable: 1
145
#
146
# Or:
147
# podDisruptionBudget:
148
# minAvailable: 1
149
#
150
# But NOT:
151
# podDisruptionBudget:
152
# minAvailable: 1
153
# maxUnavailable: 1
154
podDisruptionBudget:
155
maxUnavailable: 1
156
# +docs:section=Autoscaling
157
autoscaling:
158
# Enable auto scaling using a HorizontalPodAutoscaler
159
enabled: false
160
# Minimum number of replicas to deploy
161
minReplicas: 1
162
# Maximum number of replicas to deploy
163
maxReplicas: 100
164
# CPU threshold to scale at as a percentage of the requested CPUs
165
targetCPUUtilizationPercentage: 80
166
# Memory threshold to scale at as a percentage of the requested memory
167
# +docs:property
168
# targetMemoryUtilizationPercentage: 80
169
# +docs:section=Approver Role
170
# Options for configuring a target ServiceAccount with the role to approve
171
# all awspca.cert-manager.io requests.
172
approverRole:
173
# Create the ClusterRole to allow the issuer to approve certificate requests
174
enabled: true
175
# Service account give approval permission
176
serviceAccountName: cert-manager
177
# Namespace the service account resides in
178
namespace: cert-manager
179
# +docs:section=Monitoring
180
serviceMonitor:
181
# Create Prometheus ServiceMonitor
182
create: false
183
# Annotations to add to the Prometheus ServiceMonitor
184
annotations: {}
185
# Labels to add to the Prometheus ServiceMonitor
186
labels: {}
187
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.