Story: 2009836 Task: 45655 Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com> Change-Id: I93eb5e8e873c29d01d5311a45c252d481c306243
2.7 KiB
Configure cert-manager at Bootstrap
Both nginx-ingress-controller
and
cert-manager
are packaged as system applications. They are
uploaded and applied, by default at bootstrap time with defaults
appropriate to most use cases, but their configuration can be modified
at bootstrap.
To override the default configuration add an applications section in
$HOME/localhost.yml
, as shown below:
applications:
- usr/local/share/applications/helm/nginx-ingress-controller-{version}.tgz:
overrides:
- chart: appOne-ChartOne
namespace: kube-system
values-path: /home/sysinv/appOne-ChartOne-overrides.yaml
- chart: appOne-ChartTwo
namespace: kube-system
values-path: /home/sysinv/appOne-ChartTwo-overrides.yaml
- /usr/local/share/applications/helm/cert-manager-{version}.tgz:
overrides:
- chart: appTwo-ChartOne
namespace: kube-system
values-path: /home/sysinv/appTwo-ChartOne-overrides.yaml
Note
Semantically, nginx-ingress-controller
and
cert-manager
are mandatory and must be in this order,
otherwise bootstrap fails.
At a high-level, the default configuration for the two mandatory applications is:
nginx-ingress-controller
- Runs as a DaemonSet only on controllers.
- Uses host networking, which means it can use any port numbers.
- Does not change the nginx default ports of 80 and 443.
- Has a default backend.
cert-manager
- Runs as a Deployment only on controllers.
- Runs with a podAntiAffinity rule to prevent multiple pods of deployment from running on the same node.
- The deployment replicaCount is set to 1 for bootstrap.
Note
replicaCount can NOT be changed at bootstrap time. The second controller must be configured and unlocked before replicaCount can be set to 2.
The Helm Chart Values that you can override are described on the following web pages: