Skip to main content
Version: 4.20.x.x Java 8 ELS

Configuration Properties in the nevisoperator.yml File

The properties on this page apply to the nevisOperator application. To configure Nevis functionality and components, such as nevisProxy and nevisAuth, see the Nevis Configuration Guide. You configure the settings that influence the behavior of the nevisOperator application by editing the nevisoperator ConfigMap in the namespace where it resides. The table below lists all currently supported settings.

Nested format

Due to the nature of YAML, you have to convert the properties to nested format.

Property NameDefaultDescription
image-prefix-The prefix to use when getting the image from the docker registry. Docker images are pulled using <registry>/<image-prefix>/<image-name>.
container-registry-Name of the container registry from which to pull all images.
container-registry-secret.nameThe name of the secret containing the docker credentials If the registry needs credentials to be accessed, for more information see Create a Secret by providing credentials on the command line.
csr-default-values.common-nameDefault common name used for the created certificates.
csr-default-values.countryDefault country used for the created certificates.
csr-default-values.provinceDefault province used for the created certificates.
csr-default-values.localityDefault locality used for the created certificates.
csr-default-values.organizationDefault organization used for the created certificates.
csr-default-values.organizational-unitDefault organization-unit used for the created certificates.
csr-default-values.email-addressDefault email used for the created certificates.
key-management.cert-manager.issuer.nameName of the cert-manager issuer to be used for creating the certificates.
key-management.cert-manager.issuer.namespaceNamespace of the cert-manager issuer to be used for creating the certificates. Should be used if it's an Issuer and not a Clusterissuer
key-management.cert-manager.signing-ca-secret.nameName of the secret containing the ca of the cert-manager issuer.
key-management.cert-manager.signing-ca-secret.namespaceNamespace of the secret containing the ca of the cert-manager issuer.
key-management.cert-manager.certificate-duration8760hThe duration of created certificate.
key-management.cert-manager.approve-crtrueWhether to approve the cert-manager certificate request.
debug-featuresfalseEnables debug features for certificate management such as writing the CSR file to the file system
restrict-namespacesRestricts nevisOperator to watch only a list of namespaces. The nevisOperator only has access to the defined namespaces.
ingress-classIngress class of the controller, see: http://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/.
cluster-issuerletsencrypt-prodClusterIssuer that handles the certificate creation for the Ingress.
cluster-issuer-annotationcertmanager.k8s.io/cluster-issuercert-manager.io/cluster-issuerAnnotation to specify the ClusterIssuer on the Ingress. By default, both ClusterIssuerannotations are used for backwards compatibility. Specify if an Issueris used instead.

An example ConfigMap with the nevisoperator.yml:

apiVersion: v1
data:
nevisoperator.yml: |
image-prefix: nevis
container-registry: <registryname>.azurecr.io
key-temp-storage-path: /tmp/
csr-default-values:
country: CH
province: Zurich
locality: Zurich
organization: "Nevis Security AG"
organizational-unit: Nevis
email-address: [email protected]
key-management:
cert-manager:
issuer:
name: ca-issuer
signing-ca-secret:
name: ca-root-secret
namespace: cert-manager
restrict-namespaces:
- cert-manager
- user100
- default