Configuration Properties in the nevisoperator.yml File
The properties on this page apply to the nevisOperator application. To configure Nevis functionality and components, such as nevisProxy and nevisAuth, see the Nevis Configuration Guide. You configure the settings that influence the behavior of the nevisOperator application by editing the nevisoperator ConfigMap in the namespace where it resides. The table below lists all currently supported settings.
Nested format
Due to the nature of YAML, you have to convert the properties to nested format.
Property Name | Default | Description |
---|---|---|
image-prefix | - | The prefix to use when getting the image from the docker registry. Docker images are pulled using <registry>/<image-prefix>/<image-name> . |
container-registry | - | Name of the container registry from which to pull all images. |
container-registry-secret.name | The name of the secret containing the docker credentials If the registry needs credentials to be accessed, for more information see Create a Secret by providing credentials on the command line. | |
csr-default-values.common-name | Default common name used for the created certificates. | |
csr-default-values.country | Default country used for the created certificates. | |
csr-default-values.province | Default province used for the created certificates. | |
csr-default-values.locality | Default locality used for the created certificates. | |
csr-default-values.organization | Default organization used for the created certificates. | |
csr-default-values.organizational-unit | Default organization-unit used for the created certificates. | |
csr-default-values.email-address | Default email used for the created certificates. | |
key-management.cert-manager.issuer.name | Name of the cert-manager issuer to be used for creating the certificates. | |
key-management.cert-manager.issuer.namespace | Namespace of the cert-manager issuer to be used for creating the certificates. Should be used if it's an Issuer and not a Clusterissuer | |
key-management.cert-manager.signing-ca-secret.name | Name of the secret containing the ca of the cert-manager issuer. | |
key-management.cert-manager.signing-ca-secret.namespace | Namespace of the secret containing the ca of the cert-manager issuer. | |
key-management.cert-manager.certificate-duration | 8760h | The duration of created certificate. |
key-management.cert-manager.approve-cr | true | Whether to approve the cert-manager certificate request. |
debug-features | false | Enables debug features for certificate management such as writing the CSR file to the file system |
restrict-namespaces | Restricts nevisOperator to watch only a list of namespaces. The nevisOperator only has access to the defined namespaces. | |
ingress-class | Ingress class of the controller, see: http://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/. | |
cluster-issuer | letsencrypt-prod | ClusterIssuer that handles the certificate creation for the Ingress. |
cluster-issuer-annotation | certmanager.k8s.io/cluster-issuercert-manager.io/cluster-issuer | Annotation to specify the ClusterIssuer on the Ingress. By default, both ClusterIssuerannotations are used for backwards compatibility. Specify if an Issueris used instead. |
An example ConfigMap with the nevisoperator.yml:
apiVersion: v1
data:
nevisoperator.yml: |
image-prefix: nevis
container-registry: <registryname>.azurecr.io
key-temp-storage-path: /tmp/
csr-default-values:
country: CH
province: Zurich
locality: Zurich
organization: "Nevis Security AG"
organizational-unit: Nevis
email-address: [email protected]
key-management:
cert-manager:
issuer:
name: ca-issuer
signing-ca-secret:
name: ca-root-secret
namespace: cert-manager
restrict-namespaces:
- cert-manager
- user100
- default