diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index 1060ce0ab..fd957211c 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -123,6 +123,7 @@ The following table lists the configurable parameters of the cert-manager chart | `podDnsConfig` | Optional cert-manager pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) | | | `podLabels` | Labels to add to the cert-manager pod | `{}` | | `serviceLabels` | Labels to add to the cert-manager controller service | `{}` | +| `serviceAnnotations` | Annotations to add to the cert-manager service | `{}` | | `http_proxy` | Value of the `HTTP_PROXY` environment variable in the cert-manager pod | | | `https_proxy` | Value of the `HTTPS_PROXY` environment variable in the cert-manager pod | | | `no_proxy` | Value of the `NO_PROXY` environment variable in the cert-manager pod | | @@ -134,6 +135,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.deploymentAnnotations` | Annotations to add to the webhook deployment | `{}` | | `webhook.mutatingWebhookConfigurationAnnotations` | Annotations to add to the mutating webhook configuration | `{}` | | `webhook.validatingWebhookConfigurationAnnotations` | Annotations to add to the validating webhook configuration | `{}` | +| `webhook.serviceAnnotations` | Annotations to add to the webhook service | `{}` | | `webhook.extraArgs` | Optional flags for cert-manager webhook component | `[]` | | `webhook.serviceAccount.create` | If `true`, create a new service account for the webhook component | `true` | | `webhook.serviceAccount.name` | Service account for the webhook component to be used. If not set and `webhook.serviceAccount.create` is `true`, a name is generated using the fullname template | | diff --git a/deploy/charts/cert-manager/templates/service.yaml b/deploy/charts/cert-manager/templates/service.yaml index dd206796e..75b02fcc3 100644 --- a/deploy/charts/cert-manager/templates/service.yaml +++ b/deploy/charts/cert-manager/templates/service.yaml @@ -13,6 +13,10 @@ metadata: {{- if .Values.serviceLabels }} {{ toYaml .Values.serviceLabels | indent 4 }} {{- end }} +{{- if .Values.serviceAnnotations }} + annotations: + {{ toYaml .Values.serviceAnnotations | indent 4 }} +{{- end }} spec: type: ClusterIP ports: diff --git a/deploy/charts/cert-manager/templates/webhook-service.yaml b/deploy/charts/cert-manager/templates/webhook-service.yaml index 5fc17de6b..b14ff9eb0 100644 --- a/deploy/charts/cert-manager/templates/webhook-service.yaml +++ b/deploy/charts/cert-manager/templates/webhook-service.yaml @@ -12,6 +12,10 @@ metadata: {{- if .Values.webhook.serviceLabels }} {{ toYaml .Values.webhook.serviceLabels | indent 4 }} {{- end }} +{{- if .Values.webhook.serviceAnnotations }} + annotations: + {{ toYaml .Values.webhook.serviceAnnotations | indent 4 }} +{{- end }} spec: type: {{ .Values.webhook.serviceType }} {{- if .Values.webhook.loadBalancerIP }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 1dd1c29da..d800d4832 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -143,6 +143,9 @@ podLabels: {} # Optional additional labels to add to the controller Service # serviceLabels: {} +# Optional additional annotations to add to the controller service +# serviceAnnotations: {} + # Optional DNS settings, useful if you have a public and private DNS zone for # the same domain on Route 53. What follows is an example of ensuring # cert-manager can access an ingress or DNS TXT records at all times. @@ -235,6 +238,9 @@ webhook: # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration # validatingWebhookConfigurationAnnotations: {} + # Optional additional annotations to add to the webhook service + # serviceAnnotations: {} + # Optional additional arguments for webhook extraArgs: []