Bootstraps the cert-manager Issuers and Certificates that provide Linkerd's mTLS trust anchor and identity issuer PKI. See https://linkerd.io/2/tasks/automatically-rotating-control-plane-tls-credentials/
| Key | Type | Default | Description |
|---|---|---|---|
| certManagerNamespace | string | "cert-manager" |
Namespace where cert-manager is installed. The trust-root Issuer, the trust-anchor Certificate, and its Secret are created here so that only cert-manager has access to the trust anchor's private key. |
| identityIssuer.duration | string | "336h0m0s" |
Validity duration for the identity issuer certificate (default: 2 weeks) |
| identityIssuer.renewBefore | string | "72h0m0s" |
Renewal window for the identity issuer certificate (default: 3 days before expiry) |
| trustAnchor.duration | string | "4380h0m0s" |
Validity duration for the trust anchor certificate (default: ~6 months) |
| trustAnchor.renewBefore | string | "1460h0m0s" |
Renewal window for the trust anchor certificate (default: ~2 months before expiry) |
Autogenerated from chart metadata using helm-docs v1.14.2