approver-policy image flags
A cert-manager CertificateRequest approver that bases decisions on CertificateRequestPoliciesUsage:approver-policy [flags]App flags:--leader-election-namespace string Namespace to lease leader election for controller replica set.-v, --log-level string Log level (1-5). (default "1")--metrics-bind-address string TCP address for exposing HTTP Prometheus metrics which will be served on the HTTP path '/metrics'. The value "0" willdisable exposing metrics. (default ":9402")--readiness-probe-bind-address string TCP address for exposing the HTTP readiness probe which will be served on the HTTP path '/readyz'. (default ":6060")Webhook flags:--webhook-ca-secret-namespace string Namespace that the cert-manager-approver-policy-tls Secret is stored. (default "cert-manager")--webhook-certificate-dir string Directory where the Webhook certificate and private key are located. Certificate and private key must be named 'tls.crt' and 'tls.key' respectively. (default "/tmp")--webhook-host string Host to serve webhook. (default "0.0.0.0")--webhook-port int Port to serve webhook. (default 6443)--webhook-service-name string Name of the Kubernetes Service that exposes the Webhook's server. (default "cert-manager-approver-policy")Kubernetes flags:--as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace.--as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.--as-uid string UID to impersonate for the operation.--cache-dir string Default cache directory (default "/.kube/cache")--certificate-authority string Path to a cert file for the certificate authority--client-certificate string Path to a client certificate file for TLS--client-key string Path to a client key file for TLS--cluster string The name of the kubeconfig cluster to use--context string The name of the kubeconfig context to use--disable-compression If true, opt-out of response compression for all requests to the server--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure--kubeconfig string Path to the kubeconfig file to use for CLI requests.-n, --namespace string If present, the namespace scope for this CLI request--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")-s, --server string The address and port of the Kubernetes API server--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used--token string Bearer token for authentication to the API server--user string The name of the kubeconfig user to useRego flags:--rego-policy-directory string Directory containing rego policies which will be used for evaluation--rego-replicate strings List of namespaced Kubernetes resource types to replicate. Accepts scoping to namespace. Can be defined multiple times. <group/version/resource[/namespace]>--rego-replicate-cluster strings List of Cluster Scoped Kubernetes resource types to replicate.Can be defined multiple times. <group/version/resource>Venafi flags:--installation-namespace string The namespace in which the 'venafi-connection' service account lives. This is the service account that is used to create JWT tokens for SAs or read credential secrets. (defaults to the namespace in which the controller is running)--venafi-connection-namespace string The namespace where all referenced VenafiConnections live.(defaults to the namespace in which the controller is running)--venafi-policy-cache-duration duration The duration for which downloaded (cached) Venafi policies may be used. (default 1m0s)--venafi-ready-check-interval duration The interval between periodic Ready checks. (default 1h0m0s)
Copy to clipboard