openshift-docs/security/cert_manager_operator/cert-manager-customizing-api-fields.adoc

:_mod-docs-content-type: ASSEMBLY
[id="cert-manager-customizing-api-fields"]
= Customizing the cert-manager Operator by using the CertManager custom resource
include::_attributes/common-attributes.adoc[]
:context: cert-manager-customizing-api-fields

toc::[]

After installing the {cert-manager-operator}, you can perform the following actions by configuring the `CertManager` custom resource (CR):

* Configure the arguments to modify the behavior of the cert-manager components, such as the cert-manager controller, CA injector, and Webhook.
* Set environment variables for the controller pod.
* Define resource requests and limits to manage CPU and memory usage.
* Configure scheduling rules to control where pods run in your cluster.

.Example CertManager CR YAML file
[source,yaml]
----
apiVersion: operator.openshift.io/v1alpha1
kind: CertManager
metadata:
  name: cluster
spec:
  controllerConfig:
    overrideArgs:
      - "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53"
    overrideEnv:
      - name: HTTP_PROXY
        value: http://proxy.example.com:8080
    overrideResources:
      limits:
        cpu: "200m"
        memory: "512Mi"
      requests:
        cpu: "100m"
        memory: "256Mi"
    overrideScheduling:
      nodeSelector:
        custom: "label"
      tolerations:
        - key: "key1"
          operator: "Equal"
          value: "value1"
          effect: "NoSchedule"
    overrideReplicas: 2
#...

  webhookConfig:
    overrideArgs:
#...
    overrideResources:
#...
    overrideScheduling:
#...
    overrideReplicas:
#...

  cainjectorConfig:
    overrideArgs:
#...
    overrideResources:
#...
    overrideScheduling:
#...
    overrideReplicas:
#...
----

[WARNING]
====
To override unsupported arguments, you can add `spec.unsupportedConfigOverrides` section in the `CertManager` resource, but using `spec.unsupportedConfigOverrides` is unsupported.
====

include::modules/cert-manager-explanation-of-certmanager-cr-fields.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-override-flag-controller_cert-manager-customizing-api-fields[Deleting a TLS secret automatically upon Certificate removal]

include::modules/cert-manager-override-environment-variables.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-explanation-of-certmanager-cr-fields_cert-manager-customizing-api-fields[Explanation of fields in the CertManager custom resource]

include::modules/cert-manager-override-arguments.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-explanation-of-certmanager-cr-fields_cert-manager-customizing-api-fields[Explanation of fields in the CertManager custom resource]

include::modules/cert-manager-override-flag-controller.adoc[leveloffset=+1]

include::modules/cert-manager-configure-cpu-memory.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-explanation-of-certmanager-cr-fields_cert-manager-customizing-api-fields[Explanation of fields in the CertManager custom resource]

include::modules/cert-manager-override-scheduling.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-explanation-of-certmanager-cr-fields_cert-manager-customizing-api-fields[Explanation of fields in the CertManager custom resource]