adrien/ansible-role-k8s-cert-manager
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

First commit

Browse source
This commit is contained in:
Adrien Reslinger 2019-08-02 23:12:00 +02:00
parent 33faa0bbd0
commit 29a85200b6
45 changed files with 2381 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

300
templates/cert-manager-crd-clusterissuers-0.9.0.yaml Normal file
View file

@ -0,0 +1,300 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: clusterissuers.certmanager.k8s.io
spec:
group: certmanager.k8s.io
names:
kind: ClusterIssuer
plural: clusterissuers
scope: Cluster
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
acme:
properties:
email:
description: Email is the email for this account
type: string
privateKeySecretRef:
description: PrivateKey is the name of a secret containing the private
key for this user account.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
required:
- name
type: object
server:
description: Server is the ACME server URL
type: string
skipTLSVerify:
description: If true, skip verifying the ACME server TLS certificate
type: boolean
solvers:
description: Solvers is a list of challenge solvers that will be
used to solve ACME challenges for the matching domains.
items:
properties:
selector:
description: Selector selects a set of DNSNames on the Certificate
resource that should be solved using this challenge solver.
properties:
dnsNames:
description: List of DNSNames that this solver will be
used to solve. If specified and a match is found, a
dnsNames selector will take precedence over a dnsZones
selector. If multiple solvers match with the same dnsNames
value, the solver with the most matching labels in matchLabels
will be selected. If neither has more matches, the solver
defined earlier in the list will be selected.
items:
type: string
type: array
dnsZones:
description: List of DNSZones that this solver will be
used to solve. The most specific DNS zone match specified
here will take precedence over other DNS zone matches,
so a solver specifying sys.example.com will be selected
over one specifying example.com for the domain www.sys.example.com.
If multiple solvers match with the same dnsZones value,
the solver with the most matching labels in matchLabels
will be selected. If neither has more matches, the solver
defined earlier in the list will be selected.
items:
type: string
type: array
matchLabels:
description: A label selector that is used to refine the
set of certificate's that this challenge solver will
apply to.
type: object
type: object
type: object
type: array
required:
- server
- privateKeySecretRef
type: object
ca:
properties:
secretName:
description: SecretName is the name of the secret used to sign Certificates
issued by this Issuer.
type: string
required:
- secretName
type: object
selfSigned:
type: object
vault:
properties:
auth:
description: Vault authentication
properties:
appRole:
description: This Secret contains a AppRole and Secret
properties:
path:
description: Where the authentication path is mounted in
Vault.
type: string
roleId:
type: string
secretRef:
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
required:
- name
type: object
required:
- path
- roleId
- secretRef
type: object
tokenSecretRef:
description: This Secret contains the Vault token key
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
required:
- name
type: object
type: object
caBundle:
description: Base64 encoded CA bundle to validate Vault server certificate.
Only used if the Server URL is using HTTPS protocol. This parameter
is ignored for plain HTTP protocol connection. If not set the
system root certificates are used to validate the TLS connection.
format: byte
type: string
path:
description: Vault URL path to the certificate role
type: string
server:
description: Server is the vault connection address
type: string
required:
- auth
- server
- path
type: object
venafi:
properties:
cloud:
description: Cloud specifies the Venafi cloud configuration settings.
Only one of TPP or Cloud may be specified.
properties:
apiTokenSecretRef:
description: APITokenSecretRef is a secret key selector for
the Venafi Cloud API token.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
required:
- name
type: object
url:
description: URL is the base URL for Venafi Cloud
type: string
required:
- url
- apiTokenSecretRef
type: object
tpp:
description: TPP specifies Trust Protection Platform configuration
settings. Only one of TPP or Cloud may be specified.
properties:
caBundle:
description: CABundle is a PEM encoded TLS certifiate to use
to verify connections to the TPP instance. If specified, system
roots will not be used and the issuing CA for the TPP instance
must be verifiable using the provided root. If not specified,
the connection will be verified using the cert-manager system
root certificates.
format: byte
type: string
credentialsRef:
description: CredentialsRef is a reference to a Secret containing
the username and password for the TPP server. The secret must
contain two keys, 'username' and 'password'.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
required:
- name
type: object
url:
description: URL is the base URL for the Venafi TPP instance
type: string
required:
- url
- credentialsRef
type: object
zone:
description: Zone is the Venafi Policy Zone to use for this issuer.
All requests made to the Venafi platform will be restricted by
the named zone policy. This field is required.
type: string
required:
- zone
type: object
type: object
status:
properties:
acme:
properties:
lastRegisteredEmail:
description: LastRegisteredEmail is the email associated with the
latest registered ACME account, in order to track changes made
to registered account associated with the Issuer
type: string
uri:
description: URI is the unique account identifier, which can also
be used to retrieve account details from the CA
type: string
type: object
conditions:
items:
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding
to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details
of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for
the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False',
'Unknown').
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: Type of the condition, currently ('Ready').
type: string
required:
- type
- status
type: object
type: array
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []