This commit is contained in:
parent
ac92e81b52
commit
dd90cd4b37
40 changed files with 19436 additions and 0 deletions
|
|
@ -0,0 +1,565 @@
|
|||
# Source: cert-manager/templates/templates.regular.out
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: certificaterequests.cert-manager.io
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
|
||||
labels:
|
||||
app: 'cert-manager'
|
||||
app.kubernetes.io/name: 'cert-manager'
|
||||
app.kubernetes.io/instance: 'cert-manager'
|
||||
app.kubernetes.io/managed-by: 'Helm'
|
||||
helm.sh/chart: 'cert-manager-v0.16.0'
|
||||
spec:
|
||||
additionalPrinterColumns:
|
||||
- JSONPath: .status.conditions[?(@.type=="Ready")].status
|
||||
name: Ready
|
||||
type: string
|
||||
- JSONPath: .spec.issuerRef.name
|
||||
name: Issuer
|
||||
priority: 1
|
||||
type: string
|
||||
- JSONPath: .status.conditions[?(@.type=="Ready")].message
|
||||
name: Status
|
||||
priority: 1
|
||||
type: string
|
||||
- JSONPath: .metadata.creationTimestamp
|
||||
description: CreationTimestamp is a timestamp representing the server time when
|
||||
this object was created. It is not guaranteed to be set in happens-before order
|
||||
across separate operations. Clients may not set this value. It is represented
|
||||
in RFC3339 form and is in UTC.
|
||||
name: Age
|
||||
type: date
|
||||
group: cert-manager.io
|
||||
preserveUnknownFields: false
|
||||
conversion:
|
||||
# a Webhook strategy instruct API server to call an external webhook for any conversion between custom resources.
|
||||
strategy: Webhook
|
||||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||||
webhookClientConfig:
|
||||
service:
|
||||
namespace: 'cert-manager'
|
||||
name: 'cert-manager-webhook'
|
||||
path: /convert
|
||||
names:
|
||||
kind: CertificateRequest
|
||||
listKind: CertificateRequestList
|
||||
plural: certificaterequests
|
||||
shortNames:
|
||||
- cr
|
||||
- crs
|
||||
singular: certificaterequest
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
versions:
|
||||
- name: v1alpha2
|
||||
served: true
|
||||
storage: true
|
||||
"schema":
|
||||
"openAPIV3Schema":
|
||||
description: "A CertificateRequest is used to request a signed certificate
|
||||
from one of the configured issuers. \n All fields within the CertificateRequest's
|
||||
`spec` are immutable after creation. A CertificateRequest will either succeed
|
||||
or fail, as denoted by its `status.state` field. \n A CertificateRequest
|
||||
is a 'one-shot' resource, meaning it represents a single point in time request
|
||||
for a certificate and cannot be re-used."
|
||||
type: object
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Desired state of the CertificateRequest resource.
|
||||
type: object
|
||||
required:
|
||||
- csr
|
||||
- issuerRef
|
||||
properties:
|
||||
csr:
|
||||
description: The PEM-encoded x509 certificate signing request to be
|
||||
submitted to the CA for signing.
|
||||
type: string
|
||||
format: byte
|
||||
duration:
|
||||
description: The requested 'duration' (i.e. lifetime) of the Certificate.
|
||||
This option may be ignored/overridden by some issuer types.
|
||||
type: string
|
||||
isCA:
|
||||
description: IsCA will request to mark the certificate as valid for
|
||||
certificate signing when submitting to the issuer. This will automatically
|
||||
add the `cert sign` usage to the list of `usages`.
|
||||
type: boolean
|
||||
issuerRef:
|
||||
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
|
||||
the 'kind' field is not set, or set to 'Issuer', an Issuer resource
|
||||
with the given name in the same namespace as the CertificateRequest
|
||||
will be used. If the 'kind' field is set to 'ClusterIssuer', a
|
||||
ClusterIssuer with the provided name will be used. The 'name' field
|
||||
in this stanza is required at all times. The group field refers
|
||||
to the API group of the issuer which defaults to 'cert-manager.io'
|
||||
if empty.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
group:
|
||||
description: Group of the resource being referred to.
|
||||
type: string
|
||||
kind:
|
||||
description: Kind of the resource being referred to.
|
||||
type: string
|
||||
name:
|
||||
description: Name of the resource being referred to.
|
||||
type: string
|
||||
usages:
|
||||
description: Usages is the set of x509 usages that are requested for
|
||||
the certificate. Defaults to `digital signature` and `key encipherment`
|
||||
if not specified.
|
||||
type: array
|
||||
items:
|
||||
description: 'KeyUsage specifies valid usage contexts for keys.
|
||||
See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
||||
Valid KeyUsage values are as follows: "signing", "digital signature",
|
||||
"content commitment", "key encipherment", "key agreement", "data
|
||||
encipherment", "cert sign", "crl sign", "encipher only", "decipher
|
||||
only", "any", "server auth", "client auth", "code signing", "email
|
||||
protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec
|
||||
user", "timestamping", "ocsp signing", "microsoft sgc", "netscape
|
||||
sgc"'
|
||||
type: string
|
||||
enum:
|
||||
- signing
|
||||
- digital signature
|
||||
- content commitment
|
||||
- key encipherment
|
||||
- key agreement
|
||||
- data encipherment
|
||||
- cert sign
|
||||
- crl sign
|
||||
- encipher only
|
||||
- decipher only
|
||||
- any
|
||||
- server auth
|
||||
- client auth
|
||||
- code signing
|
||||
- email protection
|
||||
- s/mime
|
||||
- ipsec end system
|
||||
- ipsec tunnel
|
||||
- ipsec user
|
||||
- timestamping
|
||||
- ocsp signing
|
||||
- microsoft sgc
|
||||
- netscape sgc
|
||||
status:
|
||||
description: Status of the CertificateRequest. This is set and managed
|
||||
automatically.
|
||||
type: object
|
||||
properties:
|
||||
ca:
|
||||
description: The PEM encoded x509 certificate of the signer, also
|
||||
known as the CA (Certificate Authority). This is set on a best-effort
|
||||
basis by different issuers. If not set, the CA is assumed to be
|
||||
unknown/not available.
|
||||
type: string
|
||||
format: byte
|
||||
certificate:
|
||||
description: The PEM encoded x509 certificate resulting from the certificate
|
||||
signing request. If not set, the CertificateRequest has either not
|
||||
been completed or has failed. More information on failure can be
|
||||
found by checking the `conditions` field.
|
||||
type: string
|
||||
format: byte
|
||||
conditions:
|
||||
description: List of status conditions to indicate the status of a
|
||||
CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.
|
||||
type: array
|
||||
items:
|
||||
description: CertificateRequestCondition contains condition information
|
||||
for a CertificateRequest.
|
||||
type: object
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding
|
||||
to the last status change of this condition.
|
||||
type: string
|
||||
format: date-time
|
||||
message:
|
||||
description: Message is a human readable description of the
|
||||
details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation
|
||||
for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False',
|
||||
'Unknown').
|
||||
type: string
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type:
|
||||
description: Type of the condition, known values are ('Ready',
|
||||
'InvalidRequest').
|
||||
type: string
|
||||
failureTime:
|
||||
description: FailureTime stores the time that this CertificateRequest
|
||||
failed. This is used to influence garbage collection and back-off.
|
||||
type: string
|
||||
format: date-time
|
||||
- name: v1alpha3
|
||||
served: true
|
||||
storage: false
|
||||
"schema":
|
||||
"openAPIV3Schema":
|
||||
description: "A CertificateRequest is used to request a signed certificate
|
||||
from one of the configured issuers. \n All fields within the CertificateRequest's
|
||||
`spec` are immutable after creation. A CertificateRequest will either succeed
|
||||
or fail, as denoted by its `status.state` field. \n A CertificateRequest
|
||||
is a 'one-shot' resource, meaning it represents a single point in time request
|
||||
for a certificate and cannot be re-used."
|
||||
type: object
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Desired state of the CertificateRequest resource.
|
||||
type: object
|
||||
required:
|
||||
- csr
|
||||
- issuerRef
|
||||
properties:
|
||||
csr:
|
||||
description: The PEM-encoded x509 certificate signing request to be
|
||||
submitted to the CA for signing.
|
||||
type: string
|
||||
format: byte
|
||||
duration:
|
||||
description: The requested 'duration' (i.e. lifetime) of the Certificate.
|
||||
This option may be ignored/overridden by some issuer types.
|
||||
type: string
|
||||
isCA:
|
||||
description: IsCA will request to mark the certificate as valid for
|
||||
certificate signing when submitting to the issuer. This will automatically
|
||||
add the `cert sign` usage to the list of `usages`.
|
||||
type: boolean
|
||||
issuerRef:
|
||||
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
|
||||
the 'kind' field is not set, or set to 'Issuer', an Issuer resource
|
||||
with the given name in the same namespace as the CertificateRequest
|
||||
will be used. If the 'kind' field is set to 'ClusterIssuer', a
|
||||
ClusterIssuer with the provided name will be used. The 'name' field
|
||||
in this stanza is required at all times. The group field refers
|
||||
to the API group of the issuer which defaults to 'cert-manager.io'
|
||||
if empty.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
group:
|
||||
description: Group of the resource being referred to.
|
||||
type: string
|
||||
kind:
|
||||
description: Kind of the resource being referred to.
|
||||
type: string
|
||||
name:
|
||||
description: Name of the resource being referred to.
|
||||
type: string
|
||||
usages:
|
||||
description: Usages is the set of x509 usages that are requested for
|
||||
the certificate. Defaults to `digital signature` and `key encipherment`
|
||||
if not specified.
|
||||
type: array
|
||||
items:
|
||||
description: 'KeyUsage specifies valid usage contexts for keys.
|
||||
See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
||||
Valid KeyUsage values are as follows: "signing", "digital signature",
|
||||
"content commitment", "key encipherment", "key agreement", "data
|
||||
encipherment", "cert sign", "crl sign", "encipher only", "decipher
|
||||
only", "any", "server auth", "client auth", "code signing", "email
|
||||
protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec
|
||||
user", "timestamping", "ocsp signing", "microsoft sgc", "netscape
|
||||
sgc"'
|
||||
type: string
|
||||
enum:
|
||||
- signing
|
||||
- digital signature
|
||||
- content commitment
|
||||
- key encipherment
|
||||
- key agreement
|
||||
- data encipherment
|
||||
- cert sign
|
||||
- crl sign
|
||||
- encipher only
|
||||
- decipher only
|
||||
- any
|
||||
- server auth
|
||||
- client auth
|
||||
- code signing
|
||||
- email protection
|
||||
- s/mime
|
||||
- ipsec end system
|
||||
- ipsec tunnel
|
||||
- ipsec user
|
||||
- timestamping
|
||||
- ocsp signing
|
||||
- microsoft sgc
|
||||
- netscape sgc
|
||||
status:
|
||||
description: Status of the CertificateRequest. This is set and managed
|
||||
automatically.
|
||||
type: object
|
||||
properties:
|
||||
ca:
|
||||
description: The PEM encoded x509 certificate of the signer, also
|
||||
known as the CA (Certificate Authority). This is set on a best-effort
|
||||
basis by different issuers. If not set, the CA is assumed to be
|
||||
unknown/not available.
|
||||
type: string
|
||||
format: byte
|
||||
certificate:
|
||||
description: The PEM encoded x509 certificate resulting from the certificate
|
||||
signing request. If not set, the CertificateRequest has either not
|
||||
been completed or has failed. More information on failure can be
|
||||
found by checking the `conditions` field.
|
||||
type: string
|
||||
format: byte
|
||||
conditions:
|
||||
description: List of status conditions to indicate the status of a
|
||||
CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.
|
||||
type: array
|
||||
items:
|
||||
description: CertificateRequestCondition contains condition information
|
||||
for a CertificateRequest.
|
||||
type: object
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding
|
||||
to the last status change of this condition.
|
||||
type: string
|
||||
format: date-time
|
||||
message:
|
||||
description: Message is a human readable description of the
|
||||
details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation
|
||||
for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False',
|
||||
'Unknown').
|
||||
type: string
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type:
|
||||
description: Type of the condition, known values are ('Ready',
|
||||
'InvalidRequest').
|
||||
type: string
|
||||
failureTime:
|
||||
description: FailureTime stores the time that this CertificateRequest
|
||||
failed. This is used to influence garbage collection and back-off.
|
||||
type: string
|
||||
format: date-time
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: false
|
||||
"schema":
|
||||
"openAPIV3Schema":
|
||||
description: "A CertificateRequest is used to request a signed certificate
|
||||
from one of the configured issuers. \n All fields within the CertificateRequest's
|
||||
`spec` are immutable after creation. A CertificateRequest will either succeed
|
||||
or fail, as denoted by its `status.state` field. \n A CertificateRequest
|
||||
is a 'one-shot' resource, meaning it represents a single point in time request
|
||||
for a certificate and cannot be re-used."
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Desired state of the CertificateRequest resource.
|
||||
type: object
|
||||
required:
|
||||
- issuerRef
|
||||
- request
|
||||
properties:
|
||||
duration:
|
||||
description: The requested 'duration' (i.e. lifetime) of the Certificate.
|
||||
This option may be ignored/overridden by some issuer types.
|
||||
type: string
|
||||
isCA:
|
||||
description: IsCA will request to mark the certificate as valid for
|
||||
certificate signing when submitting to the issuer. This will automatically
|
||||
add the `cert sign` usage to the list of `usages`.
|
||||
type: boolean
|
||||
issuerRef:
|
||||
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
|
||||
the 'kind' field is not set, or set to 'Issuer', an Issuer resource
|
||||
with the given name in the same namespace as the CertificateRequest
|
||||
will be used. If the 'kind' field is set to 'ClusterIssuer', a
|
||||
ClusterIssuer with the provided name will be used. The 'name' field
|
||||
in this stanza is required at all times. The group field refers
|
||||
to the API group of the issuer which defaults to 'cert-manager.io'
|
||||
if empty.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
group:
|
||||
description: Group of the resource being referred to.
|
||||
type: string
|
||||
kind:
|
||||
description: Kind of the resource being referred to.
|
||||
type: string
|
||||
name:
|
||||
description: Name of the resource being referred to.
|
||||
type: string
|
||||
request:
|
||||
description: The PEM-encoded x509 certificate signing request to be
|
||||
submitted to the CA for signing.
|
||||
type: string
|
||||
format: byte
|
||||
usages:
|
||||
description: Usages is the set of x509 usages that are requested for
|
||||
the certificate. Defaults to `digital signature` and `key encipherment`
|
||||
if not specified.
|
||||
type: array
|
||||
items:
|
||||
description: 'KeyUsage specifies valid usage contexts for keys.
|
||||
See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
||||
Valid KeyUsage values are as follows: "signing", "digital signature",
|
||||
"content commitment", "key encipherment", "key agreement", "data
|
||||
encipherment", "cert sign", "crl sign", "encipher only", "decipher
|
||||
only", "any", "server auth", "client auth", "code signing", "email
|
||||
protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec
|
||||
user", "timestamping", "ocsp signing", "microsoft sgc", "netscape
|
||||
sgc"'
|
||||
type: string
|
||||
enum:
|
||||
- signing
|
||||
- digital signature
|
||||
- content commitment
|
||||
- key encipherment
|
||||
- key agreement
|
||||
- data encipherment
|
||||
- cert sign
|
||||
- crl sign
|
||||
- encipher only
|
||||
- decipher only
|
||||
- any
|
||||
- server auth
|
||||
- client auth
|
||||
- code signing
|
||||
- email protection
|
||||
- s/mime
|
||||
- ipsec end system
|
||||
- ipsec tunnel
|
||||
- ipsec user
|
||||
- timestamping
|
||||
- ocsp signing
|
||||
- microsoft sgc
|
||||
- netscape sgc
|
||||
status:
|
||||
description: Status of the CertificateRequest. This is set and managed
|
||||
automatically.
|
||||
type: object
|
||||
properties:
|
||||
ca:
|
||||
description: The PEM encoded x509 certificate of the signer, also
|
||||
known as the CA (Certificate Authority). This is set on a best-effort
|
||||
basis by different issuers. If not set, the CA is assumed to be
|
||||
unknown/not available.
|
||||
type: string
|
||||
format: byte
|
||||
certificate:
|
||||
description: The PEM encoded x509 certificate resulting from the certificate
|
||||
signing request. If not set, the CertificateRequest has either not
|
||||
been completed or has failed. More information on failure can be
|
||||
found by checking the `conditions` field.
|
||||
type: string
|
||||
format: byte
|
||||
conditions:
|
||||
description: List of status conditions to indicate the status of a
|
||||
CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.
|
||||
type: array
|
||||
items:
|
||||
description: CertificateRequestCondition contains condition information
|
||||
for a CertificateRequest.
|
||||
type: object
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding
|
||||
to the last status change of this condition.
|
||||
type: string
|
||||
format: date-time
|
||||
message:
|
||||
description: Message is a human readable description of the
|
||||
details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation
|
||||
for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False',
|
||||
'Unknown').
|
||||
type: string
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type:
|
||||
description: Type of the condition, known values are ('Ready',
|
||||
'InvalidRequest').
|
||||
type: string
|
||||
failureTime:
|
||||
description: FailureTime stores the time that this CertificateRequest
|
||||
failed. This is used to influence garbage collection and back-off.
|
||||
type: string
|
||||
format: date-time
|
||||
Loading…
Add table
Add a link
Reference in a new issue