273 lines
12 KiB
YAML
273 lines
12 KiB
YAML
apiVersion: apiextensions.k8s.io/v1beta1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
controller-tools.k8s.io: "1.0"
|
|
name: orders.certmanager.k8s.io
|
|
spec:
|
|
additionalPrinterColumns:
|
|
- JSONPath: .status.state
|
|
name: State
|
|
type: string
|
|
- JSONPath: .spec.issuerRef.name
|
|
name: Issuer
|
|
priority: 1
|
|
type: string
|
|
- JSONPath: .status.reason
|
|
name: Reason
|
|
priority: 1
|
|
type: string
|
|
- JSONPath: .metadata.creationTimestamp
|
|
description: CreationTimestamp is a timestamp representing the server time when
|
|
this object was created. It is not guaranteed to be set in happens-before order
|
|
across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC.
|
|
name: Age
|
|
type: date
|
|
group: certmanager.k8s.io
|
|
names:
|
|
kind: Order
|
|
plural: orders
|
|
scope: Namespaced
|
|
validation:
|
|
openAPIV3Schema:
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
properties:
|
|
commonName:
|
|
description: CommonName is the common name as specified on the DER encoded
|
|
CSR. If CommonName is not specified, the first DNSName specified will
|
|
be used as the CommonName. At least one of CommonName or a DNSNames
|
|
must be set. This field must match the corresponding field on the
|
|
DER encoded CSR.
|
|
type: string
|
|
config:
|
|
description: 'Config specifies a mapping from DNS identifiers to how
|
|
those identifiers should be solved when performing ACME challenges.
|
|
A config entry must exist for each domain listed in DNSNames and CommonName.
|
|
Only **one** of ''config'' or ''solvers'' may be specified, and if
|
|
both are specified then no action will be performed on the Order resource. This
|
|
field will be removed when support for solver config specified on
|
|
the Certificate under certificate.spec.acme has been removed. DEPRECATED:
|
|
this field will be removed in future. Solver configuration must instead
|
|
be provided on ACME Issuer resources.'
|
|
items:
|
|
properties:
|
|
domains:
|
|
description: Domains is the list of domains that this SolverConfig
|
|
applies to.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- domains
|
|
type: object
|
|
type: array
|
|
csr:
|
|
description: Certificate signing request bytes in DER encoding. This
|
|
will be used when finalizing the order. This field must be set on
|
|
the order.
|
|
format: byte
|
|
type: string
|
|
dnsNames:
|
|
description: DNSNames is a list of DNS names that should be included
|
|
as part of the Order validation process. If CommonName is not specified,
|
|
the first DNSName specified will be used as the CommonName. At least
|
|
one of CommonName or a DNSNames must be set. This field must match
|
|
the corresponding field on the DER encoded CSR.
|
|
items:
|
|
type: string
|
|
type: array
|
|
issuerRef:
|
|
description: IssuerRef references a properly configured ACME-type Issuer
|
|
which should be used to create this Order. If the Issuer does not
|
|
exist, processing will be retried. If the Issuer is not an 'ACME'
|
|
Issuer, an error will be returned and the Order will be marked as
|
|
failed.
|
|
properties:
|
|
group:
|
|
type: string
|
|
kind:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- csr
|
|
- issuerRef
|
|
type: object
|
|
status:
|
|
properties:
|
|
certificate:
|
|
description: Certificate is a copy of the PEM encoded certificate for
|
|
this Order. This field will be populated after the order has been
|
|
successfully finalized with the ACME server, and the order has transitioned
|
|
to the 'valid' state.
|
|
format: byte
|
|
type: string
|
|
challenges:
|
|
description: Challenges is a list of ChallengeSpecs for Challenges that
|
|
must be created in order to complete this Order.
|
|
items:
|
|
properties:
|
|
authzURL:
|
|
description: AuthzURL is the URL to the ACME Authorization resource
|
|
that this challenge is a part of.
|
|
type: string
|
|
config:
|
|
description: 'Config specifies the solver configuration for this
|
|
challenge. Only **one** of ''config'' or ''solver'' may be specified,
|
|
and if both are specified then no action will be performed on
|
|
the Challenge resource. DEPRECATED: the ''solver'' field should
|
|
be specified instead'
|
|
type: object
|
|
dnsName:
|
|
description: DNSName is the identifier that this challenge is
|
|
for, e.g. example.com.
|
|
type: string
|
|
issuerRef:
|
|
description: IssuerRef references a properly configured ACME-type
|
|
Issuer which should be used to create this Challenge. If the
|
|
Issuer does not exist, processing will be retried. If the Issuer
|
|
is not an 'ACME' Issuer, an error will be returned and the Challenge
|
|
will be marked as failed.
|
|
properties:
|
|
group:
|
|
type: string
|
|
kind:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
key:
|
|
description: Key is the ACME challenge key for this challenge
|
|
type: string
|
|
solver:
|
|
description: Solver contains the domain solving configuration
|
|
that should be used to solve this challenge resource. Only **one**
|
|
of 'config' or 'solver' may be specified, and if both are specified
|
|
then no action will be performed on the Challenge resource.
|
|
properties:
|
|
selector:
|
|
description: Selector selects a set of DNSNames on the Certificate
|
|
resource that should be solved using this challenge solver.
|
|
properties:
|
|
dnsNames:
|
|
description: List of DNSNames that this solver will be
|
|
used to solve. If specified and a match is found, a
|
|
dnsNames selector will take precedence over a dnsZones
|
|
selector. If multiple solvers match with the same dnsNames
|
|
value, the solver with the most matching labels in matchLabels
|
|
will be selected. If neither has more matches, the solver
|
|
defined earlier in the list will be selected.
|
|
items:
|
|
type: string
|
|
type: array
|
|
dnsZones:
|
|
description: List of DNSZones that this solver will be
|
|
used to solve. The most specific DNS zone match specified
|
|
here will take precedence over other DNS zone matches,
|
|
so a solver specifying sys.example.com will be selected
|
|
over one specifying example.com for the domain www.sys.example.com.
|
|
If multiple solvers match with the same dnsZones value,
|
|
the solver with the most matching labels in matchLabels
|
|
will be selected. If neither has more matches, the solver
|
|
defined earlier in the list will be selected.
|
|
items:
|
|
type: string
|
|
type: array
|
|
matchLabels:
|
|
description: A label selector that is used to refine the
|
|
set of certificate's that this challenge solver will
|
|
apply to.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
token:
|
|
description: Token is the ACME challenge token for this challenge.
|
|
type: string
|
|
type:
|
|
description: Type is the type of ACME challenge this resource
|
|
represents, e.g. "dns01" or "http01"
|
|
type: string
|
|
url:
|
|
description: URL is the URL of the ACME Challenge resource for
|
|
this challenge. This can be used to lookup details about the
|
|
status of this challenge.
|
|
type: string
|
|
wildcard:
|
|
description: Wildcard will be true if this challenge is for a
|
|
wildcard identifier, for example '*.example.com'
|
|
type: boolean
|
|
required:
|
|
- authzURL
|
|
- type
|
|
- url
|
|
- dnsName
|
|
- token
|
|
- key
|
|
- wildcard
|
|
- issuerRef
|
|
type: object
|
|
type: array
|
|
failureTime:
|
|
description: FailureTime stores the time that this order failed. This
|
|
is used to influence garbage collection and back-off.
|
|
format: date-time
|
|
type: string
|
|
finalizeURL:
|
|
description: FinalizeURL of the Order. This is used to obtain certificates
|
|
for this order once it has been completed.
|
|
type: string
|
|
reason:
|
|
description: Reason optionally provides more information about a why
|
|
the order is in the current state.
|
|
type: string
|
|
state:
|
|
description: State contains the current state of this Order resource.
|
|
States 'success' and 'expired' are 'final'
|
|
enum:
|
|
- ""
|
|
- valid
|
|
- ready
|
|
- pending
|
|
- processing
|
|
- invalid
|
|
- expired
|
|
- errored
|
|
type: string
|
|
url:
|
|
description: URL of the Order. This will initially be empty when the
|
|
resource is first created. The Order controller will populate this
|
|
field when the Order is first processed. This field will be immutable
|
|
after it is initially set.
|
|
type: string
|
|
type: object
|
|
required:
|
|
- metadata
|
|
- spec
|
|
- status
|
|
version: v1alpha1
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|