-
Notifications
You must be signed in to change notification settings - Fork 133
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Updating seal secret usage Signed-off-by: gar <garlandk@gmail.com> * Updating cert-manager chart Signed-off-by: gar <garlandk@gmail.com> * Adding cert-manager Signed-off-by: gar <garlandk@gmail.com>
- Loading branch information
Showing
17 changed files
with
5,932 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: cert-manager | ||
labels: | ||
name: cert-manager |
205 changes: 205 additions & 0 deletions
205
kubernetes/flux/releases/gcp/dev/cert-manager/cert-manager/crds/certificaterequests.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,205 @@ | ||
apiVersion: apiextensions.k8s.io/v1beta1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: certificaterequests.cert-manager.io | ||
annotations: | ||
cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls | ||
spec: | ||
additionalPrinterColumns: | ||
- JSONPath: .status.conditions[?(@.type=="Ready")].status | ||
name: Ready | ||
type: string | ||
- JSONPath: .spec.issuerRef.name | ||
name: Issuer | ||
priority: 1 | ||
type: string | ||
- JSONPath: .status.conditions[?(@.type=="Ready")].message | ||
name: Status | ||
priority: 1 | ||
type: string | ||
- JSONPath: .metadata.creationTimestamp | ||
description: CreationTimestamp is a timestamp representing the server time when | ||
this object was created. It is not guaranteed to be set in happens-before order | ||
across separate operations. Clients may not set this value. It is represented | ||
in RFC3339 form and is in UTC. | ||
name: Age | ||
type: date | ||
group: cert-manager.io | ||
preserveUnknownFields: false | ||
conversion: | ||
# a Webhook strategy instruct API server to call an external webhook for any conversion between custom resources. | ||
strategy: Webhook | ||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. | ||
webhookClientConfig: | ||
service: | ||
# If you have deployed cert-manager into a namespace other than | ||
# 'cert-manager', be sure to update this value. | ||
namespace: cert-manager | ||
name: cert-manager-webhook | ||
path: /convert | ||
names: | ||
kind: CertificateRequest | ||
listKind: CertificateRequestList | ||
plural: certificaterequests | ||
shortNames: | ||
- cr | ||
- crs | ||
singular: certificaterequest | ||
scope: Namespaced | ||
subresources: | ||
status: {} | ||
versions: | ||
- name: v1alpha2 | ||
served: true | ||
storage: true | ||
- name: v1alpha3 | ||
served: true | ||
storage: false | ||
"validation": | ||
"openAPIV3Schema": | ||
description: CertificateRequest is a type to represent a Certificate Signing | ||
Request | ||
type: object | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: CertificateRequestSpec defines the desired state of CertificateRequest | ||
type: object | ||
required: | ||
- csr | ||
- issuerRef | ||
properties: | ||
csr: | ||
description: Byte slice containing the PEM encoded CertificateSigningRequest | ||
type: string | ||
format: byte | ||
duration: | ||
description: Requested certificate default Duration | ||
type: string | ||
isCA: | ||
description: IsCA will mark the resulting certificate as valid for signing. | ||
This implies that the 'cert sign' usage is set | ||
type: boolean | ||
issuerRef: | ||
description: IssuerRef is a reference to the issuer for this CertificateRequest. If | ||
the 'kind' field is not set, or set to 'Issuer', an Issuer resource | ||
with the given name in the same namespace as the CertificateRequest | ||
will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer | ||
with the provided name will be used. The 'name' field in this stanza | ||
is required at all times. The group field refers to the API group | ||
of the issuer which defaults to 'cert-manager.io' if empty. | ||
type: object | ||
required: | ||
- name | ||
properties: | ||
group: | ||
type: string | ||
kind: | ||
type: string | ||
name: | ||
type: string | ||
usages: | ||
description: Usages is the set of x509 actions that are enabled for | ||
a given key. Defaults are ('digital signature', 'key encipherment') | ||
if empty | ||
type: array | ||
items: | ||
description: 'KeyUsage specifies valid usage contexts for keys. See: | ||
https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 | ||
Valid KeyUsage values are as follows: "signing", "digital signature", | ||
"content commitment", "key encipherment", "key agreement", "data | ||
encipherment", "cert sign", "crl sign", "encipher only", "decipher | ||
only", "any", "server auth", "client auth", "code signing", "email | ||
protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec | ||
user", "timestamping", "ocsp signing", "microsoft sgc", "netscape | ||
sgc"' | ||
type: string | ||
enum: | ||
- signing | ||
- digital signature | ||
- content commitment | ||
- key encipherment | ||
- key agreement | ||
- data encipherment | ||
- cert sign | ||
- crl sign | ||
- encipher only | ||
- decipher only | ||
- any | ||
- server auth | ||
- client auth | ||
- code signing | ||
- email protection | ||
- s/mime | ||
- ipsec end system | ||
- ipsec tunnel | ||
- ipsec user | ||
- timestamping | ||
- ocsp signing | ||
- microsoft sgc | ||
- netscape sgc | ||
status: | ||
description: CertificateStatus defines the observed state of CertificateRequest | ||
and resulting signed certificate. | ||
type: object | ||
properties: | ||
ca: | ||
description: Byte slice containing the PEM encoded certificate authority | ||
of the signed certificate. | ||
type: string | ||
format: byte | ||
certificate: | ||
description: Byte slice containing a PEM encoded signed certificate | ||
resulting from the given certificate signing request. | ||
type: string | ||
format: byte | ||
conditions: | ||
type: array | ||
items: | ||
description: CertificateRequestCondition contains condition information | ||
for a CertificateRequest. | ||
type: object | ||
required: | ||
- status | ||
- type | ||
properties: | ||
lastTransitionTime: | ||
description: LastTransitionTime is the timestamp corresponding | ||
to the last status change of this condition. | ||
type: string | ||
format: date-time | ||
message: | ||
description: Message is a human readable description of the details | ||
of the last transition, complementing reason. | ||
type: string | ||
reason: | ||
description: Reason is a brief machine readable explanation for | ||
the condition's last transition. | ||
type: string | ||
status: | ||
description: Status of the condition, one of ('True', 'False', | ||
'Unknown'). | ||
type: string | ||
enum: | ||
- "True" | ||
- "False" | ||
- Unknown | ||
type: | ||
description: Type of the condition, currently ('Ready', 'InvalidRequest'). | ||
type: string | ||
failureTime: | ||
description: FailureTime stores the time that this CertificateRequest | ||
failed. This is used to influence garbage collection and back-off. | ||
type: string | ||
format: date-time |
Oops, something went wrong.