Documentation
¶
Overview ¶
+kubebuilder:object:generate=true +groupName=trust.cert-manager.io
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type AdditionalFormats
- type Bundle
- type BundleCondition
- type BundleList
- type BundleSource
- type BundleSpec
- type BundleStatus
- type BundleTarget
- type JKS
- type KeySelector
- type NamespaceSelector
- type PKCS12
- type SourceObjectKeySelector
Constants ¶
const ( // BundleConditionSynced indicates that the Bundle has successfully synced // all source bundle data to the Bundle target in all Namespaces. BundleConditionSynced string = "Synced" )
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme GlobalScheme *runtime.Scheme )
var BundleHashAnnotationKey = "trust.cert-manager.io/hash"
var BundleKind = "Bundle"
var BundleLabelKey = "trust.cert-manager.io/bundle"
var SchemeGroupVersion = schema.GroupVersion{Group: trust.GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type AdditionalFormats ¶ added in v0.5.0
type AdditionalFormats struct {
// JKS requests a JKS-formatted binary trust bundle to be written to the target.
// The bundle has "changeit" as the default password.
// For more information refer to this link https://cert-manager.io/docs/faq/#keystore-passwords
JKS *JKS `json:"jks,omitempty"`
// PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target.
// The bundle is by default created without a password.
PKCS12 *PKCS12 `json:"pkcs12,omitempty"`
}
AdditionalFormats specifies any additional formats to write to the target
func (*AdditionalFormats) DeepCopy ¶ added in v0.5.0
func (in *AdditionalFormats) DeepCopy() *AdditionalFormats
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalFormats.
func (*AdditionalFormats) DeepCopyInto ¶ added in v0.5.0
func (in *AdditionalFormats) DeepCopyInto(out *AdditionalFormats)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Bundle ¶
type Bundle struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Bundle resource.
Spec BundleSpec `json:"spec"`
// Status of the Bundle. This is set and managed automatically.
// +optional
Status BundleStatus `json:"status"`
}
func (*Bundle) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Bundle.
func (*Bundle) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Bundle) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BundleCondition ¶
type BundleCondition struct {
// Type of the condition, known values are (`Synced`).
// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
// +kubebuilder:validation:MaxLength=316
Type string `json:"type"`
// Status of the condition, one of True, False, Unknown.
// +kubebuilder:validation:Enum=True;False;Unknown
Status metav1.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +kubebuilder:validation:Type=string
// +kubebuilder:validation:Format=date-time
LastTransitionTime metav1.Time `json:"lastTransitionTime"`
// Reason is a brief machine-readable explanation for the condition's last
// transition.
// The value should be a CamelCase string.
// This field may not be empty.
// +kubebuilder:validation:MaxLength=1024
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
Reason string `json:"reason"`
// Message is a human-readable description of the details of the last
// transition, complementing reason.
// +optional
// +kubebuilder:validation:MaxLength=32768
Message string `json:"message,omitempty"`
// If set, this represents the .metadata.generation that the condition was
// set based upon.
// For instance, if .metadata.generation is currently 12, but the
// .status.condition[x].observedGeneration is 9, the condition is out of date
// with respect to the current state of the Bundle.
// +optional
// +kubebuilder:validation:Minimum=0
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
BundleCondition contains condition information for a Bundle.
func (*BundleCondition) DeepCopy ¶
func (in *BundleCondition) DeepCopy() *BundleCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleCondition.
func (*BundleCondition) DeepCopyInto ¶
func (in *BundleCondition) DeepCopyInto(out *BundleCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BundleList ¶
type BundleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Bundle `json:"items"`
}
+kubebuilder:object:root=true
func (*BundleList) DeepCopy ¶
func (in *BundleList) DeepCopy() *BundleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleList.
func (*BundleList) DeepCopyInto ¶
func (in *BundleList) DeepCopyInto(out *BundleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BundleList) DeepCopyObject ¶
func (in *BundleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BundleSource ¶
type BundleSource struct {
// ConfigMap is a reference (by name) to a ConfigMap's `data` key, or to a
// list of ConfigMap's `data` key using label selector, in the trust Namespace.
// +optional
ConfigMap *SourceObjectKeySelector `json:"configMap,omitempty"`
// Secret is a reference (by name) to a Secret's `data` key, or to a
// list of Secret's `data` key using label selector, in the trust Namespace.
// +optional
Secret *SourceObjectKeySelector `json:"secret,omitempty"`
// InLine is a simple string to append as the source data.
// +optional
InLine *string `json:"inLine,omitempty"`
// UseDefaultCAs, when true, requests the default CA bundle to be used as a source.
// Default CAs are available if trust-manager was installed via Helm
// or was otherwise set up to include a package-injecting init container by using the
// "--default-package-location" flag when starting the trust-manager controller.
// If default CAs were not configured at start-up, any request to use the default
// CAs will fail.
// The version of the default CA package which is used for a Bundle is stored in the
// defaultCAPackageVersion field of the Bundle's status field.
// +optional
UseDefaultCAs *bool `json:"useDefaultCAs,omitempty"`
}
BundleSource is the set of sources whose data will be appended and synced to the BundleTarget in all Namespaces.
func (*BundleSource) DeepCopy ¶
func (in *BundleSource) DeepCopy() *BundleSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleSource.
func (*BundleSource) DeepCopyInto ¶
func (in *BundleSource) DeepCopyInto(out *BundleSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BundleSpec ¶
type BundleSpec struct {
// Sources is a set of references to data whose data will sync to the target.
Sources []BundleSource `json:"sources"`
// Target is the target location in all namespaces to sync source data to.
Target BundleTarget `json:"target"`
}
BundleSpec defines the desired state of a Bundle.
func (*BundleSpec) DeepCopy ¶
func (in *BundleSpec) DeepCopy() *BundleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleSpec.
func (*BundleSpec) DeepCopyInto ¶
func (in *BundleSpec) DeepCopyInto(out *BundleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BundleStatus ¶
type BundleStatus struct {
// List of status conditions to indicate the status of the Bundle.
// Known condition types are `Bundle`.
// +listType=map
// +listMapKey=type
// +optional
Conditions []BundleCondition `json:"conditions,omitempty"`
// DefaultCAPackageVersion, if set and non-empty, indicates the version information
// which was retrieved when the set of default CAs was requested in the bundle
// source. This should only be set if useDefaultCAs was set to "true" on a source,
// and will be the same for the same version of a bundle with identical certificates.
// +optional
DefaultCAPackageVersion *string `json:"defaultCAVersion,omitempty"`
}
BundleStatus defines the observed state of the Bundle.
func (*BundleStatus) DeepCopy ¶
func (in *BundleStatus) DeepCopy() *BundleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleStatus.
func (*BundleStatus) DeepCopyInto ¶
func (in *BundleStatus) DeepCopyInto(out *BundleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BundleTarget ¶
type BundleTarget struct {
// ConfigMap is the target ConfigMap in Namespaces that all Bundle source
// data will be synced to.
ConfigMap *KeySelector `json:"configMap,omitempty"`
// Secret is the target Secret that all Bundle source data will be synced to.
// Using Secrets as targets is only supported if enabled at trust-manager startup.
// By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.
Secret *KeySelector `json:"secret,omitempty"`
// AdditionalFormats specifies any additional formats to write to the target
// +optional
AdditionalFormats *AdditionalFormats `json:"additionalFormats,omitempty"`
// NamespaceSelector will, if set, only sync the target resource in
// Namespaces which match the selector.
// +optional
NamespaceSelector *NamespaceSelector `json:"namespaceSelector,omitempty"`
}
BundleTarget is the target resource that the Bundle will sync all source data to.
func (*BundleTarget) DeepCopy ¶
func (in *BundleTarget) DeepCopy() *BundleTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleTarget.
func (*BundleTarget) DeepCopyInto ¶
func (in *BundleTarget) DeepCopyInto(out *BundleTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JKS ¶ added in v0.8.0
type JKS struct {
KeySelector `json:",inline"`
// Password for JKS trust store
//+optional
//+kubebuilder:validation:MinLength=1
//+kubebuilder:validation:MaxLength=128
//+kubebuilder:default=changeit
Password *string `json:"password"`
}
func (*JKS) DeepCopy ¶ added in v0.8.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKS.
func (*JKS) DeepCopyInto ¶ added in v0.8.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeySelector ¶
type KeySelector struct {
// Key is the key of the entry in the object's `data` field to be used.
Key string `json:"key"`
}
KeySelector is a reference to a key for some map data object.
func (*KeySelector) DeepCopy ¶
func (in *KeySelector) DeepCopy() *KeySelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeySelector.
func (*KeySelector) DeepCopyInto ¶
func (in *KeySelector) DeepCopyInto(out *KeySelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamespaceSelector ¶
type NamespaceSelector struct {
// MatchLabels matches on the set of labels that must be present on a
// Namespace for the Bundle target to be synced there.
// +optional
MatchLabels map[string]string `json:"matchLabels,omitempty"`
}
NamespaceSelector defines selectors to match on Namespaces.
func (*NamespaceSelector) DeepCopy ¶
func (in *NamespaceSelector) DeepCopy() *NamespaceSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSelector.
func (*NamespaceSelector) DeepCopyInto ¶
func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PKCS12 ¶ added in v0.8.0
type PKCS12 struct {
KeySelector `json:",inline"`
// Password for PKCS12 trust store
//+optional
//+kubebuilder:validation:MaxLength=128
//+kubebuilder:default=""
Password *string `json:"password,omitempty"`
}
func (*PKCS12) DeepCopy ¶ added in v0.8.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12.
func (*PKCS12) DeepCopyInto ¶ added in v0.8.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SourceObjectKeySelector ¶
type SourceObjectKeySelector struct {
// Name is the name of the source object in the trust Namespace.
// This field must be left empty when `selector` is set
//+optional
Name string `json:"name,omitempty"`
// Selector is the label selector to use to fetch a list of objects. Must not be set
// when `Name` is set.
//+optional
Selector *metav1.LabelSelector `json:"selector,omitempty"`
// KeySelector is the key of the entry in the objects' `data` field to be referenced.
KeySelector `json:",inline"`
}
SourceObjectKeySelector is a reference to a source object and its `data` key in the trust Namespace.
func (*SourceObjectKeySelector) DeepCopy ¶
func (in *SourceObjectKeySelector) DeepCopy() *SourceObjectKeySelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceObjectKeySelector.
func (*SourceObjectKeySelector) DeepCopyInto ¶
func (in *SourceObjectKeySelector) DeepCopyInto(out *SourceObjectKeySelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files