Documentation ¶
Overview ¶
Package v1alpha1 is the v1alpha1 version of the API. +groupName=cert.gardener.cloud
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type ACMEExternalAccountBinding
- type ACMESpec
- type BackOffState
- type CASpec
- type Certificate
- type CertificateKeystores
- type CertificateList
- type CertificatePrivateKey
- type CertificateRef
- type CertificateRevocation
- type CertificateRevocationList
- type CertificateRevocationSpec
- type CertificateRevocationStatus
- type CertificateSecretRef
- type CertificateSpec
- type CertificateStatus
- type DNSSelection
- type Issuer
- type IssuerList
- type IssuerRef
- type IssuerSpec
- type IssuerStatus
- type JKSKeystore
- type ObjectStatuses
- type PKCS12Keystore
- type PrivateKeyAlgorithm
- type PrivateKeySize
- type QualifiedIssuerRef
- type SecretKeySelector
- type SecretStatuses
Constants ¶
const ( // Version is the version of the API. Version = "v1alpha1" // GroupName is the group name of the API. GroupName = cert.GroupName // IssuerKind is the issuer kind. IssuerKind = "Issuer" // CertificateKind is the certificate kind. CertificateKind = "Certificate" // CertificateRevocationKind is the certificate revocation kind. CertificateRevocationKind = "CertificateRevocation" )
const ( // StatePending is the pending state. StatePending = "Pending" // StateError is the error state. StateError = "Error" // StateReady is the ready state. StateReady = "Ready" // StateRevoked is the revoked state. StateRevoked = "Revoked" // StateRevocationApplied is the applied state. StateRevocationApplied = "Applied" // StateRevocationPartialApplied is the partial applied state (partial success). StateRevocationPartialApplied = "PartialApplied" )
const ( // CertificateConditionReady indicates that a certificate is ready for use. // This is defined as: // - The target secret exists // - The target secret contains a certificate that has not expired // - The target secret contains a private key valid for the certificate // - The commonName and dnsNames attributes match those specified on the Certificate CertificateConditionReady string = "Ready" )
Variables ¶
var ( // SchemeBuilder is a new Scheme Builder which registers our API. SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme is a reference to the Scheme Builder's AddToScheme function. AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: cert.GroupName, Version: Version}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resources and returns a Group qualified GroupResource
Types ¶
type ACMEExternalAccountBinding ¶ added in v0.12.0
type ACMEExternalAccountBinding struct { // keyID is the ID of the CA key that the External Account is bound to. KeyID string `json:"keyID"` // keySecretRef is the secret ref to the // Secret which holds the symmetric MAC key of the External Account Binding with data key 'hmacKey'. // The secret key stored in the Secret **must** be un-padded, base64 URL // encoded data. KeySecretRef *corev1.SecretReference `json:"keySecretRef"` }
ACMEExternalAccountBinding is a reference to a CA external account of the ACME server.
func (*ACMEExternalAccountBinding) DeepCopy ¶ added in v0.12.0
func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding.
func (*ACMEExternalAccountBinding) DeepCopyInto ¶ added in v0.12.0
func (in *ACMEExternalAccountBinding) DeepCopyInto(out *ACMEExternalAccountBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ACMESpec ¶
type ACMESpec struct { // Server is the URL of the ACME server. Server string `json:"server"` // Email is the email address to use for user registration. Email string `json:"email"` // AutoRegistration is the flag if automatic registration should be applied if needed. // +optional AutoRegistration bool `json:"autoRegistration,omitempty"` // PrivateKeySecretRef is the secret ref to the ACME private key. // +optional PrivateKeySecretRef *corev1.SecretReference `json:"privateKeySecretRef,omitempty"` // ACMEExternalAccountBinding is a reference to a CA external account of the ACME server. // +optional ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"` // SkipDNSChallengeValidation marks that this issuer does not validate DNS challenges. // In this case no DNS entries/records are created for a DNS Challenge and DNS propagation // is not checked. // +optional SkipDNSChallengeValidation *bool `json:"skipDNSChallengeValidation,omitempty"` // Domains optionally specifies domains allowed or forbidden for certificate requests // +optional Domains *DNSSelection `json:"domains,omitempty"` // PrecheckNameservers overwrites the default precheck nameservers used for checking DNS propagation. // Format `host` or `host:port`, e.g. "8.8.8.8" same as "8.8.8.8:53" or "google-public-dns-a.google.com:53". // +optional PrecheckNameservers []string `json:"precheckNameservers,omitempty"` }
ACMESpec is the ACME specific part of the spec.
func (*ACMESpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMESpec.
func (*ACMESpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackOffState ¶ added in v0.2.16
type BackOffState struct { // ObservedGeneration is the observed generation the BackOffState is assigned to ObservedGeneration int64 `json:"observedGeneration,omitempty"` // RetryAfter is the timestamp this cert request is not retried before. RetryAfter metav1.Time `json:"recheckAfter"` // RetryInterval is interval to wait for retrying. RetryInterval metav1.Duration `json:"recheckInterval"` }
BackOffState stores the status for exponential back off on repeated cert request failure
func (*BackOffState) DeepCopy ¶ added in v0.2.16
func (in *BackOffState) DeepCopy() *BackOffState
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackOffState.
func (*BackOffState) DeepCopyInto ¶ added in v0.2.16
func (in *BackOffState) DeepCopyInto(out *BackOffState)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CASpec ¶ added in v0.12.0
type CASpec struct { // PrivateKeySecretRef is the secret ref to the CA secret. // +optional PrivateKeySecretRef *corev1.SecretReference `json:"privateKeySecretRef,omitempty"` }
CASpec is the CA specific part of the spec.
func (*CASpec) DeepCopy ¶ added in v0.12.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CASpec.
func (*CASpec) DeepCopyInto ¶ added in v0.12.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Certificate ¶
type Certificate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateSpec `json:"spec"` // +optional Status CertificateStatus `json:"status,omitempty"` }
Certificate is the certificate CR. +kubebuilder:storageversion +kubebuilder:object:root=true +kubebuilder:resource:scope=Namespaced,path=certificates,shortName=cert,singular=certificate +kubebuilder:subresource:status +kubebuilder:printcolumn:name=COMMON NAME,description="Subject domain name of certificate",JSONPath=".status.commonName",type=string +kubebuilder:printcolumn:name=ISSUER,description="Issuer name",JSONPath=".status.issuerRef.name",type=string +kubebuilder:printcolumn:name=STATUS,JSONPath=".status.state",type=string,description="Status of registration" +kubebuilder:printcolumn:name=EXPIRATION_DATE,JSONPath=".status.expirationDate",priority=500,type=string,description="Expiration date (not valid anymore after this date)" +kubebuilder:printcolumn:name=DNS_NAMES,JSONPath=".status.dnsNames",priority=2000,type=string,description="Domains names in subject alternative names" +kubebuilder:printcolumn:name=AGE,JSONPath=".metadata.creationTimestamp",type=date,description="object creation timestamp" +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*Certificate) DeepCopy ¶
func (in *Certificate) DeepCopy() *Certificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (*Certificate) DeepCopyInto ¶
func (in *Certificate) DeepCopyInto(out *Certificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Certificate) DeepCopyObject ¶
func (in *Certificate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateKeystores ¶ added in v0.12.0
type CertificateKeystores struct { // JKS configures options for storing a JKS keystore in the `spec.secretName`/`spec.secretRef` Secret resource. // +optional JKS *JKSKeystore `json:"jks,omitempty"` // PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName`/`spec.secretRef` Secret resource. // +optional PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"` }
CertificateKeystores configures additional keystore output formats to be created in the Certificate's output Secret.
func (*CertificateKeystores) DeepCopy ¶ added in v0.12.0
func (in *CertificateKeystores) DeepCopy() *CertificateKeystores
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores.
func (*CertificateKeystores) DeepCopyInto ¶ added in v0.12.0
func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateList ¶
type CertificateList struct { metav1.TypeMeta `json:",inline"` // Standard list metadata // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` Items []Certificate `json:"items"` }
CertificateList is the list of Certificate items. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*CertificateList) DeepCopy ¶
func (in *CertificateList) DeepCopy() *CertificateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.
func (*CertificateList) DeepCopyInto ¶
func (in *CertificateList) DeepCopyInto(out *CertificateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateList) DeepCopyObject ¶
func (in *CertificateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificatePrivateKey ¶ added in v0.13.0
type CertificatePrivateKey struct { // Algorithm is the private key algorithm of the corresponding private key // for this certificate. // // If provided, allowed values are either `RSA` or `ECDSA`. // If `algorithm` is specified and `size` is not provided, // deployment specific default values will be used. // +optional Algorithm *PrivateKeyAlgorithm `json:"algorithm,omitempty"` // Size is the key bit size of the corresponding private key for this certificate. // // If `algorithm` is set to `RSA`, valid values are `2048`, `3072` or `4096`, // and will default to a deployment specific value if not specified. // If `algorithm` is set to `ECDSA`, valid values are `256` or `384`, // and will default to a deployment specific value if not specified. // No other values are allowed. // +optional Size *PrivateKeySize `json:"size,omitempty"` }
CertificatePrivateKey contains configuration options for private keys used by the Certificate controller. These include the key algorithm and size.
func (*CertificatePrivateKey) DeepCopy ¶ added in v0.13.0
func (in *CertificatePrivateKey) DeepCopy() *CertificatePrivateKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey.
func (*CertificatePrivateKey) DeepCopyInto ¶ added in v0.13.0
func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateRef ¶ added in v0.12.0
type CertificateRef struct { // Name is the name of the certificate in the same namespace. Name string `json:"name"` // Namespace is the namespace of the certificate CR. Namespace string `json:"namespace"` }
CertificateRef is the reference of the issuer by name.
func (*CertificateRef) DeepCopy ¶ added in v0.12.0
func (in *CertificateRef) DeepCopy() *CertificateRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRef.
func (*CertificateRef) DeepCopyInto ¶ added in v0.12.0
func (in *CertificateRef) DeepCopyInto(out *CertificateRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateRevocation ¶ added in v0.12.0
type CertificateRevocation struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateRevocationSpec `json:"spec"` // +optional Status CertificateRevocationStatus `json:"status,omitempty"` }
CertificateRevocation is the certificate revocation custom resource. +kubebuilder:storageversion +kubebuilder:object:root=true +kubebuilder:resource:scope=Namespaced,path=certificaterevocations,shortName=certrevoke,singular=certificaterevocation +kubebuilder:subresource:status +kubebuilder:printcolumn:name=CERTIFICATE,description="Certificate to be revoked",JSONPath=".spec.certificateRef.name",type=string +kubebuilder:printcolumn:name=STATUS,JSONPath=".status.state",type=string,description="status of revocation" +kubebuilder:printcolumn:name=REVOKED_AT,JSONPath=".status.revocationApplied",priority=500,type=date,description="timestamp of complete revocation" +kubebuilder:printcolumn:name=RENEW,JSONPath=".spec.renew",type=boolean,description="if true certificate objects should be renewed before revoking old certificates certificate(s)" +kubebuilder:printcolumn:name=QUALIFIED_AT,JSONPath=".spec.qualifyingDate",type=date,description="qualifying all certificates valid before this timestamp" +kubebuilder:printcolumn:name=AGE,JSONPath=".metadata.creationTimestamp",type=date,description="object creation timestamp" +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*CertificateRevocation) DeepCopy ¶ added in v0.12.0
func (in *CertificateRevocation) DeepCopy() *CertificateRevocation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocation.
func (*CertificateRevocation) DeepCopyInto ¶ added in v0.12.0
func (in *CertificateRevocation) DeepCopyInto(out *CertificateRevocation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateRevocation) DeepCopyObject ¶ added in v0.12.0
func (in *CertificateRevocation) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateRevocationList ¶ added in v0.12.0
type CertificateRevocationList struct { metav1.TypeMeta `json:",inline"` // Standard list metadata // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` Items []CertificateRevocation `json:"items"` }
CertificateRevocationList is the list of Certificate revocation items. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*CertificateRevocationList) DeepCopy ¶ added in v0.12.0
func (in *CertificateRevocationList) DeepCopy() *CertificateRevocationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocationList.
func (*CertificateRevocationList) DeepCopyInto ¶ added in v0.12.0
func (in *CertificateRevocationList) DeepCopyInto(out *CertificateRevocationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateRevocationList) DeepCopyObject ¶ added in v0.12.0
func (in *CertificateRevocationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateRevocationSpec ¶ added in v0.12.0
type CertificateRevocationSpec struct { // CertificateRef is the references to the certificate to be revoked CertificateRef CertificateRef `json:"certificateRef,omitempty"` // Renew specifies if certificate objects should be renewed before revoking old certificates // +optional Renew *bool `json:"renew,omitempty"` // QualifyingDate specifies that any certificate with the same DNS names like the given 'certificateRef' should be revoked // if it is valid before this date. If not specified, it will be filled with the current time. // +optional QualifyingDate *metav1.Time `json:"qualifyingDate,omitempty"` }
CertificateRevocationSpec is the spec of the certificate revocation.
func (*CertificateRevocationSpec) DeepCopy ¶ added in v0.12.0
func (in *CertificateRevocationSpec) DeepCopy() *CertificateRevocationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocationSpec.
func (*CertificateRevocationSpec) DeepCopyInto ¶ added in v0.12.0
func (in *CertificateRevocationSpec) DeepCopyInto(out *CertificateRevocationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateRevocationStatus ¶ added in v0.12.0
type CertificateRevocationStatus struct { // ObservedGeneration is the observed generation of the spec. ObservedGeneration int64 `json:"observedGeneration,omitempty"` // State is the certificate state. State string `json:"state"` // Message is the status or error message. Message *string `json:"message,omitempty"` // ObjectStatuses contains the statuses of the involved certificate objects // +optional Objects *ObjectStatuses `json:"objects,omitempty"` // SecretStatuses contains the statuses of the involved certificate secrets // +optional Secrets *SecretStatuses `json:"secrets,omitempty"` // RevocationApplied is the timestamp when the revocation was completed // +optional RevocationApplied *metav1.Time `json:"revocationApplied,omitempty"` }
CertificateRevocationStatus is the status of the certificate request.
func (*CertificateRevocationStatus) DeepCopy ¶ added in v0.12.0
func (in *CertificateRevocationStatus) DeepCopy() *CertificateRevocationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocationStatus.
func (*CertificateRevocationStatus) DeepCopyInto ¶ added in v0.12.0
func (in *CertificateRevocationStatus) DeepCopyInto(out *CertificateRevocationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateSecretRef ¶ added in v0.12.0
type CertificateSecretRef struct { corev1.SecretReference `json:",inline"` // SerialNumber is the serial number of the certificate SerialNumber string `json:"serialNumber"` }
CertificateSecretRef is a reference to a secret together with the serial number
func (*CertificateSecretRef) DeepCopy ¶ added in v0.12.0
func (in *CertificateSecretRef) DeepCopy() *CertificateSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSecretRef.
func (*CertificateSecretRef) DeepCopyInto ¶ added in v0.12.0
func (in *CertificateSecretRef) DeepCopyInto(out *CertificateSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateSpec ¶
type CertificateSpec struct { // CommonName is the CN for the certificate (max. 64 chars). // +optional // +kubebuilder:validation:MaxLength=64 CommonName *string `json:"commonName,omitempty"` // DNSNames are the optional additional domain names of the certificate. // +optional DNSNames []string `json:"dnsNames,omitempty"` // CSR is the alternative way to provide CN,DNSNames and other information. // +optional CSR []byte `json:"csr,omitempty"` // IssuerRef is the reference of the issuer to use. // +optional IssuerRef *IssuerRef `json:"issuerRef,omitempty"` // SecretName is the name of the secret object to use for storing the certificate. // +optional SecretName *string `json:"secretName,omitempty"` // SecretRef is the reference of the secret object to use for storing the certificate. // +optional SecretRef *corev1.SecretReference `json:"secretRef,omitempty"` // SecretLabels are labels to add to the certificate secret. // +optional SecretLabels map[string]string `json:"secretLabels,omitempty"` // Renew triggers a renewal if set to true // +optional Renew *bool `json:"renew,omitempty"` // EnsureRenewedAfter specifies a time stamp in the past. Renewing is only triggered if certificate notBefore date is before this date. // +optional EnsureRenewedAfter *metav1.Time `json:"ensureRenewedAfter,omitempty"` // FollowCNAME if true delegated domain for DNS01 challenge is used if CNAME record for DNS01 challange domain `_acme-challenge.<domain>` is set. // +optional FollowCNAME *bool `json:"followCNAME,omitempty"` // Keystores configures additional keystore output formats stored in the `secretName`/`secretRef` Secret resource. // +optional Keystores *CertificateKeystores `json:"keystores,omitempty"` // PreferredChain allows to specify the preferred certificate chain: if the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. // +optional PreferredChain *string `json:"preferredChain,omitempty"` // Private key options. These include the key algorithm and size. // +optional PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"` }
CertificateSpec is the spec of the certificate to request.
func (*CertificateSpec) DeepCopy ¶
func (in *CertificateSpec) DeepCopy() *CertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (*CertificateSpec) DeepCopyInto ¶
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateStatus ¶
type CertificateStatus struct { // ObservedGeneration is the observed generation of the spec. ObservedGeneration int64 `json:"observedGeneration,omitempty"` // State is the certificate state. State string `json:"state"` // Message is the status or error message. // +optional Message *string `json:"message,omitempty"` // LastPendingTimestamp contains the start timestamp of the last pending status. // +optional LastPendingTimestamp *metav1.Time `json:"lastPendingTimestamp,omitempty"` // CommonName is the current CN. // +optional CommonName *string `json:"commonName,omitempty"` // DNSNames are the current domain names. // +optional DNSNames []string `json:"dnsNames,omitempty"` // IssuerRef is the used issuer. // +optional IssuerRef *QualifiedIssuerRef `json:"issuerRef,omitempty"` // ExpirationDate shows the notAfter validity date. // +optional ExpirationDate *string `json:"expirationDate,omitempty"` // BackOff contains the state to back off failed certificate requests // +optional BackOff *BackOffState `json:"backoff,omitempty"` // List of status conditions to indicate the status of certificates. // Known condition types are `Ready`. // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` }
CertificateStatus is the status of the certificate request.
func (*CertificateStatus) DeepCopy ¶
func (in *CertificateStatus) DeepCopy() *CertificateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.
func (*CertificateStatus) DeepCopyInto ¶
func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSSelection ¶ added in v0.12.0
type DNSSelection struct { // Include are domain names for which certificate requests are allowed (including any subdomains) //+ optional Include []string `json:"include,omitempty"` // Exclude are domain names for which certificate requests are forbidden (including any subdomains) // + optional Exclude []string `json:"exclude,omitempty"` }
DNSSelection is a restriction on the domains to be allowed or forbidden for certificate requests
func (*DNSSelection) DeepCopy ¶ added in v0.12.0
func (in *DNSSelection) DeepCopy() *DNSSelection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSelection.
func (*DNSSelection) DeepCopyInto ¶ added in v0.12.0
func (in *DNSSelection) DeepCopyInto(out *DNSSelection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Issuer ¶
type Issuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec IssuerSpec `json:"spec"` // +optional Status IssuerStatus `json:"status"` }
Issuer is the issuer CR. +kubebuilder:storageversion +kubebuilder:object:root=true +kubebuilder:resource:scope=Namespaced,path=issuers,singular=issuer +kubebuilder:subresource:status +kubebuilder:printcolumn:name=SERVER,description="ACME Server",JSONPath=".spec.acme.server",type=string +kubebuilder:printcolumn:name=EMAIL,description="ACME Registration email",JSONPath=".spec.acme.email",type=string +kubebuilder:printcolumn:name=STATUS,JSONPath=".status.state",type=string,description="Status of registration" +kubebuilder:printcolumn:name=TYPE,JSONPath=".status.type",type=string,description="Issuer type" +kubebuilder:printcolumn:name=AGE,JSONPath=".metadata.creationTimestamp",type=date,description="object creation timestamp" +kubebuilder:printcolumn:name=INCLUDED_DOMAINS,JSONPath=".spec.acme.domains.include",priority=2000,type=string,description="included domains" +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*Issuer) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (*Issuer) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Issuer) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IssuerList ¶
type IssuerList struct { metav1.TypeMeta `json:",inline"` // Standard list metadata // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` Items []Issuer `json:"items"` }
IssuerList is the list of Issuers +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*IssuerList) DeepCopy ¶
func (in *IssuerList) DeepCopy() *IssuerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList.
func (*IssuerList) DeepCopyInto ¶
func (in *IssuerList) DeepCopyInto(out *IssuerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IssuerList) DeepCopyObject ¶
func (in *IssuerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IssuerRef ¶
type IssuerRef struct { // Name is the name of the issuer (in the configured issuer namespace on default cluster or namespace on target cluster as given). Name string `json:"name"` // Namespace is the namespace of the issuer, only needed if issuer is defined on target cluster // +optional Namespace string `json:"namespace,omitempty"` }
IssuerRef is the reference of the issuer by name.
func (*IssuerRef) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerRef.
func (*IssuerRef) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IssuerSpec ¶
type IssuerSpec struct { // ACME is the ACME protocol specific spec. // +optional ACME *ACMESpec `json:"acme,omitempty"` // CA is the CA specific spec. // +optional CA *CASpec `json:"ca,omitempty"` // RequestsPerDayQuota is the maximum number of certificate requests per days allowed for this issuer // +optional RequestsPerDayQuota *int `json:"requestsPerDayQuota,omitempty"` }
IssuerSpec is the spec of the issuer.
func (*IssuerSpec) DeepCopy ¶
func (in *IssuerSpec) DeepCopy() *IssuerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec.
func (*IssuerSpec) DeepCopyInto ¶
func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IssuerStatus ¶
type IssuerStatus struct { // ObservedGeneration is the observed generation of the spec. ObservedGeneration int64 `json:"observedGeneration,omitempty"` // State is either empty, 'Pending', 'Error', or 'Ready'. State string `json:"state"` // Message is the status or error message. // +optional Message *string `json:"message,omitempty"` // Type is the issuer type. Currently only 'acme' and 'ca' are supported. // +optional Type *string `json:"type"` // ACME is the ACME specific status. // +kubebuilder:validation:XPreserveUnknownFields // +kubebuilder:pruning:PreserveUnknownFields // +optional ACME *runtime.RawExtension `json:"acme,omitempty"` // CA is the CA specific status. // +kubebuilder:validation:XPreserveUnknownFields // +kubebuilder:pruning:PreserveUnknownFields // +optional CA *runtime.RawExtension `json:"ca,omitempty"` // RequestsPerDayQuota is the actual maximum number of certificate requests per days allowed for this issuer // +optional RequestsPerDayQuota int `json:"requestsPerDayQuota,omitempty"` }
IssuerStatus is the status of the issuer.
func (*IssuerStatus) DeepCopy ¶
func (in *IssuerStatus) DeepCopy() *IssuerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus.
func (*IssuerStatus) DeepCopyInto ¶
func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JKSKeystore ¶ added in v0.12.0
type JKSKeystore struct { // Create enables JKS keystore creation for the Certificate. // If true, a file named `keystore.jks` will be created in the target // Secret resource, encrypted using the password stored in `passwordSecretRef`. // The keystore file will only be updated upon re-issuance. Create bool `json:"create"` // PasswordSecretRef is a reference to a key in a Secret resource // containing the password used to encrypt the JKS keystore. PasswordSecretRef SecretKeySelector `json:"passwordSecretRef"` }
JKSKeystore configures options for storing a JKS keystore in the `spec.secretName`/`spec.secretRef` Secret resource.
func (*JKSKeystore) DeepCopy ¶ added in v0.12.0
func (in *JKSKeystore) DeepCopy() *JKSKeystore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore.
func (*JKSKeystore) DeepCopyInto ¶ added in v0.12.0
func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectStatuses ¶ added in v0.12.0
type ObjectStatuses struct { // Processing is the list of certificate objects to be processed // +optional Processing []CertificateRef `json:"processing,omitempty"` // Renewed is the list of certificate objects successfully renewed // +optional Renewed []CertificateRef `json:"renewed,omitempty"` // Revoked is the list of certificate objects successfully revoked (without renewal) // +optional Revoked []CertificateRef `json:"revoked,omitempty"` // Failed is the list of certificate objects whose processing failed // +optional Failed []CertificateRef `json:"failed,omitempty"` }
ObjectStatuses contains the statuses of the involved certificate objects
func (*ObjectStatuses) DeepCopy ¶ added in v0.12.0
func (in *ObjectStatuses) DeepCopy() *ObjectStatuses
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectStatuses.
func (*ObjectStatuses) DeepCopyInto ¶ added in v0.12.0
func (in *ObjectStatuses) DeepCopyInto(out *ObjectStatuses)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PKCS12Keystore ¶ added in v0.12.0
type PKCS12Keystore struct { // Create enables PKCS12 keystore creation for the Certificate. // If true, a file named `keystore.p12` will be created in the target // Secret resource, encrypted using the password stored in `passwordSecretRef`. // The keystore file will only be updated upon re-issuance. Create bool `json:"create"` // PasswordSecretRef is a reference to a key in a Secret resource // containing the password used to encrypt the PKCS12 keystore. PasswordSecretRef SecretKeySelector `json:"passwordSecretRef"` }
PKCS12Keystore configures options for storing a PKCS12 keystore in the `spec.secretName`/`spec.secretRef` Secret resource.
func (*PKCS12Keystore) DeepCopy ¶ added in v0.12.0
func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore.
func (*PKCS12Keystore) DeepCopyInto ¶ added in v0.12.0
func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PrivateKeyAlgorithm ¶ added in v0.13.0
type PrivateKeyAlgorithm string
PrivateKeyAlgorithm is the type for the algorithm. +kubebuilder:validation:Enum=RSA;ECDSA
const ( // RSAKeyAlgorithm is the value to use the RSA algorithm for the private key. RSAKeyAlgorithm PrivateKeyAlgorithm = "RSA" // ECDSAKeyAlgorithm is the value to use the ECDSA algorithm for the private key. ECDSAKeyAlgorithm PrivateKeyAlgorithm = "ECDSA" )
type PrivateKeySize ¶ added in v0.13.0
type PrivateKeySize int32
PrivateKeySize is the size for the algorithm. +kubebuilder:validation:Enum=256;384;2048;3072;4096
type QualifiedIssuerRef ¶ added in v0.12.0
type QualifiedIssuerRef struct { // Cluster is the cluster name of the issuer ('default' or 'target'). // optional because of backwards compatibility // +optional Cluster string `json:"cluster,omitempty"` // Name is the name of the issuer. Name string `json:"name"` // Namespace is the namespace of the issuer. Namespace string `json:"namespace"` }
QualifiedIssuerRef is the full qualified issuer reference.
func (*QualifiedIssuerRef) DeepCopy ¶ added in v0.12.0
func (in *QualifiedIssuerRef) DeepCopy() *QualifiedIssuerRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QualifiedIssuerRef.
func (*QualifiedIssuerRef) DeepCopyInto ¶ added in v0.12.0
func (in *QualifiedIssuerRef) DeepCopyInto(out *QualifiedIssuerRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (QualifiedIssuerRef) IsDefaultCluster ¶ added in v0.12.0
func (r QualifiedIssuerRef) IsDefaultCluster() bool
IsDefaultCluster returns true if the reference is on the default cluster.
type SecretKeySelector ¶ added in v0.12.0
type SecretKeySelector struct { // SecretName of the secret resource being referred to in the same namespace. SecretName string `json:"secretName"` // Key of the entry in the Secret resource's `data` field to be used. Key string `json:"key,omitempty"` }
SecretKeySelector is a reference to a key in a Secret resource in the same namespace.
func (*SecretKeySelector) DeepCopy ¶ added in v0.12.0
func (in *SecretKeySelector) DeepCopy() *SecretKeySelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.
func (*SecretKeySelector) DeepCopyInto ¶ added in v0.12.0
func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStatuses ¶ added in v0.12.0
type SecretStatuses struct { // Processing is the list of certificate secrets to be processed // +optional Processing []CertificateSecretRef `json:"processing,omitempty"` // Revoked is the list of certificate secrets successfully revoked // +optional Revoked []CertificateSecretRef `json:"revoked,omitempty"` // Failed is the list of certificate secrets whose revocation failed // +optional Failed []CertificateSecretRef `json:"failed,omitempty"` }
SecretStatuses contains the statuses of the involved certificate secrets
func (*SecretStatuses) DeepCopy ¶ added in v0.12.0
func (in *SecretStatuses) DeepCopy() *SecretStatuses
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStatuses.
func (*SecretStatuses) DeepCopyInto ¶ added in v0.12.0
func (in *SecretStatuses) DeepCopyInto(out *SecretStatuses)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.