v1alpha1

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2024 License: Apache-2.0 Imports: 5 Imported by: 8

Documentation

Overview

Package v1alpha1 is the v1alpha1 version of the API. +groupName=cert.gardener.cloud

Index

Constants

View Source
const (
	// Version is the version of the API.
	Version = "v1alpha1"
	// GroupName is the group name of the API.
	GroupName = cert.GroupName

	// IssuerKind is the issuer kind.
	IssuerKind = "Issuer"

	// CertificateKind is the certificate kind.
	CertificateKind = "Certificate"

	// CertificateRevocationKind is the certificate revocation kind.
	CertificateRevocationKind = "CertificateRevocation"
)
View Source
const (
	// StatePending is the pending state.
	StatePending = "Pending"
	// StateError is the error state.
	StateError = "Error"
	// StateReady is the ready state.
	StateReady = "Ready"
	// StateRevoked is the revoked state.
	StateRevoked = "Revoked"
	// StateRevocationApplied is the applied state.
	StateRevocationApplied = "Applied"
	// StateRevocationPartialApplied is the partial applied state (partial success).
	StateRevocationPartialApplied = "PartialApplied"
)
View Source
const (
	// CertificateConditionReady indicates that a certificate is ready for use.
	// This is defined as:
	// - The target secret exists
	// - The target secret contains a certificate that has not expired
	// - The target secret contains a private key valid for the certificate
	// - The commonName and dnsNames attributes match those specified on the Certificate
	CertificateConditionReady string = "Ready"
)

Variables

View Source
var (
	// SchemeBuilder is a new Scheme Builder which registers our API.
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme is a reference to the Scheme Builder's AddToScheme function.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: cert.GroupName, Version: Version}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resources and returns a Group qualified GroupResource

Types

type ACMEExternalAccountBinding added in v0.12.0

type ACMEExternalAccountBinding struct {
	// keyID is the ID of the CA key that the External Account is bound to.
	KeyID string `json:"keyID"`

	// keySecretRef is the secret ref to the
	// Secret which holds the symmetric MAC key of the External Account Binding with data key 'hmacKey'.
	// The secret key stored in the Secret **must** be un-padded, base64 URL
	// encoded data.
	KeySecretRef *corev1.SecretReference `json:"keySecretRef"`
}

ACMEExternalAccountBinding is a reference to a CA external account of the ACME server.

func (*ACMEExternalAccountBinding) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding.

func (*ACMEExternalAccountBinding) DeepCopyInto added in v0.12.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ACMESpec

type ACMESpec struct {
	// Server is the URL of the ACME server.
	Server string `json:"server"`
	// Email is the email address to use for user registration.
	Email string `json:"email"`

	// AutoRegistration is the flag if automatic registration should be applied if needed.
	// +optional
	AutoRegistration bool `json:"autoRegistration,omitempty"`

	// PrivateKeySecretRef is the secret ref to the ACME private key.
	// +optional
	PrivateKeySecretRef *corev1.SecretReference `json:"privateKeySecretRef,omitempty"`

	// ACMEExternalAccountBinding is a reference to a CA external account of the ACME server.
	// +optional
	ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"`

	// SkipDNSChallengeValidation marks that this issuer does not validate DNS challenges.
	// In this case no DNS entries/records are created for a DNS Challenge and DNS propagation
	// is not checked.
	// +optional
	SkipDNSChallengeValidation *bool `json:"skipDNSChallengeValidation,omitempty"`

	// Domains optionally specifies domains allowed or forbidden for certificate requests
	// +optional
	Domains *DNSSelection `json:"domains,omitempty"`

	// PrecheckNameservers overwrites the default precheck nameservers used for checking DNS propagation.
	// Format `host` or `host:port`, e.g. "8.8.8.8" same as "8.8.8.8:53" or "google-public-dns-a.google.com:53".
	// +optional
	PrecheckNameservers []string `json:"precheckNameservers,omitempty"`
}

ACMESpec is the ACME specific part of the spec.

func (*ACMESpec) DeepCopy

func (in *ACMESpec) DeepCopy() *ACMESpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMESpec.

func (*ACMESpec) DeepCopyInto

func (in *ACMESpec) DeepCopyInto(out *ACMESpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackOffState added in v0.2.16

type BackOffState struct {
	// ObservedGeneration is the observed generation the BackOffState is assigned to
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// RetryAfter is the timestamp this cert request is not retried before.
	RetryAfter metav1.Time `json:"recheckAfter"`
	// RetryInterval is interval to wait for retrying.
	RetryInterval metav1.Duration `json:"recheckInterval"`
}

BackOffState stores the status for exponential back off on repeated cert request failure

func (*BackOffState) DeepCopy added in v0.2.16

func (in *BackOffState) DeepCopy() *BackOffState

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackOffState.

func (*BackOffState) DeepCopyInto added in v0.2.16

func (in *BackOffState) DeepCopyInto(out *BackOffState)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CASpec added in v0.12.0

type CASpec struct {
	// PrivateKeySecretRef is the secret ref to the CA secret.
	// +optional
	PrivateKeySecretRef *corev1.SecretReference `json:"privateKeySecretRef,omitempty"`
}

CASpec is the CA specific part of the spec.

func (*CASpec) DeepCopy added in v0.12.0

func (in *CASpec) DeepCopy() *CASpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CASpec.

func (*CASpec) DeepCopyInto added in v0.12.0

func (in *CASpec) DeepCopyInto(out *CASpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Certificate

type Certificate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateSpec `json:"spec"`
	// +optional
	Status CertificateStatus `json:"status,omitempty"`
}

Certificate is the certificate CR. +kubebuilder:storageversion +kubebuilder:object:root=true +kubebuilder:resource:scope=Namespaced,path=certificates,shortName=cert,singular=certificate +kubebuilder:subresource:status +kubebuilder:printcolumn:name=COMMON NAME,description="Subject domain name of certificate",JSONPath=".status.commonName",type=string +kubebuilder:printcolumn:name=ISSUER,description="Issuer name",JSONPath=".status.issuerRef.name",type=string +kubebuilder:printcolumn:name=STATUS,JSONPath=".status.state",type=string,description="Status of registration" +kubebuilder:printcolumn:name=EXPIRATION_DATE,JSONPath=".status.expirationDate",priority=500,type=string,description="Expiration date (not valid anymore after this date)" +kubebuilder:printcolumn:name=DNS_NAMES,JSONPath=".status.dnsNames",priority=2000,type=string,description="Domains names in subject alternative names" +kubebuilder:printcolumn:name=AGE,JSONPath=".metadata.creationTimestamp",type=date,description="object creation timestamp" +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*Certificate) DeepCopy

func (in *Certificate) DeepCopy() *Certificate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.

func (*Certificate) DeepCopyInto

func (in *Certificate) DeepCopyInto(out *Certificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Certificate) DeepCopyObject

func (in *Certificate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateKeystores added in v0.12.0

type CertificateKeystores struct {
	// JKS configures options for storing a JKS keystore in the `spec.secretName`/`spec.secretRef` Secret resource.
	// +optional
	JKS *JKSKeystore `json:"jks,omitempty"`

	// PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName`/`spec.secretRef` Secret resource.
	// +optional
	PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"`
}

CertificateKeystores configures additional keystore output formats to be created in the Certificate's output Secret.

func (*CertificateKeystores) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores.

func (*CertificateKeystores) DeepCopyInto added in v0.12.0

func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateList

type CertificateList struct {
	metav1.TypeMeta `json:",inline"`
	// Standard list metadata
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Certificate `json:"items"`
}

CertificateList is the list of Certificate items. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*CertificateList) DeepCopy

func (in *CertificateList) DeepCopy() *CertificateList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.

func (*CertificateList) DeepCopyInto

func (in *CertificateList) DeepCopyInto(out *CertificateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateList) DeepCopyObject

func (in *CertificateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificatePrivateKey added in v0.13.0

type CertificatePrivateKey struct {
	// Algorithm is the private key algorithm of the corresponding private key
	// for this certificate.
	//
	// If provided, allowed values are either `RSA` or `ECDSA`.
	// If `algorithm` is specified and `size` is not provided,
	// deployment specific default values will be used.
	// +optional
	Algorithm *PrivateKeyAlgorithm `json:"algorithm,omitempty"`

	// Size is the key bit size of the corresponding private key for this certificate.
	//
	// If `algorithm` is set to `RSA`, valid values are `2048`, `3072` or `4096`,
	// and will default to a deployment specific value if not specified.
	// If `algorithm` is set to `ECDSA`, valid values are `256` or `384`,
	// and will default to a deployment specific value if not specified.
	// No other values are allowed.
	// +optional
	Size *PrivateKeySize `json:"size,omitempty"`
}

CertificatePrivateKey contains configuration options for private keys used by the Certificate controller. These include the key algorithm and size.

func (*CertificatePrivateKey) DeepCopy added in v0.13.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey.

func (*CertificatePrivateKey) DeepCopyInto added in v0.13.0

func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateRef added in v0.12.0

type CertificateRef struct {
	// Name is the name of the certificate in the same namespace.
	Name string `json:"name"`
	// Namespace is the namespace of the certificate CR.
	Namespace string `json:"namespace"`
}

CertificateRef is the reference of the issuer by name.

func (*CertificateRef) DeepCopy added in v0.12.0

func (in *CertificateRef) DeepCopy() *CertificateRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRef.

func (*CertificateRef) DeepCopyInto added in v0.12.0

func (in *CertificateRef) DeepCopyInto(out *CertificateRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateRevocation added in v0.12.0

type CertificateRevocation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateRevocationSpec `json:"spec"`
	// +optional
	Status CertificateRevocationStatus `json:"status,omitempty"`
}

CertificateRevocation is the certificate revocation custom resource. +kubebuilder:storageversion +kubebuilder:object:root=true +kubebuilder:resource:scope=Namespaced,path=certificaterevocations,shortName=certrevoke,singular=certificaterevocation +kubebuilder:subresource:status +kubebuilder:printcolumn:name=CERTIFICATE,description="Certificate to be revoked",JSONPath=".spec.certificateRef.name",type=string +kubebuilder:printcolumn:name=STATUS,JSONPath=".status.state",type=string,description="status of revocation" +kubebuilder:printcolumn:name=REVOKED_AT,JSONPath=".status.revocationApplied",priority=500,type=date,description="timestamp of complete revocation" +kubebuilder:printcolumn:name=RENEW,JSONPath=".spec.renew",type=boolean,description="if true certificate objects should be renewed before revoking old certificates certificate(s)" +kubebuilder:printcolumn:name=QUALIFIED_AT,JSONPath=".spec.qualifyingDate",type=date,description="qualifying all certificates valid before this timestamp" +kubebuilder:printcolumn:name=AGE,JSONPath=".metadata.creationTimestamp",type=date,description="object creation timestamp" +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*CertificateRevocation) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocation.

func (*CertificateRevocation) DeepCopyInto added in v0.12.0

func (in *CertificateRevocation) DeepCopyInto(out *CertificateRevocation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateRevocation) DeepCopyObject added in v0.12.0

func (in *CertificateRevocation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateRevocationList added in v0.12.0

type CertificateRevocationList struct {
	metav1.TypeMeta `json:",inline"`
	// Standard list metadata
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CertificateRevocation `json:"items"`
}

CertificateRevocationList is the list of Certificate revocation items. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*CertificateRevocationList) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocationList.

func (*CertificateRevocationList) DeepCopyInto added in v0.12.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateRevocationList) DeepCopyObject added in v0.12.0

func (in *CertificateRevocationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateRevocationSpec added in v0.12.0

type CertificateRevocationSpec struct {
	// CertificateRef is the references to the certificate to be revoked
	CertificateRef CertificateRef `json:"certificateRef,omitempty"`
	// Renew specifies if certificate objects should be renewed before revoking old certificates
	// +optional
	Renew *bool `json:"renew,omitempty"`
	// QualifyingDate specifies that any certificate with the same DNS names like the given 'certificateRef' should be revoked
	// if it is valid before this date. If not specified, it will be filled with the current time.
	// +optional
	QualifyingDate *metav1.Time `json:"qualifyingDate,omitempty"`
}

CertificateRevocationSpec is the spec of the certificate revocation.

func (*CertificateRevocationSpec) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocationSpec.

func (*CertificateRevocationSpec) DeepCopyInto added in v0.12.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateRevocationStatus added in v0.12.0

type CertificateRevocationStatus struct {
	// ObservedGeneration is the observed generation of the spec.
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// State is the certificate state.
	State string `json:"state"`
	// Message is the status or error message.
	Message *string `json:"message,omitempty"`
	// ObjectStatuses contains the statuses of the involved certificate objects
	// +optional
	Objects *ObjectStatuses `json:"objects,omitempty"`
	// SecretStatuses contains the statuses of the involved certificate secrets
	// +optional
	Secrets *SecretStatuses `json:"secrets,omitempty"`
	// RevocationApplied is the timestamp when the revocation was completed
	// +optional
	RevocationApplied *metav1.Time `json:"revocationApplied,omitempty"`
}

CertificateRevocationStatus is the status of the certificate request.

func (*CertificateRevocationStatus) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRevocationStatus.

func (*CertificateRevocationStatus) DeepCopyInto added in v0.12.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateSecretRef added in v0.12.0

type CertificateSecretRef struct {
	corev1.SecretReference `json:",inline"`
	// SerialNumber is the serial number of the certificate
	SerialNumber string `json:"serialNumber"`
}

CertificateSecretRef is a reference to a secret together with the serial number

func (*CertificateSecretRef) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSecretRef.

func (*CertificateSecretRef) DeepCopyInto added in v0.12.0

func (in *CertificateSecretRef) DeepCopyInto(out *CertificateSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateSpec

type CertificateSpec struct {
	// CommonName is the CN for the certificate (max. 64 chars).
	// +optional
	// +kubebuilder:validation:MaxLength=64
	CommonName *string `json:"commonName,omitempty"`
	// DNSNames are the optional additional domain names of the certificate.
	// +optional
	DNSNames []string `json:"dnsNames,omitempty"`
	// CSR is the alternative way to provide CN,DNSNames and other information.
	// +optional
	CSR []byte `json:"csr,omitempty"`
	// IssuerRef is the reference of the issuer to use.
	// +optional
	IssuerRef *IssuerRef `json:"issuerRef,omitempty"`
	// SecretName is the name of the secret object to use for storing the certificate.
	// +optional
	SecretName *string `json:"secretName,omitempty"`
	// SecretRef is the reference of the secret object to use for storing the certificate.
	// +optional
	SecretRef *corev1.SecretReference `json:"secretRef,omitempty"`
	// SecretLabels are labels to add to the certificate secret.
	// +optional
	SecretLabels map[string]string `json:"secretLabels,omitempty"`
	// Renew triggers a renewal if set to true
	// +optional
	Renew *bool `json:"renew,omitempty"`
	// EnsureRenewedAfter specifies a time stamp in the past. Renewing is only triggered if certificate notBefore date is before this date.
	// +optional
	EnsureRenewedAfter *metav1.Time `json:"ensureRenewedAfter,omitempty"`
	// FollowCNAME if true delegated domain for DNS01 challenge is used if CNAME record for DNS01 challange domain `_acme-challenge.<domain>` is set.
	// +optional
	FollowCNAME *bool `json:"followCNAME,omitempty"`
	// Keystores configures additional keystore output formats stored in the `secretName`/`secretRef` Secret resource.
	// +optional
	Keystores *CertificateKeystores `json:"keystores,omitempty"`
	// PreferredChain allows to specify the preferred certificate chain: if the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.
	// +optional
	PreferredChain *string `json:"preferredChain,omitempty"`
	// Private key options. These include the key algorithm and size.
	// +optional
	PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"`
	// IsCA value is used to set the `isCA` field on the certificate request.
	// Note that the issuer may choose to ignore the requested isCA value, just
	// like any other requested attribute.
	// +optional
	IsCA *bool `json:"isCA,omitempty"`
	// Requested 'duration' (i.e. lifetime) of the Certificate. Note that the
	// ACME issuer may choose to ignore the requested duration, just like any other
	// requested attribute.
	// If unset, this defaults to 90 days (2160h).
	// Must be greater than twice of the renewal window
	// Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.
	// +optional
	Duration *metav1.Duration `json:"duration,omitempty"`
}

CertificateSpec is the spec of the certificate to request.

func (*CertificateSpec) DeepCopy

func (in *CertificateSpec) DeepCopy() *CertificateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.

func (*CertificateSpec) DeepCopyInto

func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateStatus

type CertificateStatus struct {
	// ObservedGeneration is the observed generation of the spec.
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// State is the certificate state.
	State string `json:"state"`
	// Message is the status or error message.
	// +optional
	Message *string `json:"message,omitempty"`
	// LastPendingTimestamp contains the start timestamp of the last pending status.
	// +optional
	LastPendingTimestamp *metav1.Time `json:"lastPendingTimestamp,omitempty"`
	// CommonName is the current CN.
	// +optional
	CommonName *string `json:"commonName,omitempty"`
	// DNSNames are the current domain names.
	// +optional
	DNSNames []string `json:"dnsNames,omitempty"`
	// IssuerRef is the used issuer.
	// +optional
	IssuerRef *QualifiedIssuerRef `json:"issuerRef,omitempty"`
	// ExpirationDate shows the notAfter validity date.
	// +optional
	ExpirationDate *string `json:"expirationDate,omitempty"`
	// BackOff contains the state to back off failed certificate requests
	// +optional
	BackOff *BackOffState `json:"backoff,omitempty"`
	// List of status conditions to indicate the status of certificates.
	// Known condition types are `Ready`.
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`
}

CertificateStatus is the status of the certificate request.

func (*CertificateStatus) DeepCopy

func (in *CertificateStatus) DeepCopy() *CertificateStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.

func (*CertificateStatus) DeepCopyInto

func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSSelection added in v0.12.0

type DNSSelection struct {
	// Include are domain names for which certificate requests are allowed (including any subdomains)
	//+ optional
	Include []string `json:"include,omitempty"`
	// Exclude are domain names for which certificate requests are forbidden (including any subdomains)
	// + optional
	Exclude []string `json:"exclude,omitempty"`
}

DNSSelection is a restriction on the domains to be allowed or forbidden for certificate requests

func (*DNSSelection) DeepCopy added in v0.12.0

func (in *DNSSelection) DeepCopy() *DNSSelection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSelection.

func (*DNSSelection) DeepCopyInto added in v0.12.0

func (in *DNSSelection) DeepCopyInto(out *DNSSelection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Issuer

type Issuer struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              IssuerSpec `json:"spec"`
	// +optional
	Status IssuerStatus `json:"status"`
}

Issuer is the issuer CR. +kubebuilder:storageversion +kubebuilder:object:root=true +kubebuilder:resource:scope=Namespaced,path=issuers,singular=issuer +kubebuilder:subresource:status +kubebuilder:printcolumn:name=SERVER,description="ACME Server",JSONPath=".spec.acme.server",type=string +kubebuilder:printcolumn:name=EMAIL,description="ACME Registration email",JSONPath=".spec.acme.email",type=string +kubebuilder:printcolumn:name=STATUS,JSONPath=".status.state",type=string,description="Status of registration" +kubebuilder:printcolumn:name=TYPE,JSONPath=".status.type",type=string,description="Issuer type" +kubebuilder:printcolumn:name=AGE,JSONPath=".metadata.creationTimestamp",type=date,description="object creation timestamp" +kubebuilder:printcolumn:name=INCLUDED_DOMAINS,JSONPath=".spec.acme.domains.include",priority=2000,type=string,description="included domains" +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*Issuer) DeepCopy

func (in *Issuer) DeepCopy() *Issuer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.

func (*Issuer) DeepCopyInto

func (in *Issuer) DeepCopyInto(out *Issuer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Issuer) DeepCopyObject

func (in *Issuer) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type IssuerList

type IssuerList struct {
	metav1.TypeMeta `json:",inline"`
	// Standard list metadata
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Issuer `json:"items"`
}

IssuerList is the list of Issuers +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*IssuerList) DeepCopy

func (in *IssuerList) DeepCopy() *IssuerList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList.

func (*IssuerList) DeepCopyInto

func (in *IssuerList) DeepCopyInto(out *IssuerList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IssuerList) DeepCopyObject

func (in *IssuerList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type IssuerRef

type IssuerRef struct {
	// Name is the name of the issuer (in the configured issuer namespace on default cluster or namespace on target cluster as given).
	Name string `json:"name"`
	// Namespace is the namespace of the issuer, only needed if issuer is defined on target cluster
	// +optional
	Namespace string `json:"namespace,omitempty"`
}

IssuerRef is the reference of the issuer by name.

func (*IssuerRef) DeepCopy

func (in *IssuerRef) DeepCopy() *IssuerRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerRef.

func (*IssuerRef) DeepCopyInto

func (in *IssuerRef) DeepCopyInto(out *IssuerRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IssuerSpec

type IssuerSpec struct {
	// ACME is the ACME protocol specific spec.
	// +optional
	ACME *ACMESpec `json:"acme,omitempty"`
	// CA is the CA specific spec.
	// +optional
	CA *CASpec `json:"ca,omitempty"`
	// SelfSigned is the self signed specific spec.
	// +optional
	SelfSigned *SelfSignedSpec `json:"selfSigned,omitempty"`
	// RequestsPerDayQuota is the maximum number of certificate requests per days allowed for this issuer
	// +optional
	RequestsPerDayQuota *int `json:"requestsPerDayQuota,omitempty"`
}

IssuerSpec is the spec of the issuer.

func (*IssuerSpec) DeepCopy

func (in *IssuerSpec) DeepCopy() *IssuerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec.

func (*IssuerSpec) DeepCopyInto

func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IssuerStatus

type IssuerStatus struct {
	// ObservedGeneration is the observed generation of the spec.
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// State is either empty, 'Pending', 'Error', or 'Ready'.
	State string `json:"state"`
	// Message is the status or error message.
	// +optional
	Message *string `json:"message,omitempty"`
	// Type is the issuer type. Currently only 'acme', 'ca' and 'selfSigned' are supported.
	// +optional
	Type *string `json:"type"`
	// ACME is the ACME specific status.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +kubebuilder:pruning:PreserveUnknownFields
	// +optional
	ACME *runtime.RawExtension `json:"acme,omitempty"`
	// CA is the CA specific status.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +kubebuilder:pruning:PreserveUnknownFields
	// +optional
	CA *runtime.RawExtension `json:"ca,omitempty"`
	// RequestsPerDayQuota is the actual maximum number of certificate requests per days allowed for this issuer
	// +optional
	RequestsPerDayQuota int `json:"requestsPerDayQuota,omitempty"`
}

IssuerStatus is the status of the issuer.

func (*IssuerStatus) DeepCopy

func (in *IssuerStatus) DeepCopy() *IssuerStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus.

func (*IssuerStatus) DeepCopyInto

func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JKSKeystore added in v0.12.0

type JKSKeystore struct {
	// Create enables JKS keystore creation for the Certificate.
	// If true, a file named `keystore.jks` will be created in the target
	// Secret resource, encrypted using the password stored in `passwordSecretRef`.
	// The keystore file will only be updated upon re-issuance.
	Create bool `json:"create"`

	// PasswordSecretRef is a reference to a key in a Secret resource
	// containing the password used to encrypt the JKS keystore.
	PasswordSecretRef SecretKeySelector `json:"passwordSecretRef"`
}

JKSKeystore configures options for storing a JKS keystore in the `spec.secretName`/`spec.secretRef` Secret resource.

func (*JKSKeystore) DeepCopy added in v0.12.0

func (in *JKSKeystore) DeepCopy() *JKSKeystore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore.

func (*JKSKeystore) DeepCopyInto added in v0.12.0

func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ObjectStatuses added in v0.12.0

type ObjectStatuses struct {
	// Processing is the list of certificate objects to be processed
	// +optional
	Processing []CertificateRef `json:"processing,omitempty"`
	// Renewed is the list of certificate objects successfully renewed
	// +optional
	Renewed []CertificateRef `json:"renewed,omitempty"`
	// Revoked is the list of certificate objects successfully revoked (without renewal)
	// +optional
	Revoked []CertificateRef `json:"revoked,omitempty"`
	// Failed is the list of certificate objects whose processing failed
	// +optional
	Failed []CertificateRef `json:"failed,omitempty"`
}

ObjectStatuses contains the statuses of the involved certificate objects

func (*ObjectStatuses) DeepCopy added in v0.12.0

func (in *ObjectStatuses) DeepCopy() *ObjectStatuses

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectStatuses.

func (*ObjectStatuses) DeepCopyInto added in v0.12.0

func (in *ObjectStatuses) DeepCopyInto(out *ObjectStatuses)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKCS12Keystore added in v0.12.0

type PKCS12Keystore struct {
	// Create enables PKCS12 keystore creation for the Certificate.
	// If true, a file named `keystore.p12` will be created in the target
	// Secret resource, encrypted using the password stored in `passwordSecretRef`.
	// The keystore file will only be updated upon re-issuance.
	Create bool `json:"create"`

	// PasswordSecretRef is a reference to a key in a Secret resource
	// containing the password used to encrypt the PKCS12 keystore.
	PasswordSecretRef SecretKeySelector `json:"passwordSecretRef"`
}

PKCS12Keystore configures options for storing a PKCS12 keystore in the `spec.secretName`/`spec.secretRef` Secret resource.

func (*PKCS12Keystore) DeepCopy added in v0.12.0

func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore.

func (*PKCS12Keystore) DeepCopyInto added in v0.12.0

func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PrivateKeyAlgorithm added in v0.13.0

type PrivateKeyAlgorithm string

PrivateKeyAlgorithm is the type for the algorithm. +kubebuilder:validation:Enum=RSA;ECDSA

const (
	// RSAKeyAlgorithm is the value to use the RSA algorithm for the private key.
	RSAKeyAlgorithm PrivateKeyAlgorithm = "RSA"

	// ECDSAKeyAlgorithm is the value to use the ECDSA algorithm for the private key.
	ECDSAKeyAlgorithm PrivateKeyAlgorithm = "ECDSA"
)

type PrivateKeySize added in v0.13.0

type PrivateKeySize int32

PrivateKeySize is the size for the algorithm. +kubebuilder:validation:Enum=256;384;2048;3072;4096

type QualifiedIssuerRef added in v0.12.0

type QualifiedIssuerRef struct {
	// Cluster is the cluster name of the issuer ('default' or 'target').
	// optional because of backwards compatibility
	// +optional
	Cluster string `json:"cluster,omitempty"`
	// Name is the name of the issuer.
	Name string `json:"name"`
	// Namespace is the namespace of the issuer.
	Namespace string `json:"namespace"`
}

QualifiedIssuerRef is the full qualified issuer reference.

func (*QualifiedIssuerRef) DeepCopy added in v0.12.0

func (in *QualifiedIssuerRef) DeepCopy() *QualifiedIssuerRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QualifiedIssuerRef.

func (*QualifiedIssuerRef) DeepCopyInto added in v0.12.0

func (in *QualifiedIssuerRef) DeepCopyInto(out *QualifiedIssuerRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (QualifiedIssuerRef) IsDefaultCluster added in v0.12.0

func (r QualifiedIssuerRef) IsDefaultCluster() bool

IsDefaultCluster returns true if the reference is on the default cluster.

type SecretKeySelector added in v0.12.0

type SecretKeySelector struct {
	// SecretName of the secret resource being referred to in the same namespace.
	SecretName string `json:"secretName"`

	// Key of the entry in the Secret resource's `data` field to be used.
	Key string `json:"key,omitempty"`
}

SecretKeySelector is a reference to a key in a Secret resource in the same namespace.

func (*SecretKeySelector) DeepCopy added in v0.12.0

func (in *SecretKeySelector) DeepCopy() *SecretKeySelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.

func (*SecretKeySelector) DeepCopyInto added in v0.12.0

func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStatuses added in v0.12.0

type SecretStatuses struct {
	// Processing is the list of certificate secrets to be processed
	// +optional
	Processing []CertificateSecretRef `json:"processing,omitempty"`
	// Revoked is the list of certificate secrets successfully revoked
	// +optional
	Revoked []CertificateSecretRef `json:"revoked,omitempty"`
	// Failed is the list of certificate secrets whose revocation failed
	// +optional
	Failed []CertificateSecretRef `json:"failed,omitempty"`
}

SecretStatuses contains the statuses of the involved certificate secrets

func (*SecretStatuses) DeepCopy added in v0.12.0

func (in *SecretStatuses) DeepCopy() *SecretStatuses

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStatuses.

func (*SecretStatuses) DeepCopyInto added in v0.12.0

func (in *SecretStatuses) DeepCopyInto(out *SecretStatuses)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SelfSignedSpec added in v0.17.0

type SelfSignedSpec struct {
}

SelfSignedSpec is the self signed specific spec.

func (*SelfSignedSpec) DeepCopy added in v0.17.0

func (in *SelfSignedSpec) DeepCopy() *SelfSignedSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedSpec.

func (*SelfSignedSpec) DeepCopyInto added in v0.17.0

func (in *SelfSignedSpec) DeepCopyInto(out *SelfSignedSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL