v1alpha1

package
v1.30.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 21, 2023 License: Apache-2.0, MIT Imports: 6 Imported by: 0

Documentation

Overview

Package v1alpha1 contains the Certificate Shoot Service extension. +groupName=service.cert.extensions.gardener.cloud

Index

Constants

View Source
const CertManagementChartNameSeed = "shoot-cert-management-seed"

CertManagementChartNameSeed is the name of the chart for Cert-Management in the seed.

View Source
const CertManagementChartNameShoot = "shoot-cert-management-shoot"

CertManagementChartNameShoot is the name of the chart for Cert-Management in the shoot.

View Source
const CertManagementImageName = "cert-management"

CertManagementImageName is the name of the Cert-Management image in the image vector.

View Source
const CertManagementResourceNameSeed = "extension-shoot-cert-service-seed"

CertManagementResourceNameSeed is the name for Cert-Management resources in the seed.

View Source
const CertManagementResourceNameShoot = "extension-shoot-cert-service-shoot"

CertManagementResourceNameShoot is the name for Cert-Management resources in the shoot.

View Source
const GroupName = "service.cert.extensions.gardener.cloud"

GroupName is the group name use in this package

View Source
const ShootAccessSecretName = "extension-shoot-cert-service"

ShootAccessSecretName is the name of the shoot access secret in the seed.

View Source
const ShootAccessServiceAccountName = ShootAccessSecretName

ShootAccessServiceAccountName is the name of the service account used for accessing the shoot.

Variables

View Source
var (

	// AddToScheme is a pointer to SchemeBuilder.AddToScheme.
	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects

Functions

func Convert_service_ACMEExternalAccountBinding_To_v1alpha1_ACMEExternalAccountBinding added in v1.11.0

func Convert_service_ACMEExternalAccountBinding_To_v1alpha1_ACMEExternalAccountBinding(in *service.ACMEExternalAccountBinding, out *ACMEExternalAccountBinding, s conversion.Scope) error

Convert_service_ACMEExternalAccountBinding_To_v1alpha1_ACMEExternalAccountBinding is an autogenerated conversion function.

func Convert_service_CertConfig_To_v1alpha1_CertConfig

func Convert_service_CertConfig_To_v1alpha1_CertConfig(in *service.CertConfig, out *CertConfig, s conversion.Scope) error

Convert_service_CertConfig_To_v1alpha1_CertConfig is an autogenerated conversion function.

func Convert_service_DNSChallengeOnShoot_To_v1alpha1_DNSChallengeOnShoot added in v1.6.0

func Convert_service_DNSChallengeOnShoot_To_v1alpha1_DNSChallengeOnShoot(in *service.DNSChallengeOnShoot, out *DNSChallengeOnShoot, s conversion.Scope) error

Convert_service_DNSChallengeOnShoot_To_v1alpha1_DNSChallengeOnShoot is an autogenerated conversion function.

func Convert_service_DNSSelection_To_v1alpha1_DNSSelection added in v1.11.0

func Convert_service_DNSSelection_To_v1alpha1_DNSSelection(in *service.DNSSelection, out *DNSSelection, s conversion.Scope) error

Convert_service_DNSSelection_To_v1alpha1_DNSSelection is an autogenerated conversion function.

func Convert_service_IssuerConfig_To_v1alpha1_IssuerConfig

func Convert_service_IssuerConfig_To_v1alpha1_IssuerConfig(in *service.IssuerConfig, out *IssuerConfig, s conversion.Scope) error

Convert_service_IssuerConfig_To_v1alpha1_IssuerConfig is an autogenerated conversion function.

func Convert_service_ShootIssuers_To_v1alpha1_ShootIssuers added in v1.14.0

func Convert_service_ShootIssuers_To_v1alpha1_ShootIssuers(in *service.ShootIssuers, out *ShootIssuers, s conversion.Scope) error

Convert_service_ShootIssuers_To_v1alpha1_ShootIssuers is an autogenerated conversion function.

func Convert_v1alpha1_ACMEExternalAccountBinding_To_service_ACMEExternalAccountBinding added in v1.11.0

func Convert_v1alpha1_ACMEExternalAccountBinding_To_service_ACMEExternalAccountBinding(in *ACMEExternalAccountBinding, out *service.ACMEExternalAccountBinding, s conversion.Scope) error

Convert_v1alpha1_ACMEExternalAccountBinding_To_service_ACMEExternalAccountBinding is an autogenerated conversion function.

func Convert_v1alpha1_CertConfig_To_service_CertConfig

func Convert_v1alpha1_CertConfig_To_service_CertConfig(in *CertConfig, out *service.CertConfig, s conversion.Scope) error

Convert_v1alpha1_CertConfig_To_service_CertConfig is an autogenerated conversion function.

func Convert_v1alpha1_DNSChallengeOnShoot_To_service_DNSChallengeOnShoot added in v1.6.0

func Convert_v1alpha1_DNSChallengeOnShoot_To_service_DNSChallengeOnShoot(in *DNSChallengeOnShoot, out *service.DNSChallengeOnShoot, s conversion.Scope) error

Convert_v1alpha1_DNSChallengeOnShoot_To_service_DNSChallengeOnShoot is an autogenerated conversion function.

func Convert_v1alpha1_DNSSelection_To_service_DNSSelection added in v1.11.0

func Convert_v1alpha1_DNSSelection_To_service_DNSSelection(in *DNSSelection, out *service.DNSSelection, s conversion.Scope) error

Convert_v1alpha1_DNSSelection_To_service_DNSSelection is an autogenerated conversion function.

func Convert_v1alpha1_IssuerConfig_To_service_IssuerConfig

func Convert_v1alpha1_IssuerConfig_To_service_IssuerConfig(in *IssuerConfig, out *service.IssuerConfig, s conversion.Scope) error

Convert_v1alpha1_IssuerConfig_To_service_IssuerConfig is an autogenerated conversion function.

func Convert_v1alpha1_ShootIssuers_To_service_ShootIssuers added in v1.14.0

func Convert_v1alpha1_ShootIssuers_To_service_ShootIssuers(in *ShootIssuers, out *service.ShootIssuers, s conversion.Scope) error

Convert_v1alpha1_ShootIssuers_To_service_ShootIssuers is an autogenerated conversion function.

func RegisterConversions

func RegisterConversions(s *runtime.Scheme) error

RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.

func RegisterDefaults

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type ACMEExternalAccountBinding added in v1.11.0

type ACMEExternalAccountBinding struct {
	// keyID is the ID of the CA key that the External Account is bound to.
	KeyID string `json:"keyID"`

	// KeySecretName is the secret name of the
	// Secret which holds the symmetric MAC key of the External Account Binding with data key 'hmacKey'.
	// The secret key stored in the Secret **must** be un-padded, base64 URL
	// encoded data.
	KeySecretName string `json:"keySecretName"`
}

ACMEExternalAccountBinding is a reference to a CA external account of the ACME server.

func (*ACMEExternalAccountBinding) DeepCopy added in v1.11.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding.

func (*ACMEExternalAccountBinding) DeepCopyInto added in v1.11.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertConfig

type CertConfig struct {
	metav1.TypeMeta `json:",inline"`

	// Issuers is the configuration for certificate issuers.
	Issuers []IssuerConfig `json:"issuers,omitempty"`

	// DNSChallengeOnShoot controls where the DNS entries for DNS01 challenges are created.
	// If not specified the DNS01 challenges are written to the control plane namespace on the seed.
	// +optional
	DNSChallengeOnShoot *DNSChallengeOnShoot `json:"dnsChallengeOnShoot,omitempty"`

	// ShootIssuers contains enablement for issuers on shoot cluster
	// If specified, it overwrites the ShootIssuers settings of the service configuration.
	// +optional
	ShootIssuers *ShootIssuers `json:"shootIssuers,omitempty"`

	// PrecheckNameservers is used to specify a comma-separated list of DNS servers for checking availability for DNS
	// challenge before calling ACME CA. Please consider to specify nameservers per issuer instead.
	// +optional
	PrecheckNameservers *string `json:"precheckNameservers,omitempty"`
}

CertConfig configuration resource

func (*CertConfig) DeepCopy

func (in *CertConfig) DeepCopy() *CertConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertConfig.

func (*CertConfig) DeepCopyInto

func (in *CertConfig) DeepCopyInto(out *CertConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertConfig) DeepCopyObject

func (in *CertConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DNSChallengeOnShoot added in v1.6.0

type DNSChallengeOnShoot struct {
	Enabled   bool   `json:"enabled"`
	Namespace string `json:"namespace"`
	// +optional
	DNSClass *string `json:"dnsClass,omitempty"`
}

DNSChallengeOnShoot is used to create DNS01 challenges on shoot and not on seed.

func (*DNSChallengeOnShoot) DeepCopy added in v1.6.0

func (in *DNSChallengeOnShoot) DeepCopy() *DNSChallengeOnShoot

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSChallengeOnShoot.

func (*DNSChallengeOnShoot) DeepCopyInto added in v1.6.0

func (in *DNSChallengeOnShoot) DeepCopyInto(out *DNSChallengeOnShoot)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSSelection added in v1.11.0

type DNSSelection struct {
	// Include are domain names for which certificate requests are allowed (including any subdomains)
	//+ optional
	Include []string `json:"include,omitempty"`
	// Exclude are domain names for which certificate requests are forbidden (including any subdomains)
	// + optional
	Exclude []string `json:"exclude,omitempty"`
}

DNSSelection is a restriction on the domains to be allowed or forbidden for certificate requests

func (*DNSSelection) DeepCopy added in v1.11.0

func (in *DNSSelection) DeepCopy() *DNSSelection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSelection.

func (*DNSSelection) DeepCopyInto added in v1.11.0

func (in *DNSSelection) DeepCopyInto(out *DNSSelection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IssuerConfig

type IssuerConfig struct {
	Name   string `json:"name"`
	Server string `json:"server"`
	Email  string `json:"email"`
	// RequestsPerDayQuota sets quota for certificate requests per day
	// +optional
	RequestsPerDayQuota *int `json:"requestsPerDayQuota,omitempty"`

	// PrivateKeySecretName is the secret name for the ACME private key.
	// If not provided, a new private key is generated.
	// +optional
	PrivateKeySecretName *string `json:"privateKeySecretName,omitempty"`

	// ACMEExternalAccountBinding is a reference to a CA external account of the ACME server.
	// +optional
	ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"`

	// SkipDNSChallengeValidation marks that this issuer does not validate DNS challenges.
	// In this case no DNS entries/records are created for a DNS Challenge and DNS propagation
	// is not checked.
	// +optional
	SkipDNSChallengeValidation *bool `json:"skipDNSChallengeValidation,omitempty"`

	// Domains optionally specifies domains allowed or forbidden for certificate requests
	// +optional
	Domains *DNSSelection `json:"domains,omitempty"`

	// PrecheckNameservers overwrites the default precheck nameservers used for checking DNS propagation.
	// Format `host` or `host:port`, e.g. "8.8.8.8" same as "8.8.8.8:53" or "google-public-dns-a.google.com:53".
	// +optional
	PrecheckNameservers []string `json:"precheckNameservers,omitempty"`
}

IssuerConfig contains information for certificate issuers.

func (*IssuerConfig) DeepCopy

func (in *IssuerConfig) DeepCopy() *IssuerConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig.

func (*IssuerConfig) DeepCopyInto

func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ShootIssuers added in v1.14.0

type ShootIssuers struct {
	Enabled bool `json:"enabled"`
}

ShootIssuers holds enablement for issuers on shoot cluster If specified, it overwrites the ShootIssuers settings of the service configuration.

func (*ShootIssuers) DeepCopy added in v1.14.0

func (in *ShootIssuers) DeepCopy() *ShootIssuers

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShootIssuers.

func (*ShootIssuers) DeepCopyInto added in v1.14.0

func (in *ShootIssuers) DeepCopyInto(out *ShootIssuers)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL