Documentation ¶
Overview ¶
Package v1alpha2 is the v1alpha2 version of the API. +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/certmanager +k8s:openapi-gen=true +k8s:defaulter-gen=TypeMeta +groupName=cert-manager.io +groupGoName=Certmanager
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type CAIssuer
- type Certificate
- type CertificateCondition
- type CertificateConditionType
- type CertificateList
- type CertificateRequest
- type CertificateRequestCondition
- type CertificateRequestConditionType
- type CertificateRequestList
- type CertificateRequestSpec
- type CertificateRequestStatus
- type CertificateSpec
- type CertificateStatus
- type ClusterIssuer
- func (c *ClusterIssuer) Copy() GenericIssuer
- func (in *ClusterIssuer) DeepCopy() *ClusterIssuer
- func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer)
- func (in *ClusterIssuer) DeepCopyObject() runtime.Object
- func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta
- func (c *ClusterIssuer) GetSpec() *IssuerSpec
- func (c *ClusterIssuer) GetStatus() *IssuerStatus
- func (c *ClusterIssuer) SetSpec(spec IssuerSpec)
- func (c *ClusterIssuer) SetStatus(status IssuerStatus)
- type ClusterIssuerList
- type GenericIssuer
- type Issuer
- func (c *Issuer) Copy() GenericIssuer
- func (in *Issuer) DeepCopy() *Issuer
- func (in *Issuer) DeepCopyInto(out *Issuer)
- func (in *Issuer) DeepCopyObject() runtime.Object
- func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta
- func (c *Issuer) GetSpec() *IssuerSpec
- func (c *Issuer) GetStatus() *IssuerStatus
- func (c *Issuer) SetSpec(spec IssuerSpec)
- func (c *Issuer) SetStatus(status IssuerStatus)
- type IssuerCondition
- type IssuerConditionType
- type IssuerConfig
- type IssuerList
- type IssuerSpec
- type IssuerStatus
- type KeyAlgorithm
- type KeyEncoding
- type KeyUsage
- type SelfSignedIssuer
- type VaultAppRole
- type VaultAuth
- type VaultIssuer
- type VaultKubernetesAuth
- type VenafiCloud
- type VenafiIssuer
- type VenafiTPP
- type X509Subject
Constants ¶
const ( // minimum permitted certificate duration by cert-manager MinimumCertificateDuration = time.Hour // default certificate duration if Issuer.spec.duration is not set DefaultCertificateDuration = time.Hour * 24 * 90 // minimum certificate duration before certificate expiration MinimumRenewBefore = time.Minute * 5 // Default duration before certificate expiration if Issuer.spec.renewBefore is not set DefaultRenewBefore = time.Hour * 24 * 30 )
const ( // Default index key for the Secret reference for Token authentication DefaultVaultTokenAuthSecretKey = "token" // Default mount path location for Kubernetes ServiceAccount authentication // (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so // left as the default, `/v1/auth/kubernetes/login` will be called. DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes" )
const ( AltNamesAnnotationKey = "cert-manager.io/alt-names" IPSANAnnotationKey = "cert-manager.io/ip-sans" URISANAnnotationKey = "cert-manager.io/uri-sans" CommonNameAnnotationKey = "cert-manager.io/common-name" IssuerNameAnnotationKey = "cert-manager.io/issuer-name" IssuerKindAnnotationKey = "cert-manager.io/issuer-kind" IssuerGroupAnnotationKey = "cert-manager.io/issuer-group" CertificateNameKey = "cert-manager.io/certificate-name" )
Annotation names for Secrets
const ( DeprecatedIssuerNameAnnotationKey = "certmanager.k8s.io/issuer-name" DeprecatedIssuerKindAnnotationKey = "certmanager.k8s.io/issuer-kind" )
Deprecated annotation names for Secrets
const ( // issuerNameAnnotation can be used to override the issuer specified on the // created Certificate resource. IngressIssuerNameAnnotationKey = "cert-manager.io/issuer" // clusterIssuerNameAnnotation can be used to override the issuer specified on the // created Certificate resource. The Certificate will reference the // specified *ClusterIssuer* instead of normal issuer. IngressClusterIssuerNameAnnotationKey = "cert-manager.io/cluster-issuer" // acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass // if the challenge type is set to http01 IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class" // IngressClassAnnotationKey picks a specific "class" for the Ingress. The // controller only processes Ingresses with this annotation either unset, or // set to either the configured value or the empty string. IngressClassAnnotationKey = "kubernetes.io/ingress.class" )
const ( ClusterIssuerKind = "ClusterIssuer" IssuerKind = "Issuer" CertificateKind = "Certificate" CertificateRequestKind = "CertificateRequest" )
const ( // WantInjectAnnotation is the annotation that specifies that a particular // object wants injection of CAs. It takes the form of a reference to a certificate // as namespace/name. The certificate is expected to have the is-serving-for annotations. WantInjectAnnotation = "cert-manager.io/inject-ca-from" // WantInjectAPIServerCAAnnotation, if set to "true", will make the cainjector // inject the CA certificate for the Kubernetes apiserver into the resource. // It discovers the apiserver's CA by inspecting the service account credentials // mounted into the cainjector pod. WantInjectAPIServerCAAnnotation = "cert-manager.io/inject-apiserver-ca" // WantInjectFromSecretAnnotation is the annotation that specifies that a particular // object wants injection of CAs. It takes the form of a reference to a Secret // as namespace/name. WantInjectFromSecretAnnotation = "cert-manager.io/inject-ca-from-secret" // AllowsInjectionFromSecretAnnotation is an annotation that must be added // to Secret resource that want to denote that they can be directly // injected into injectables that have a `inject-ca-from-secret` annotation. // If an injectable references a Secret that does NOT have this annotation, // the cainjector will refuse to inject the secret. AllowsInjectionFromSecretAnnotation = "cert-manager.io/allow-direct-injection" )
const ( CertificateRequestReasonPending = "Pending" CertificateRequestReasonFailed = "Failed" CertificateRequestReasonIssued = "Issued" )
const (
CRPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name"
)
Annotation names for CertificateRequests
const ( // IssueTemporaryCertificateAnnotation is an annotation that can be added to // Certificate resources. // If it is present, a temporary internally signed certificate will be // stored in the target Secret resource whilst the real Issuer is processing // the certificate request. IssueTemporaryCertificateAnnotation = "cert-manager.io/issue-temporary-certificate" )
const ( // VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer // This will only work with Venafi TPP v19.3 and higher // The value is an array with objects containing the name and value keys // for example: `[{"name": "custom-field", "value": "custom-value"}]` VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields" )
Issuer specific Annotations
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1alpha2"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type CAIssuer ¶
type CAIssuer struct { // SecretName is the name of the secret used to sign Certificates issued // by this Issuer. SecretName string `json:"secretName"` }
func (*CAIssuer) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAIssuer.
func (*CAIssuer) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Certificate ¶
type Certificate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateSpec `json:"spec,omitempty"` Status CertificateStatus `json:"status,omitempty"` }
Certificate is a type to represent a Certificate from ACME +k8s:openapi-gen=true +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +kubebuilder:printcolumn:name="Secret",type="string",JSONPath=".spec.secretName",description="" +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=".spec.issuerRef.name",description="",priority=1 +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",priority=1 +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +kubebuilder:subresource:status +kubebuilder:resource:path=certificates,shortName=cert;certs
func (*Certificate) DeepCopy ¶
func (in *Certificate) DeepCopy() *Certificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (*Certificate) DeepCopyInto ¶
func (in *Certificate) DeepCopyInto(out *Certificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Certificate) DeepCopyObject ¶
func (in *Certificate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateCondition ¶
type CertificateCondition struct { // Type of the condition, currently ('Ready'). Type CertificateConditionType `json:"type"` // Status of the condition, one of ('True', 'False', 'Unknown'). Status cmmeta.ConditionStatus `json:"status"` // LastTransitionTime is the timestamp corresponding to the last status // change of this condition. // +optional LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` // Reason is a brief machine readable explanation for the condition's last // transition. // +optional Reason string `json:"reason,omitempty"` // Message is a human readable description of the details of the last // transition, complementing reason. // +optional Message string `json:"message,omitempty"` }
CertificateCondition contains condition information for an Certificate.
func (*CertificateCondition) DeepCopy ¶
func (in *CertificateCondition) DeepCopy() *CertificateCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.
func (*CertificateCondition) DeepCopyInto ¶
func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateConditionType ¶
type CertificateConditionType string
CertificateConditionType represents an Certificate condition value.
const ( // CertificateConditionReady indicates that a certificate is ready for use. // This is defined as: // - The target secret exists // - The target secret contains a certificate that has not expired // - The target secret contains a private key valid for the certificate // - The commonName and dnsNames attributes match those specified on the Certificate CertificateConditionReady CertificateConditionType = "Ready" )
type CertificateList ¶
type CertificateList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []Certificate `json:"items"` }
CertificateList is a list of Certificates
func (*CertificateList) DeepCopy ¶
func (in *CertificateList) DeepCopy() *CertificateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.
func (*CertificateList) DeepCopyInto ¶
func (in *CertificateList) DeepCopyInto(out *CertificateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateList) DeepCopyObject ¶
func (in *CertificateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateRequest ¶
type CertificateRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateRequestSpec `json:"spec,omitempty"` Status CertificateRequestStatus `json:"status,omitempty"` }
CertificateRequest is a type to represent a Certificate Signing Request +k8s:openapi-gen=true +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=".spec.issuerRef.name",description="",priority=1 +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",priority=1 +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +kubebuilder:subresource:status +kubebuilder:resource:path=certificaterequests,shortName=cr;crs
func (*CertificateRequest) DeepCopy ¶
func (in *CertificateRequest) DeepCopy() *CertificateRequest
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest.
func (*CertificateRequest) DeepCopyInto ¶
func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateRequest) DeepCopyObject ¶
func (in *CertificateRequest) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateRequestCondition ¶
type CertificateRequestCondition struct { // Type of the condition, currently ('Ready', 'InvalidRequest'). Type CertificateRequestConditionType `json:"type"` // Status of the condition, one of ('True', 'False', 'Unknown'). Status cmmeta.ConditionStatus `json:"status"` // LastTransitionTime is the timestamp corresponding to the last status // change of this condition. // +optional LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` // Reason is a brief machine readable explanation for the condition's last // transition. // +optional Reason string `json:"reason,omitempty"` // Message is a human readable description of the details of the last // transition, complementing reason. // +optional Message string `json:"message,omitempty"` }
CertificateRequestCondition contains condition information for a CertificateRequest.
func (*CertificateRequestCondition) DeepCopy ¶
func (in *CertificateRequestCondition) DeepCopy() *CertificateRequestCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition.
func (*CertificateRequestCondition) DeepCopyInto ¶
func (in *CertificateRequestCondition) DeepCopyInto(out *CertificateRequestCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateRequestConditionType ¶
type CertificateRequestConditionType string
CertificateRequestConditionType represents an Certificate condition value.
const ( // CertificateRequestConditionReady indicates that a certificate is ready for use. // This is defined as: // - The target certificate exists in CertificateRequest.Status CertificateRequestConditionReady CertificateRequestConditionType = "Ready" // CertificateRequestConditionInvalidRequest indicates that a certificate // signer has refused to sign the request due to at least one of the input // parameters being invalid. Additional information about why the request // was rejected can be found in the `reason` and `message` fields. CertificateRequestConditionInvalidRequest CertificateRequestConditionType = "InvalidRequest" )
type CertificateRequestList ¶
type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []CertificateRequest `json:"items"` }
CertificateRequestList is a list of Certificates
func (*CertificateRequestList) DeepCopy ¶
func (in *CertificateRequestList) DeepCopy() *CertificateRequestList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList.
func (*CertificateRequestList) DeepCopyInto ¶
func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateRequestList) DeepCopyObject ¶
func (in *CertificateRequestList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateRequestSpec ¶
type CertificateRequestSpec struct { // Requested certificate default Duration // +optional Duration *metav1.Duration `json:"duration,omitempty"` // IssuerRef is a reference to the issuer for this CertificateRequest. If // the 'kind' field is not set, or set to 'Issuer', an Issuer resource with // the given name in the same namespace as the CertificateRequest will be // used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with // the provided name will be used. The 'name' field in this stanza is // required at all times. The group field refers to the API group of the // issuer which defaults to 'cert-manager.io' if empty. IssuerRef cmmeta.ObjectReference `json:"issuerRef"` // Byte slice containing the PEM encoded CertificateSigningRequest CSRPEM []byte `json:"csr"` // IsCA will mark the resulting certificate as valid for signing. This // implies that the 'cert sign' usage is set // +optional IsCA bool `json:"isCA,omitempty"` // Usages is the set of x509 actions that are enabled for a given key. // Defaults are ('digital signature', 'key encipherment') if empty // +optional Usages []KeyUsage `json:"usages,omitempty"` }
CertificateRequestSpec defines the desired state of CertificateRequest
func (*CertificateRequestSpec) DeepCopy ¶
func (in *CertificateRequestSpec) DeepCopy() *CertificateRequestSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec.
func (*CertificateRequestSpec) DeepCopyInto ¶
func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateRequestStatus ¶
type CertificateRequestStatus struct { // +optional Conditions []CertificateRequestCondition `json:"conditions,omitempty"` // Byte slice containing a PEM encoded signed certificate resulting from the // given certificate signing request. // +optional Certificate []byte `json:"certificate,omitempty"` // Byte slice containing the PEM encoded certificate authority of the signed // certificate. // +optional CA []byte `json:"ca,omitempty"` // FailureTime stores the time that this CertificateRequest failed. This is // used to influence garbage collection and back-off. // +optional FailureTime *metav1.Time `json:"failureTime,omitempty"` }
CertificateStatus defines the observed state of CertificateRequest and resulting signed certificate.
func (*CertificateRequestStatus) DeepCopy ¶
func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus.
func (*CertificateRequestStatus) DeepCopyInto ¶
func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateSpec ¶
type CertificateSpec struct { // Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). // +optional Subject *X509Subject `json:"subject,omitempty"` // CommonName is a common name to be used on the Certificate. // The CommonName should have a length of 64 characters or fewer to avoid // generating invalid CSRs. // This value is ignored by TLS clients when any subject alt name is set. // This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4 // +optional CommonName string `json:"commonName,omitempty"` // Organization is the organization to be used on the Certificate // +optional Organization []string `json:"organization,omitempty"` // Certificate default Duration // +optional Duration *metav1.Duration `json:"duration,omitempty"` // Certificate renew before expiration duration // +optional RenewBefore *metav1.Duration `json:"renewBefore,omitempty"` // DNSNames is a list of subject alt names to be used on the Certificate. // +optional DNSNames []string `json:"dnsNames,omitempty"` // IPAddresses is a list of IP addresses to be used on the Certificate // +optional IPAddresses []string `json:"ipAddresses,omitempty"` // URISANs is a list of URI Subject Alternative Names to be set on this // Certificate. // +optional URISANs []string `json:"uriSANs,omitempty"` // EmailSANs is a list of Email Subject Alternative Names to be set on this // Certificate. // +optional EmailSANs []string `json:"emailSANs,omitempty"` // SecretName is the name of the secret resource to store this secret in SecretName string `json:"secretName"` // IssuerRef is a reference to the issuer for this certificate. // If the 'kind' field is not set, or set to 'Issuer', an Issuer resource // with the given name in the same namespace as the Certificate will be used. // If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with the // provided name will be used. // The 'name' field in this stanza is required at all times. IssuerRef cmmeta.ObjectReference `json:"issuerRef"` // IsCA will mark this Certificate as valid for signing. // This implies that the 'cert sign' usage is set // +optional IsCA bool `json:"isCA,omitempty"` // Usages is the set of x509 actions that are enabled for a given key. Defaults are ('digital signature', 'key encipherment') if empty // +optional Usages []KeyUsage `json:"usages,omitempty"` // KeySize is the key bit size of the corresponding private key for this certificate. // If provided, value must be between 2048 and 8192 inclusive when KeyAlgorithm is // empty or is set to "rsa", and value must be one of (256, 384, 521) when // KeyAlgorithm is set to "ecdsa". // +kubebuilder:validation:ExclusiveMaximum=false // +kubebuilder:validation:Maximum=8192 // +kubebuilder:validation:ExclusiveMinimum=false // +kubebuilder:validation:Minimum=0 // +optional KeySize int `json:"keySize,omitempty"` // KeyAlgorithm is the private key algorithm of the corresponding private key // for this certificate. If provided, allowed values are either "rsa" or "ecdsa" // If KeyAlgorithm is specified and KeySize is not provided, // key size of 256 will be used for "ecdsa" key algorithm and // key size of 2048 will be used for "rsa" key algorithm. // +optional KeyAlgorithm KeyAlgorithm `json:"keyAlgorithm,omitempty"` // KeyEncoding is the private key cryptography standards (PKCS) // for this certificate's private key to be encoded in. If provided, allowed // values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, respectively. // If KeyEncoding is not specified, then PKCS#1 will be used by default. KeyEncoding KeyEncoding `json:"keyEncoding,omitempty"` }
CertificateSpec defines the desired state of Certificate. A valid Certificate requires at least one of a CommonName, DNSName, or URISAN to be valid.
func (*CertificateSpec) DeepCopy ¶
func (in *CertificateSpec) DeepCopy() *CertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (*CertificateSpec) DeepCopyInto ¶
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateStatus ¶
type CertificateStatus struct { // +optional Conditions []CertificateCondition `json:"conditions,omitempty"` // +optional LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"` // The expiration time of the certificate stored in the secret named // by this resource in spec.secretName. // +optional NotAfter *metav1.Time `json:"notAfter,omitempty"` }
CertificateStatus defines the observed state of Certificate
func (*CertificateStatus) DeepCopy ¶
func (in *CertificateStatus) DeepCopy() *CertificateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.
func (*CertificateStatus) DeepCopyInto ¶
func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterIssuer ¶
type ClusterIssuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec IssuerSpec `json:"spec,omitempty"` Status IssuerStatus `json:"status,omitempty"` }
+kubebuilder:subresource:status +kubebuilder:resource:path=clusterissuers,scope=Cluster
func (*ClusterIssuer) Copy ¶
func (c *ClusterIssuer) Copy() GenericIssuer
func (*ClusterIssuer) DeepCopy ¶
func (in *ClusterIssuer) DeepCopy() *ClusterIssuer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuer.
func (*ClusterIssuer) DeepCopyInto ¶
func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterIssuer) DeepCopyObject ¶
func (in *ClusterIssuer) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterIssuer) GetObjectMeta ¶
func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta
func (*ClusterIssuer) GetSpec ¶
func (c *ClusterIssuer) GetSpec() *IssuerSpec
func (*ClusterIssuer) GetStatus ¶
func (c *ClusterIssuer) GetStatus() *IssuerStatus
func (*ClusterIssuer) SetSpec ¶
func (c *ClusterIssuer) SetSpec(spec IssuerSpec)
func (*ClusterIssuer) SetStatus ¶
func (c *ClusterIssuer) SetStatus(status IssuerStatus)
type ClusterIssuerList ¶
type ClusterIssuerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []ClusterIssuer `json:"items"` }
ClusterIssuerList is a list of Issuers
func (*ClusterIssuerList) DeepCopy ¶
func (in *ClusterIssuerList) DeepCopy() *ClusterIssuerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuerList.
func (*ClusterIssuerList) DeepCopyInto ¶
func (in *ClusterIssuerList) DeepCopyInto(out *ClusterIssuerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterIssuerList) DeepCopyObject ¶
func (in *ClusterIssuerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GenericIssuer ¶
type GenericIssuer interface { runtime.Object metav1.Object GetObjectMeta() *metav1.ObjectMeta GetSpec() *IssuerSpec GetStatus() *IssuerStatus }
type Issuer ¶
type Issuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec IssuerSpec `json:"spec,omitempty"` Status IssuerStatus `json:"status,omitempty"` }
+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +kubebuilder:subresource:status +kubebuilder:resource:path=issuers
func (*Issuer) Copy ¶
func (c *Issuer) Copy() GenericIssuer
func (*Issuer) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (*Issuer) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Issuer) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Issuer) GetObjectMeta ¶
func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta
func (*Issuer) GetSpec ¶
func (c *Issuer) GetSpec() *IssuerSpec
func (*Issuer) GetStatus ¶
func (c *Issuer) GetStatus() *IssuerStatus
func (*Issuer) SetSpec ¶
func (c *Issuer) SetSpec(spec IssuerSpec)
func (*Issuer) SetStatus ¶
func (c *Issuer) SetStatus(status IssuerStatus)
type IssuerCondition ¶
type IssuerCondition struct { // Type of the condition, currently ('Ready'). Type IssuerConditionType `json:"type"` // Status of the condition, one of ('True', 'False', 'Unknown'). Status cmmeta.ConditionStatus `json:"status"` // LastTransitionTime is the timestamp corresponding to the last status // change of this condition. // +optional LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` // Reason is a brief machine readable explanation for the condition's last // transition. // +optional Reason string `json:"reason,omitempty"` // Message is a human readable description of the details of the last // transition, complementing reason. // +optional Message string `json:"message,omitempty"` }
IssuerCondition contains condition information for an Issuer.
func (*IssuerCondition) DeepCopy ¶
func (in *IssuerCondition) DeepCopy() *IssuerCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerCondition.
func (*IssuerCondition) DeepCopyInto ¶
func (in *IssuerCondition) DeepCopyInto(out *IssuerCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IssuerConditionType ¶
type IssuerConditionType string
IssuerConditionType represents an Issuer condition value.
const ( // IssuerConditionReady represents the fact that a given Issuer condition // is in ready state. IssuerConditionReady IssuerConditionType = "Ready" )
type IssuerConfig ¶
type IssuerConfig struct { // +optional ACME *cmacme.ACMEIssuer `json:"acme,omitempty"` // +optional CA *CAIssuer `json:"ca,omitempty"` // +optional Vault *VaultIssuer `json:"vault,omitempty"` // +optional SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"` // +optional Venafi *VenafiIssuer `json:"venafi,omitempty"` }
func (*IssuerConfig) DeepCopy ¶
func (in *IssuerConfig) DeepCopy() *IssuerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig.
func (*IssuerConfig) DeepCopyInto ¶
func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IssuerList ¶
type IssuerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []Issuer `json:"items"` }
IssuerList is a list of Issuers
func (*IssuerList) DeepCopy ¶
func (in *IssuerList) DeepCopy() *IssuerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList.
func (*IssuerList) DeepCopyInto ¶
func (in *IssuerList) DeepCopyInto(out *IssuerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IssuerList) DeepCopyObject ¶
func (in *IssuerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IssuerSpec ¶
type IssuerSpec struct {
IssuerConfig `json:",inline"`
}
IssuerSpec is the specification of an Issuer. This includes any configuration required for the issuer.
func (*IssuerSpec) DeepCopy ¶
func (in *IssuerSpec) DeepCopy() *IssuerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec.
func (*IssuerSpec) DeepCopyInto ¶
func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IssuerStatus ¶
type IssuerStatus struct { // +optional Conditions []IssuerCondition `json:"conditions,omitempty"` // +optional ACME *cmacme.ACMEIssuerStatus `json:"acme,omitempty"` }
IssuerStatus contains status information about an Issuer
func (*IssuerStatus) ACMEStatus ¶
func (i *IssuerStatus) ACMEStatus() *cmacme.ACMEIssuerStatus
TODO: refactor these functions away
func (*IssuerStatus) DeepCopy ¶
func (in *IssuerStatus) DeepCopy() *IssuerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus.
func (*IssuerStatus) DeepCopyInto ¶
func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyAlgorithm ¶
type KeyAlgorithm string
+kubebuilder:validation:Enum=rsa;ecdsa
const ( RSAKeyAlgorithm KeyAlgorithm = "rsa" ECDSAKeyAlgorithm KeyAlgorithm = "ecdsa" )
type KeyEncoding ¶
type KeyEncoding string
+kubebuilder:validation:Enum=pkcs1;pkcs8
const ( PKCS1 KeyEncoding = "pkcs1" PKCS8 KeyEncoding = "pkcs8" )
type KeyUsage ¶
type KeyUsage string
KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
https://tools.ietf.org/html/rfc5280#section-4.2.1.12
Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc"
const ( UsageSigning KeyUsage = "signing" UsageDigitalSignature KeyUsage = "digital signature" UsageContentCommittment KeyUsage = "content commitment" UsageKeyEncipherment KeyUsage = "key encipherment" UsageKeyAgreement KeyUsage = "key agreement" UsageDataEncipherment KeyUsage = "data encipherment" UsageCertSign KeyUsage = "cert sign" UsageCRLSign KeyUsage = "crl sign" UsageEncipherOnly KeyUsage = "encipher only" UsageDecipherOnly KeyUsage = "decipher only" UsageAny KeyUsage = "any" UsageServerAuth KeyUsage = "server auth" UsageClientAuth KeyUsage = "client auth" UsageCodeSigning KeyUsage = "code signing" UsageEmailProtection KeyUsage = "email protection" UsageSMIME KeyUsage = "s/mime" UsageIPsecEndSystem KeyUsage = "ipsec end system" UsageIPsecTunnel KeyUsage = "ipsec tunnel" UsageIPsecUser KeyUsage = "ipsec user" UsageTimestamping KeyUsage = "timestamping" UsageOCSPSigning KeyUsage = "ocsp signing" UsageMicrosoftSGC KeyUsage = "microsoft sgc" UsageNetscapeSGC KeyUsage = "netscape sgc" )
func DefaultKeyUsages ¶
func DefaultKeyUsages() []KeyUsage
DefaultKeyUsages contains the default list of key usages
type SelfSignedIssuer ¶
type SelfSignedIssuer struct{}
func (*SelfSignedIssuer) DeepCopy ¶
func (in *SelfSignedIssuer) DeepCopy() *SelfSignedIssuer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedIssuer.
func (*SelfSignedIssuer) DeepCopyInto ¶
func (in *SelfSignedIssuer) DeepCopyInto(out *SelfSignedIssuer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAppRole ¶
type VaultAppRole struct { // Where the authentication path is mounted in Vault. Path string `json:"path"` RoleId string `json:"roleId"` SecretRef cmmeta.SecretKeySelector `json:"secretRef"` }
func (*VaultAppRole) DeepCopy ¶
func (in *VaultAppRole) DeepCopy() *VaultAppRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (*VaultAppRole) DeepCopyInto ¶
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAuth ¶
type VaultAuth struct { // This Secret contains the Vault token key // +optional TokenSecretRef *cmmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"` // This Secret contains a AppRole and Secret // +optional AppRole *VaultAppRole `json:"appRole,omitempty"` // This contains a Role and Secret with a ServiceAccount token to // authenticate with vault. // +optional Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"` }
Vault authentication can be configured:
- With a secret containing a token. Cert-manager is using this token as-is.
- With a secret containing a AppRole. This AppRole is used to authenticate to Vault and retrieve a token.
func (*VaultAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (*VaultAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultIssuer ¶
type VaultIssuer struct { // Vault authentication Auth VaultAuth `json:"auth"` // Server is the vault connection address Server string `json:"server"` // Vault URL path to the certificate role Path string `json:"path"` // Base64 encoded CA bundle to validate Vault server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` }
func (*VaultIssuer) DeepCopy ¶
func (in *VaultIssuer) DeepCopy() *VaultIssuer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIssuer.
func (*VaultIssuer) DeepCopyInto ¶
func (in *VaultIssuer) DeepCopyInto(out *VaultIssuer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKubernetesAuth ¶
type VaultKubernetesAuth struct { // The Vault mountPath here is the mount path to use when authenticating with // Vault. For example, setting a value to `/v1/auth/foo`, will use the path // `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the // default value "/v1/auth/kubernetes" will be used. // +optional Path string `json:"mountPath,omitempty"` // The required Secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Vault. Use of 'ambient credentials' is not // supported. SecretRef cmmeta.SecretKeySelector `json:"secretRef"` // A required field containing the Vault Role to assume. A Role binds a // Kubernetes ServiceAccount with a set of Vault policies. Role string `json:"role"` }
Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.
func (*VaultKubernetesAuth) DeepCopy ¶
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (*VaultKubernetesAuth) DeepCopyInto ¶
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VenafiCloud ¶
type VenafiCloud struct { // URL is the base URL for Venafi Cloud // +optional URL string `json:"url,omitempty"` // APITokenSecretRef is a secret key selector for the Venafi Cloud API token. APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"` }
VenafiCloud defines connection configuration details for Venafi Cloud
func (*VenafiCloud) DeepCopy ¶
func (in *VenafiCloud) DeepCopy() *VenafiCloud
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiCloud.
func (*VenafiCloud) DeepCopyInto ¶
func (in *VenafiCloud) DeepCopyInto(out *VenafiCloud)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VenafiIssuer ¶
type VenafiIssuer struct { // Zone is the Venafi Policy Zone to use for this issuer. // All requests made to the Venafi platform will be restricted by the named // zone policy. // This field is required. Zone string `json:"zone"` // TPP specifies Trust Protection Platform configuration settings. // Only one of TPP or Cloud may be specified. // +optional TPP *VenafiTPP `json:"tpp,omitempty"` // Cloud specifies the Venafi cloud configuration settings. // Only one of TPP or Cloud may be specified. // +optional Cloud *VenafiCloud `json:"cloud,omitempty"` }
VenafiIssuer describes issuer configuration details for Venafi Cloud.
func (*VenafiIssuer) DeepCopy ¶
func (in *VenafiIssuer) DeepCopy() *VenafiIssuer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiIssuer.
func (*VenafiIssuer) DeepCopyInto ¶
func (in *VenafiIssuer) DeepCopyInto(out *VenafiIssuer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VenafiTPP ¶
type VenafiTPP struct { // URL is the base URL for the Venafi TPP instance URL string `json:"url"` // CredentialsRef is a reference to a Secret containing the username and // password for the TPP server. // The secret must contain two keys, 'username' and 'password'. CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"` // CABundle is a PEM encoded TLS certificate to use to verify connections to // the TPP instance. // If specified, system roots will not be used and the issuing CA for the // TPP instance must be verifiable using the provided root. // If not specified, the connection will be verified using the cert-manager // system root certificates. // +optional CABundle []byte `json:"caBundle,omitempty"` }
VenafiTPP defines connection configuration details for a Venafi TPP instance
func (*VenafiTPP) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiTPP.
func (*VenafiTPP) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type X509Subject ¶ added in v0.13.0
type X509Subject struct { // Countries to be used on the Certificate. // +optional Countries []string `json:"countries,omitempty"` // Organizational Units to be used on the Certificate. // +optional OrganizationalUnits []string `json:"organizationalUnits,omitempty"` // Cities to be used on the Certificate. // +optional Localities []string `json:"localities,omitempty"` // State/Provinces to be used on the Certificate. // +optional Provinces []string `json:"provinces,omitempty"` // Street addresses to be used on the Certificate. // +optional StreetAddresses []string `json:"streetAddresses,omitempty"` // Postal codes to be used on the Certificate. // +optional PostalCodes []string `json:"postalCodes,omitempty"` // Serial number to be used on the Certificate. // +optional SerialNumber string `json:"serialNumber,omitempty"` }
X509Subject Full X509 name specification
func (*X509Subject) DeepCopy ¶ added in v0.13.0
func (in *X509Subject) DeepCopy() *X509Subject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Subject.
func (*X509Subject) DeepCopyInto ¶ added in v0.13.0
func (in *X509Subject) DeepCopyInto(out *X509Subject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.