Documentation ¶
Overview ¶
Package v1alpha1 is the v1alpha1 version of the controller config API. +k8s:deepcopy-gen=package,register +groupName=controller.config.cert-manager.io
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: controller.GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ACMEDNS01Config ¶
type ACMEDNS01Config struct { // Each nameserver can be either the IP address and port of a standard // recursive DNS server, or the endpoint to an RFC 8484 DNS over HTTPS // endpoint. For example, the following values are valid: // - "8.8.8.8:53" (Standard DNS) // - "https://1.1.1.1/dns-query" (DNS over HTTPS) RecursiveNameservers []string `json:"recursiveNameservers,omitempty"` // When true, cert-manager will only ever query the configured DNS resolvers // to perform the ACME DNS01 self check. This is useful in DNS constrained // environments, where access to authoritative nameservers is restricted. // Enabling this option could cause the DNS01 self check to take longer // due to caching performed by the recursive nameservers. RecursiveNameserversOnly *bool `json:"recursiveNameserversOnly,omitempty"` // The duration the controller should wait between a propagation check. Despite // the name, this flag is used to configure the wait period for both DNS01 and // HTTP01 challenge propagation checks. For DNS01 challenges the propagation // check verifies that a TXT record with the challenge token has been created. // For HTTP01 challenges the propagation check verifies that the challenge // token is served at the challenge URL. This should be a valid duration // string, for example 180s or 1h CheckRetryPeriod *sharedv1alpha1.Duration `json:"checkRetryPeriod,omitempty"` }
func (*ACMEDNS01Config) DeepCopy ¶
func (in *ACMEDNS01Config) DeepCopy() *ACMEDNS01Config
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEDNS01Config.
func (*ACMEDNS01Config) DeepCopyInto ¶
func (in *ACMEDNS01Config) DeepCopyInto(out *ACMEDNS01Config)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ACMEHTTP01Config ¶
type ACMEHTTP01Config struct { // The Docker image to use to solve ACME HTTP01 challenges. You most likely // will not need to change this parameter unless you are testing a new // feature or developing cert-manager. SolverImage string `json:"solverImage,omitempty"` // Defines the resource request CPU size when spawning new ACME HTTP01 // challenge solver pods. SolverResourceRequestCPU string `json:"solverResourceRequestCPU,omitempty"` // Defines the resource request Memory size when spawning new ACME HTTP01 // challenge solver pods. SolverResourceRequestMemory string `json:"solverResourceRequestMemory,omitempty"` // Defines the resource limits CPU size when spawning new ACME HTTP01 // challenge solver pods. SolverResourceLimitsCPU string `json:"solverResourceLimitsCPU,omitempty"` // Defines the resource limits Memory size when spawning new ACME HTTP01 // challenge solver pods. SolverResourceLimitsMemory string `json:"solverResourceLimitsMemory,omitempty"` // Defines the ability to run the http01 solver as root for troubleshooting // issues SolverRunAsNonRoot *bool `json:"solverRunAsNonRoot,omitempty"` // A list of comma separated dns server endpoints used for // ACME HTTP01 check requests. This should be a list containing host and // port, for example ["8.8.8.8:53","8.8.4.4:53"] // Allows specifying a list of custom nameservers to perform HTTP01 checks on. SolverNameservers []string `json:"solverNameservers,omitempty"` }
func (*ACMEHTTP01Config) DeepCopy ¶
func (in *ACMEHTTP01Config) DeepCopy() *ACMEHTTP01Config
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEHTTP01Config.
func (*ACMEHTTP01Config) DeepCopyInto ¶
func (in *ACMEHTTP01Config) DeepCopyInto(out *ACMEHTTP01Config)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerConfiguration ¶
type ControllerConfiguration struct { metav1.TypeMeta `json:",inline"` // kubeConfig is the kubeconfig file used to connect to the Kubernetes apiserver. // If not specified, the controller will attempt to load the in-cluster-config. KubeConfig string `json:"kubeConfig,omitempty"` // apiServerHost is used to override the API server connection address. // Deprecated: use `kubeConfig` instead. APIServerHost string `json:"apiServerHost,omitempty"` // Indicates the maximum queries-per-second requests to the Kubernetes apiserver // TODO: floats are not recommended. Maybe we should use resource.Quantity? https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ KubernetesAPIQPS *float32 `json:"kubernetesAPIQPS,omitempty"` // The maximum burst queries-per-second of requests sent to the Kubernetes apiserver KubernetesAPIBurst *int32 `json:"kubernetesAPIBurst,omitempty"` // If set, this limits the scope of cert-manager to a single namespace and // ClusterIssuers are disabled. If not specified, all namespaces will be // watched Namespace string `json:"namespace,omitempty"` // Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. ClusterResourceNamespace string `json:"clusterResourceNamespace,omitempty"` // LeaderElectionConfig configures the behaviour of the leader election LeaderElectionConfig LeaderElectionConfig `json:"leaderElectionConfig"` // A list of controllers to enable. // ['*'] enables all controllers, // ['foo'] enables only the foo controller // ['*', '-foo'] disables the controller named foo. Controllers []string `json:"controllers,omitempty"` // Whether an issuer may make use of ambient credentials. 'Ambient // Credentials' are credentials drawn from the environment, metadata services, // or local files which are not explicitly configured in the Issuer API // object. When this flag is enabled, the following sources for // credentials are also used: AWS - All sources the Go SDK defaults to, // notably including any EC2 IAM roles available via instance metadata. IssuerAmbientCredentials *bool `json:"issuerAmbientCredentials,omitempty"` // Whether a cluster-issuer may make use of ambient credentials for issuers. // 'Ambient Credentials' are credentials drawn from the environment, metadata // services, or local files which are not explicitly configured in the // ClusterIssuer API object. When this flag is enabled, the following sources // for credentials are also used: AWS - All sources the Go SDK defaults to, // notably including any EC2 IAM roles available via instance metadata. ClusterIssuerAmbientCredentials *bool `json:"clusterIssuerAmbientCredentials,omitempty"` // Whether to set the certificate resource as an owner of secret where the // tls certificate is stored. When this flag is enabled, the secret will be // automatically removed when the certificate resource is deleted. EnableCertificateOwnerRef *bool `json:"enableCertificateOwnerRef,omitempty"` // Whether gateway API integration is enabled within cert-manager. The // ExperimentalGatewayAPISupport feature gate must also be enabled (default // as of 1.15). EnableGatewayAPI *bool `json:"enableGatewayAPI,omitempty"` // Specify which annotations should/shouldn't be copied from Certificate to // CertificateRequest and Order, as well as from CertificateSigningRequest to // Order, by passing a list of annotation key prefixes. A prefix starting with // a dash(-) specifies an annotation that shouldn't be copied. Example: // '*,-kubectl.kubernetes.io/'- all annotations will be copied apart from the // ones where the key is prefixed with 'kubectl.kubernetes.io/'. CopiedAnnotationPrefixes []string `json:"copiedAnnotationPrefixes,omitempty"` // The number of concurrent workers for each controller. NumberOfConcurrentWorkers *int32 `json:"numberOfConcurrentWorkers,omitempty"` // The maximum number of challenges that can be scheduled as 'processing' at once. MaxConcurrentChallenges *int32 `json:"maxConcurrentChallenges,omitempty"` // The host and port that the metrics endpoint should listen on. MetricsListenAddress string `json:"metricsListenAddress,omitempty"` // TLS config for the metrics endpoint MetricsTLSConfig sharedv1alpha1.TLSConfig `json:"metricsTLSConfig"` // The host and port address, separated by a ':', that the healthz server // should listen on. HealthzListenAddress string `json:"healthzListenAddress,omitempty"` // Enable profiling for controller. EnablePprof *bool `json:"enablePprof"` // The host and port that Go profiler should listen on, i.e localhost:6060. // Ensure that profiler is not exposed on a public address. Profiler will be // served at /debug/pprof. PprofAddress string `json:"pprofAddress,omitempty"` // logging configures the logging behaviour of the controller. // https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration Logging logsapi.LoggingConfiguration `json:"logging"` // featureGates is a map of feature names to bools that enable or disable experimental // features. // +optional FeatureGates map[string]bool `json:"featureGates,omitempty"` // ingressShimConfig configures the behaviour of the ingress-shim controller IngressShimConfig IngressShimConfig `json:"ingressShimConfig,omitempty"` // acmeHTTP01Config configures the behaviour of the ACME HTTP01 challenge solver ACMEHTTP01Config ACMEHTTP01Config `json:"acmeHTTP01Config,omitempty"` // acmeDNS01Config configures the behaviour of the ACME DNS01 challenge solver ACMEDNS01Config ACMEDNS01Config `json:"acmeDNS01Config,omitempty"` }
func (*ControllerConfiguration) DeepCopy ¶
func (in *ControllerConfiguration) DeepCopy() *ControllerConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfiguration.
func (*ControllerConfiguration) DeepCopyInto ¶
func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ControllerConfiguration) DeepCopyObject ¶
func (in *ControllerConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IngressShimConfig ¶
type IngressShimConfig struct { // Default issuer/certificates details consumed by ingress-shim // Name of the Issuer to use when the tls is requested but issuer name is // not specified on the ingress resource. DefaultIssuerName string `json:"defaultIssuerName,omitempty"` // Kind of the Issuer to use when the TLS is requested but issuer kind is not // specified on the ingress resource. DefaultIssuerKind string `json:"defaultIssuerKind,omitempty"` // Group of the Issuer to use when the TLS is requested but issuer group is // not specified on the ingress resource. DefaultIssuerGroup string `json:"defaultIssuerGroup,omitempty"` // The annotation consumed by the ingress-shim controller to indicate an ingress // is requesting a certificate DefaultAutoCertificateAnnotations []string `json:"defaultAutoCertificateAnnotations,omitempty"` }
func (*IngressShimConfig) DeepCopy ¶
func (in *IngressShimConfig) DeepCopy() *IngressShimConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressShimConfig.
func (*IngressShimConfig) DeepCopyInto ¶
func (in *IngressShimConfig) DeepCopyInto(out *IngressShimConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LeaderElectionConfig ¶
type LeaderElectionConfig struct { sharedv1alpha1.LeaderElectionConfig `json:",inline"` // Leader election healthz checks within this timeout period after the lease // expires will still return healthy. HealthzTimeout *sharedv1alpha1.Duration `json:"healthzTimeout,omitempty"` }
func (*LeaderElectionConfig) DeepCopy ¶
func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig.
func (*LeaderElectionConfig) DeepCopyInto ¶
func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.