Mercurial > code > home > repos > pomerium

annotate cert-manager.yaml @ 15:b0761c1022d9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ignore
author drewp@bigasterisk.com
date Sun, 09 Apr 2023 13:37:19 -0700
parents 0ae82df13719
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1 # Copyright 2022 The cert-manager Authors.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2 #
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3 # Licensed under the Apache License, Version 2.0 (the "License");
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4 # you may not use this file except in compliance with the License.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5 # You may obtain a copy of the License at
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
6 #
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
7 # http://www.apache.org/licenses/LICENSE-2.0
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
8 #
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
9 # Unless required by applicable law or agreed to in writing, software
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
10 # distributed under the License is distributed on an "AS IS" BASIS,
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
12 # See the License for the specific language governing permissions and
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
13 # limitations under the License.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
14
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
15 apiVersion: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
16 kind: Namespace
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
17 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
18 name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
19 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
20 # Source: cert-manager/templates/crds.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
21 apiVersion: apiextensions.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
22 kind: CustomResourceDefinition
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
23 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
24 name: clusterissuers.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
25 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
26 app: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
27 app.kubernetes.io/name: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
28 app.kubernetes.io/instance: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
29 # Generated labels
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
30 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
31 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
32 group: cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
33 names:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
34 kind: ClusterIssuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
35 listKind: ClusterIssuerList
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
36 plural: clusterissuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
37 singular: clusterissuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
38 categories:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
39 - cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
40 scope: Cluster
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
41 versions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
42 - name: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
43 subresources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
44 status: {}
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
45 additionalPrinterColumns:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
46 - jsonPath: .status.conditions[?(@.type=="Ready")].status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
47 name: Ready
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
48 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
49 - jsonPath: .status.conditions[?(@.type=="Ready")].message
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
50 name: Status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
51 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
52 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
53 - jsonPath: .metadata.creationTimestamp
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
54 description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
55 name: Age
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
56 type: date
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
57 schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
58 openAPIV3Schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
59 description: A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
60 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
61 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
62 - spec
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
63 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
64 apiVersion:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
65 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
66 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
67 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
68 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
69 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
70 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
71 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
72 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
73 description: Desired state of the ClusterIssuer resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
74 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
75 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
76 acme:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
77 description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
78 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
79 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
80 - privateKeySecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
81 - server
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
82 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
83 disableAccountKeyGeneration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
84 description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
85 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
86 email:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
87 description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
88 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
89 enableDurationFeature:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
90 description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
91 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
92 externalAccountBinding:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
93 description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
94 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
95 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
96 - keyID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
97 - keySecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
98 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
99 keyAlgorithm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
100 description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
101 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
102 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
103 - HS256
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
104 - HS384
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
105 - HS512
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
106 keyID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
107 description: keyID is the ID of the CA key that the External Account is bound to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
108 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
109 keySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
110 description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
111 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
112 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
113 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
114 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
115 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
116 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
117 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
118 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
119 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
120 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
121 preferredChain:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
122 description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
123 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
124 maxLength: 64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
125 privateKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
126 description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
127 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
128 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
129 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
130 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
131 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
132 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
133 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
134 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
135 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
136 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
137 server:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
138 description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
139 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
140 skipTLSVerify:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
141 description: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
142 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
143 solvers:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
144 description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
145 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
146 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
147 description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
148 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
149 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
150 dns01:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
151 description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
152 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
153 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
154 acmeDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
155 description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
156 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
157 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
158 - accountSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
159 - host
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
160 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
161 accountSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
162 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
163 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
164 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
165 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
166 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
167 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
168 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
169 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
170 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
171 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
172 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
173 host:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
174 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
175 akamai:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
176 description: Use the Akamai DNS zone management API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
177 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
178 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
179 - accessTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
180 - clientSecretSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
181 - clientTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
182 - serviceConsumerDomain
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
183 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
184 accessTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
185 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
186 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
187 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
188 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
189 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
190 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
191 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
192 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
193 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
194 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
195 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
196 clientSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
197 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
198 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
199 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
200 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
201 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
202 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
203 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
204 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
205 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
206 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
207 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
208 clientTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
209 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
210 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
211 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
212 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
213 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
214 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
215 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
216 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
217 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
218 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
219 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
220 serviceConsumerDomain:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
221 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
222 azureDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
223 description: Use the Microsoft Azure DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
224 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
225 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
226 - resourceGroupName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
227 - subscriptionID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
228 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
229 clientID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
230 description: if both this and ClientSecret are left unset MSI will be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
231 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
232 clientSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
233 description: if both this and ClientID are left unset MSI will be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
234 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
235 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
236 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
237 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
238 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
239 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
240 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
241 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
242 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
243 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
244 environment:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
245 description: name of the Azure environment (default AzurePublicCloud)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
246 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
247 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
248 - AzurePublicCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
249 - AzureChinaCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
250 - AzureGermanCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
251 - AzureUSGovernmentCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
252 hostedZoneName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
253 description: name of the DNS zone that should be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
254 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
255 managedIdentity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
256 description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
257 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
258 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
259 clientID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
260 description: client ID of the managed identity, can not be used at the same time as resourceID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
261 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
262 resourceID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
263 description: resource ID of the managed identity, can not be used at the same time as clientID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
264 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
265 resourceGroupName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
266 description: resource group the DNS zone is located in
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
267 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
268 subscriptionID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
269 description: ID of the Azure subscription
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
270 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
271 tenantID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
272 description: when specifying ClientID and ClientSecret then this field is also needed
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
273 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
274 cloudDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
275 description: Use the Google Cloud DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
276 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
277 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
278 - project
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
279 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
280 hostedZoneName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
281 description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
282 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
283 project:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
284 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
285 serviceAccountSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
286 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
287 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
288 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
289 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
290 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
291 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
292 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
293 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
294 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
295 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
296 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
297 cloudflare:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
298 description: Use the Cloudflare API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
299 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
300 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
301 apiKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
302 description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
303 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
304 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
305 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
306 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
307 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
308 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
309 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
310 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
311 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
312 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
313 apiTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
314 description: API token used to authenticate with Cloudflare.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
315 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
316 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
317 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
318 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
319 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
320 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
321 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
322 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
323 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
324 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
325 email:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
326 description: Email of the account, only required when using API key based authentication.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
327 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
328 cnameStrategy:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
329 description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
330 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
331 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
332 - None
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
333 - Follow
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
334 digitalocean:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
335 description: Use the DigitalOcean DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
336 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
337 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
338 - tokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
339 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
340 tokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
341 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
342 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
343 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
344 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
345 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
346 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
347 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
348 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
349 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
350 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
351 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
352 rfc2136:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
353 description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
354 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
355 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
356 - nameserver
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
357 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
358 nameserver:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
359 description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
360 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
361 tsigAlgorithm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
362 description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
363 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
364 tsigKeyName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
365 description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
366 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
367 tsigSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
368 description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
369 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
370 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
371 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
372 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
373 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
374 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
375 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
376 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
377 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
378 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
379 route53:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
380 description: Use the AWS Route53 API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
381 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
382 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
383 - region
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
384 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
385 accessKeyID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
386 description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
387 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
388 accessKeyIDSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
389 description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
390 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
391 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
392 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
393 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
394 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
395 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
396 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
397 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
398 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
399 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
400 hostedZoneID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
401 description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
402 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
403 region:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
404 description: Always set the region when using AccessKeyID and SecretAccessKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
405 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
406 role:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
407 description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
408 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
409 secretAccessKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
410 description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
411 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
412 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
413 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
414 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
415 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
416 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
417 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
418 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
419 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
420 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
421 webhook:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
422 description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
423 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
424 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
425 - groupName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
426 - solverName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
427 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
428 config:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
429 description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
430 x-kubernetes-preserve-unknown-fields: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
431 groupName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
432 description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
433 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
434 solverName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
435 description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
436 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
437 http01:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
438 description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
439 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
440 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
441 gatewayHTTPRoute:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
442 description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
443 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
444 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
445 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
446 description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
447 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
448 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
449 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
450 parentRefs:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
451 description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
452 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
453 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
454 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
455 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
456 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
457 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
458 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
459 group:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
460 description: "Group is the group of the referent. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
461 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
462 default: gateway.networking.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
463 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
464 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
465 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
466 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Custom (Other Resources)"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
467 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
468 default: Gateway
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
469 maxLength: 63
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
470 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
471 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
472 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
473 description: "Name is the name of the referent. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
474 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
475 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
476 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
477 namespace:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
478 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
479 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
480 maxLength: 63
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
481 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
482 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
483 port:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
484 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
485 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
486 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
487 maximum: 65535
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
488 minimum: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
489 sectionName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
490 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
491 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
492 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
493 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
494 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
495 serviceType:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
496 description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
497 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
498 ingress:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
499 description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
500 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
501 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
502 class:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
503 description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
504 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
505 ingressTemplate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
506 description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
507 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
508 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
509 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
510 description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
511 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
512 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
513 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
514 description: Annotations that should be added to the created ACME HTTP01 solver ingress.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
515 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
516 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
517 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
518 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
519 description: Labels that should be added to the created ACME HTTP01 solver ingress.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
520 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
521 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
522 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
523 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
524 description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
525 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
526 podTemplate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
527 description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
528 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
529 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
530 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
531 description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
532 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
533 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
534 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
535 description: Annotations that should be added to the create ACME HTTP01 solver pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
536 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
537 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
538 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
539 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
540 description: Labels that should be added to the created ACME HTTP01 solver pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
541 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
542 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
543 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
544 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
545 description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
546 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
547 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
548 affinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
549 description: If specified, the pod's scheduling constraints
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
550 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
551 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
552 nodeAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
553 description: Describes node affinity scheduling rules for the pod.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
554 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
555 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
556 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
557 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
558 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
559 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
560 description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
561 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
562 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
563 - preference
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
564 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
565 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
566 preference:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
567 description: A node selector term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
568 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
569 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
570 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
571 description: A list of node selector requirements by node's labels.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
572 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
573 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
574 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
575 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
576 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
577 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
578 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
579 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
580 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
581 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
582 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
583 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
584 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
585 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
586 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
587 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
588 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
589 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
590 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
591 matchFields:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
592 description: A list of node selector requirements by node's fields.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
593 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
594 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
595 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
596 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
597 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
598 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
599 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
600 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
601 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
602 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
603 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
604 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
605 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
606 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
607 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
608 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
609 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
610 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
611 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
612 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
613 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
614 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
615 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
616 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
617 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
618 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
619 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
620 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
621 - nodeSelectorTerms
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
622 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
623 nodeSelectorTerms:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
624 description: Required. A list of node selector terms. The terms are ORed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
625 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
626 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
627 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
628 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
629 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
630 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
631 description: A list of node selector requirements by node's labels.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
632 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
633 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
634 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
635 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
636 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
637 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
638 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
639 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
640 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
641 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
642 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
643 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
644 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
645 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
646 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
647 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
648 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
649 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
650 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
651 matchFields:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
652 description: A list of node selector requirements by node's fields.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
653 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
654 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
655 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
656 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
657 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
658 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
659 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
660 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
661 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
662 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
663 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
664 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
665 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
666 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
667 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
668 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
669 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
670 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
671 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
672 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
673 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
674 podAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
675 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
676 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
677 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
678 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
679 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
680 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
681 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
682 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
683 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
684 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
685 - podAffinityTerm
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
686 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
687 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
688 podAffinityTerm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
689 description: Required. A pod affinity term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
690 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
691 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
692 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
693 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
694 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
695 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
696 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
697 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
698 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
699 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
700 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
701 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
702 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
703 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
704 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
705 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
706 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
707 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
708 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
709 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
710 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
711 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
712 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
713 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
714 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
715 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
716 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
717 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
718 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
719 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
720 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
721 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
722 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
723 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
724 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
725 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
726 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
727 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
728 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
729 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
730 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
731 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
732 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
733 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
734 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
735 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
736 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
737 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
738 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
739 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
740 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
741 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
742 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
743 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
744 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
745 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
746 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
747 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
748 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
749 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
750 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
751 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
752 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
753 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
754 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
755 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
756 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
757 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
758 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
759 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
760 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
761 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
762 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
763 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
764 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
765 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
766 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
767 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
768 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
769 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
770 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
771 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
772 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
773 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
774 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
775 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
776 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
777 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
778 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
779 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
780 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
781 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
782 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
783 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
784 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
785 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
786 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
787 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
788 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
789 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
790 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
791 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
792 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
793 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
794 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
795 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
796 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
797 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
798 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
799 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
800 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
801 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
802 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
803 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
804 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
805 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
806 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
807 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
808 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
809 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
810 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
811 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
812 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
813 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
814 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
815 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
816 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
817 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
818 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
819 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
820 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
821 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
822 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
823 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
824 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
825 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
826 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
827 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
828 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
829 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
830 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
831 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
832 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
833 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
834 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
835 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
836 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
837 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
838 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
839 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
840 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
841 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
842 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
843 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
844 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
845 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
846 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
847 podAntiAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
848 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
849 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
850 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
851 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
852 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
853 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
854 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
855 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
856 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
857 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
858 - podAffinityTerm
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
859 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
860 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
861 podAffinityTerm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
862 description: Required. A pod affinity term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
863 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
864 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
865 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
866 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
867 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
868 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
869 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
870 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
871 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
872 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
873 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
874 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
875 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
876 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
877 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
878 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
879 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
880 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
881 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
882 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
883 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
884 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
885 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
886 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
887 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
888 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
889 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
890 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
891 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
892 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
893 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
894 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
895 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
896 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
897 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
898 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
899 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
900 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
901 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
902 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
903 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
904 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
905 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
906 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
907 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
908 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
909 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
910 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
911 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
912 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
913 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
914 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
915 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
916 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
917 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
918 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
919 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
920 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
921 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
922 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
923 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
924 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
925 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
926 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
927 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
928 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
929 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
930 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
931 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
932 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
933 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
934 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
935 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
936 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
937 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
938 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
939 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
940 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
941 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
942 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
943 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
944 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
945 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
946 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
947 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
948 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
949 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
950 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
951 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
952 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
953 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
954 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
955 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
956 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
957 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
958 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
959 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
960 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
961 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
962 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
963 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
964 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
965 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
966 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
967 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
968 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
969 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
970 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
971 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
972 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
973 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
974 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
975 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
976 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
977 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
978 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
979 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
980 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
981 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
982 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
983 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
984 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
985 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
986 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
987 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
988 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
989 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
990 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
991 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
992 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
993 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
994 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
995 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
996 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
997 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
998 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
999 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1000 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1001 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1002 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1003 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1004 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1005 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1006 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1007 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1008 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1009 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1010 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1011 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1012 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1013 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1014 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1015 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1016 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1017 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1018 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1019 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1020 nodeSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1021 description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1022 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1023 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1024 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1025 priorityClassName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1026 description: If specified, the pod's priorityClassName.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1027 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1028 serviceAccountName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1029 description: If specified, the pod's service account
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1030 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1031 tolerations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1032 description: If specified, the pod's tolerations.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1033 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1034 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1035 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1036 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1037 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1038 effect:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1039 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1040 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1041 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1042 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1043 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1044 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1045 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1046 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1047 tolerationSeconds:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1048 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1049 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1050 format: int64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1051 value:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1052 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1053 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1054 serviceType:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1055 description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1056 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1057 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1058 description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1059 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1060 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1061 dnsNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1062 description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1063 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1064 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1065 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1066 dnsZones:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1067 description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1068 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1069 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1070 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1071 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1072 description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1073 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1074 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1075 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1076 ca:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1077 description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1078 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1079 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1080 - secretName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1081 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1082 crlDistributionPoints:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1083 description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1084 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1085 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1086 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1087 ocspServers:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1088 description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1089 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1090 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1091 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1092 secretName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1093 description: SecretName is the name of the secret used to sign Certificates issued by this Issuer.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1094 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1095 selfSigned:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1096 description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1097 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1098 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1099 crlDistributionPoints:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1100 description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1101 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1102 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1103 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1104 vault:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1105 description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1106 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1107 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1108 - auth
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1109 - path
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1110 - server
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1111 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1112 auth:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1113 description: Auth configures how cert-manager authenticates with the Vault server.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1114 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1115 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1116 appRole:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1117 description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1118 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1119 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1120 - path
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1121 - roleId
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1122 - secretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1123 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1124 path:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1125 description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1126 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1127 roleId:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1128 description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1129 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1130 secretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1131 description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1132 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1133 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1134 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1135 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1136 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1137 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1138 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1139 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1140 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1141 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1142 kubernetes:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1143 description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1144 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1145 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1146 - role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1147 - secretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1148 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1149 mountPath:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1150 description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1151 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1152 role:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1153 description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1154 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1155 secretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1156 description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1157 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1158 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1159 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1160 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1161 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1162 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1163 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1164 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1165 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1166 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1167 tokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1168 description: TokenSecretRef authenticates with Vault by presenting a token.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1169 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1170 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1171 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1172 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1173 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1174 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1175 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1176 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1177 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1178 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1179 caBundle:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1180 description: PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1181 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1182 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1183 caBundleSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1184 description: CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1185 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1186 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1187 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1188 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1189 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1190 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1191 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1192 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1193 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1194 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1195 namespace:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1196 description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1197 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1198 path:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1199 description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1200 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1201 server:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1202 description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1203 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1204 venafi:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1205 description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1206 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1207 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1208 - zone
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1209 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1210 cloud:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1211 description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1212 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1213 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1214 - apiTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1215 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1216 apiTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1217 description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1218 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1219 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1220 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1221 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1222 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1223 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1224 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1225 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1226 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1227 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1228 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1229 description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1230 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1231 tpp:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1232 description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1233 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1234 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1235 - credentialsRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1236 - url
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1237 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1238 caBundle:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1239 description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1240 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1241 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1242 credentialsRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1243 description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1244 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1245 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1246 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1247 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1248 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1249 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1250 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1251 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1252 description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1253 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1254 zone:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1255 description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1256 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1257 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1258 description: Status of the ClusterIssuer. This is set and managed automatically.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1259 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1260 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1261 acme:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1262 description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1263 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1264 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1265 lastRegisteredEmail:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1266 description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1267 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1268 uri:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1269 description: URI is the unique account identifier, which can also be used to retrieve account details from the CA
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1270 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1271 conditions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1272 description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1273 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1274 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1275 description: IssuerCondition contains condition information for an Issuer.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1276 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1277 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1278 - status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1279 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1280 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1281 lastTransitionTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1282 description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1283 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1284 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1285 message:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1286 description: Message is a human readable description of the details of the last transition, complementing reason.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1287 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1288 observedGeneration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1289 description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1290 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1291 format: int64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1292 reason:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1293 description: Reason is a brief machine readable explanation for the condition's last transition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1294 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1295 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1296 description: Status of the condition, one of (`True`, `False`, `Unknown`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1297 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1298 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1299 - "True"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1300 - "False"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1301 - Unknown
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1302 type:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1303 description: Type of the condition, known values are (`Ready`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1304 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1305 x-kubernetes-list-map-keys:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1306 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1307 x-kubernetes-list-type: map
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1308 served: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1309 storage: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1310 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1311 # Source: cert-manager/templates/crds.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1312 apiVersion: apiextensions.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1313 kind: CustomResourceDefinition
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1314 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1315 name: challenges.acme.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1316 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1317 app: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1318 app.kubernetes.io/name: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1319 app.kubernetes.io/instance: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1320 # Generated labels
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1321 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1322 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1323 group: acme.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1324 names:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1325 kind: Challenge
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1326 listKind: ChallengeList
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1327 plural: challenges
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1328 singular: challenge
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1329 categories:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1330 - cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1331 - cert-manager-acme
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1332 scope: Namespaced
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1333 versions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1334 - additionalPrinterColumns:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1335 - jsonPath: .status.state
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1336 name: State
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1337 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1338 - jsonPath: .spec.dnsName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1339 name: Domain
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1340 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1341 - jsonPath: .status.reason
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1342 name: Reason
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1343 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1344 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1345 - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1346 jsonPath: .metadata.creationTimestamp
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1347 name: Age
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1348 type: date
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1349 name: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1350 schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1351 openAPIV3Schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1352 description: Challenge is a type to represent a Challenge request with an ACME server
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1353 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1354 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1355 - metadata
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1356 - spec
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1357 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1358 apiVersion:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1359 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1360 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1361 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1362 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1363 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1364 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1365 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1366 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1367 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1368 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1369 - authorizationURL
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1370 - dnsName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1371 - issuerRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1372 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1373 - solver
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1374 - token
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1375 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1376 - url
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1377 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1378 authorizationURL:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1379 description: The URL to the ACME Authorization resource that this challenge is a part of.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1380 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1381 dnsName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1382 description: dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1383 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1384 issuerRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1385 description: References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1386 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1387 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1388 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1389 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1390 group:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1391 description: Group of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1392 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1393 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1394 description: Kind of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1395 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1396 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1397 description: Name of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1398 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1399 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1400 description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `<private key JWK thumbprint>.<key from acme server for challenge>`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `<private key JWK thumbprint>.<key from acme server for challenge>` text that must be set as the TXT record content.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1401 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1402 solver:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1403 description: Contains the domain solving configuration that should be used to solve this challenge resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1404 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1405 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1406 dns01:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1407 description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1408 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1409 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1410 acmeDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1411 description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1412 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1413 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1414 - accountSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1415 - host
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1416 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1417 accountSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1418 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1419 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1420 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1421 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1422 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1423 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1424 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1425 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1426 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1427 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1428 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1429 host:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1430 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1431 akamai:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1432 description: Use the Akamai DNS zone management API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1433 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1434 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1435 - accessTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1436 - clientSecretSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1437 - clientTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1438 - serviceConsumerDomain
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1439 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1440 accessTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1441 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1442 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1443 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1444 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1445 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1446 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1447 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1448 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1449 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1450 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1451 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1452 clientSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1453 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1454 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1455 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1456 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1457 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1458 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1459 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1460 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1461 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1462 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1463 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1464 clientTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1465 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1466 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1467 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1468 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1469 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1470 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1471 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1472 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1473 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1474 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1475 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1476 serviceConsumerDomain:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1477 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1478 azureDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1479 description: Use the Microsoft Azure DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1480 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1481 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1482 - resourceGroupName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1483 - subscriptionID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1484 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1485 clientID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1486 description: if both this and ClientSecret are left unset MSI will be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1487 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1488 clientSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1489 description: if both this and ClientID are left unset MSI will be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1490 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1491 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1492 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1493 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1494 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1495 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1496 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1497 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1498 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1499 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1500 environment:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1501 description: name of the Azure environment (default AzurePublicCloud)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1502 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1503 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1504 - AzurePublicCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1505 - AzureChinaCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1506 - AzureGermanCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1507 - AzureUSGovernmentCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1508 hostedZoneName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1509 description: name of the DNS zone that should be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1510 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1511 managedIdentity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1512 description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1513 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1514 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1515 clientID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1516 description: client ID of the managed identity, can not be used at the same time as resourceID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1517 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1518 resourceID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1519 description: resource ID of the managed identity, can not be used at the same time as clientID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1520 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1521 resourceGroupName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1522 description: resource group the DNS zone is located in
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1523 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1524 subscriptionID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1525 description: ID of the Azure subscription
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1526 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1527 tenantID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1528 description: when specifying ClientID and ClientSecret then this field is also needed
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1529 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1530 cloudDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1531 description: Use the Google Cloud DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1532 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1533 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1534 - project
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1535 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1536 hostedZoneName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1537 description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1538 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1539 project:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1540 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1541 serviceAccountSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1542 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1543 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1544 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1545 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1546 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1547 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1548 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1549 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1550 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1551 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1552 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1553 cloudflare:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1554 description: Use the Cloudflare API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1555 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1556 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1557 apiKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1558 description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1559 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1560 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1561 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1562 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1563 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1564 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1565 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1566 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1567 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1568 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1569 apiTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1570 description: API token used to authenticate with Cloudflare.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1571 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1572 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1573 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1574 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1575 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1576 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1577 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1578 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1579 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1580 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1581 email:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1582 description: Email of the account, only required when using API key based authentication.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1583 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1584 cnameStrategy:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1585 description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1586 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1587 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1588 - None
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1589 - Follow
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1590 digitalocean:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1591 description: Use the DigitalOcean DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1592 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1593 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1594 - tokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1595 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1596 tokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1597 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1598 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1599 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1600 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1601 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1602 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1603 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1604 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1605 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1606 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1607 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1608 rfc2136:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1609 description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1610 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1611 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1612 - nameserver
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1613 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1614 nameserver:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1615 description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1616 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1617 tsigAlgorithm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1618 description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1619 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1620 tsigKeyName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1621 description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1622 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1623 tsigSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1624 description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1625 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1626 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1627 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1628 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1629 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1630 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1631 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1632 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1633 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1634 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1635 route53:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1636 description: Use the AWS Route53 API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1637 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1638 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1639 - region
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1640 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1641 accessKeyID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1642 description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1643 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1644 accessKeyIDSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1645 description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1646 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1647 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1648 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1649 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1650 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1651 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1652 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1653 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1654 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1655 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1656 hostedZoneID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1657 description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1658 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1659 region:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1660 description: Always set the region when using AccessKeyID and SecretAccessKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1661 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1662 role:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1663 description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1664 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1665 secretAccessKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1666 description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1667 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1668 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1669 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1670 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1671 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1672 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1673 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1674 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1675 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1676 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1677 webhook:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1678 description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1679 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1680 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1681 - groupName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1682 - solverName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1683 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1684 config:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1685 description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1686 x-kubernetes-preserve-unknown-fields: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1687 groupName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1688 description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1689 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1690 solverName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1691 description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1692 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1693 http01:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1694 description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1695 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1696 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1697 gatewayHTTPRoute:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1698 description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1699 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1700 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1701 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1702 description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1703 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1704 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1705 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1706 parentRefs:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1707 description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1708 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1709 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1710 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1711 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1712 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1713 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1714 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1715 group:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1716 description: "Group is the group of the referent. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1717 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1718 default: gateway.networking.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1719 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1720 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1721 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1722 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Custom (Other Resources)"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1723 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1724 default: Gateway
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1725 maxLength: 63
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1726 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1727 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1728 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1729 description: "Name is the name of the referent. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1730 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1731 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1732 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1733 namespace:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1734 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1735 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1736 maxLength: 63
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1737 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1738 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1739 port:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1740 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1741 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1742 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1743 maximum: 65535
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1744 minimum: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1745 sectionName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1746 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1747 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1748 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1749 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1750 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1751 serviceType:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1752 description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1753 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1754 ingress:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1755 description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1756 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1757 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1758 class:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1759 description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1760 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1761 ingressTemplate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1762 description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1763 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1764 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1765 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1766 description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1767 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1768 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1769 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1770 description: Annotations that should be added to the created ACME HTTP01 solver ingress.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1771 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1772 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1773 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1774 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1775 description: Labels that should be added to the created ACME HTTP01 solver ingress.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1776 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1777 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1778 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1779 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1780 description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1781 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1782 podTemplate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1783 description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1784 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1785 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1786 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1787 description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1788 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1789 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1790 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1791 description: Annotations that should be added to the create ACME HTTP01 solver pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1792 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1793 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1794 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1795 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1796 description: Labels that should be added to the created ACME HTTP01 solver pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1797 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1798 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1799 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1800 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1801 description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1802 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1803 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1804 affinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1805 description: If specified, the pod's scheduling constraints
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1806 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1807 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1808 nodeAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1809 description: Describes node affinity scheduling rules for the pod.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1810 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1811 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1812 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1813 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1814 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1815 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1816 description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1817 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1818 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1819 - preference
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1820 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1821 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1822 preference:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1823 description: A node selector term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1824 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1825 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1826 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1827 description: A list of node selector requirements by node's labels.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1828 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1829 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1830 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1831 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1832 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1833 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1834 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1835 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1836 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1837 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1838 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1839 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1840 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1841 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1842 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1843 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1844 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1845 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1846 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1847 matchFields:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1848 description: A list of node selector requirements by node's fields.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1849 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1850 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1851 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1852 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1853 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1854 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1855 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1856 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1857 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1858 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1859 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1860 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1861 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1862 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1863 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1864 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1865 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1866 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1867 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1868 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1869 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1870 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1871 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1872 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1873 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1874 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1875 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1876 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1877 - nodeSelectorTerms
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1878 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1879 nodeSelectorTerms:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1880 description: Required. A list of node selector terms. The terms are ORed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1881 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1882 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1883 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1884 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1885 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1886 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1887 description: A list of node selector requirements by node's labels.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1888 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1889 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1890 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1891 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1892 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1893 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1894 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1895 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1896 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1897 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1898 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1899 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1900 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1901 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1902 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1903 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1904 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1905 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1906 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1907 matchFields:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1908 description: A list of node selector requirements by node's fields.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1909 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1910 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1911 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1912 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1913 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1914 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1915 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1916 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1917 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1918 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1919 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1920 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1921 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1922 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1923 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1924 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1925 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1926 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1927 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1928 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1929 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1930 podAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1931 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1932 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1933 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1934 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1935 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1936 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1937 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1938 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1939 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1940 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1941 - podAffinityTerm
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1942 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1943 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1944 podAffinityTerm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1945 description: Required. A pod affinity term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1946 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1947 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1948 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1949 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1950 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1951 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1952 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1953 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1954 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1955 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1956 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1957 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1958 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1959 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1960 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1961 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1962 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1963 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1964 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1965 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1966 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1967 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1968 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1969 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1970 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1971 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1972 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1973 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1974 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1975 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1976 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1977 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1978 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1979 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1980 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1981 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1982 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1983 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1984 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1985 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1986 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1987 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1988 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1989 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1990 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1991 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1992 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1993 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1994 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1995 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1996 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1997 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1998 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
1999 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2000 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2001 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2002 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2003 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2004 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2005 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2006 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2007 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2008 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2009 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2010 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2011 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2012 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2013 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2014 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2015 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2016 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2017 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2018 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2019 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2020 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2021 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2022 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2023 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2024 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2025 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2026 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2027 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2028 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2029 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2030 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2031 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2032 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2033 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2034 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2035 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2036 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2037 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2038 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2039 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2040 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2041 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2042 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2043 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2044 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2045 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2046 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2047 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2048 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2049 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2050 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2051 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2052 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2053 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2054 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2055 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2056 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2057 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2058 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2059 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2060 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2061 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2062 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2063 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2064 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2065 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2066 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2067 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2068 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2069 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2070 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2071 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2072 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2073 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2074 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2075 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2076 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2077 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2078 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2079 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2080 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2081 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2082 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2083 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2084 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2085 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2086 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2087 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2088 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2089 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2090 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2091 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2092 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2093 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2094 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2095 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2096 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2097 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2098 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2099 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2100 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2101 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2102 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2103 podAntiAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2104 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2105 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2106 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2107 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2108 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2109 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2110 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2111 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2112 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2113 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2114 - podAffinityTerm
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2115 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2116 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2117 podAffinityTerm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2118 description: Required. A pod affinity term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2119 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2120 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2121 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2122 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2123 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2124 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2125 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2126 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2127 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2128 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2129 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2130 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2131 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2132 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2133 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2134 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2135 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2136 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2137 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2138 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2139 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2140 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2141 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2142 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2143 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2144 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2145 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2146 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2147 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2148 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2149 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2150 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2151 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2152 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2153 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2154 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2155 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2156 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2157 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2158 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2159 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2160 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2161 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2162 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2163 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2164 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2165 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2166 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2167 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2168 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2169 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2170 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2171 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2172 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2173 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2174 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2175 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2176 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2177 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2178 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2179 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2180 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2181 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2182 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2183 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2184 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2185 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2186 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2187 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2188 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2189 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2190 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2191 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2192 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2193 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2194 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2195 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2196 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2197 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2198 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2199 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2200 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2201 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2202 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2203 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2204 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2205 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2206 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2207 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2208 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2209 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2210 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2211 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2212 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2213 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2214 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2215 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2216 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2217 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2218 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2219 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2220 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2221 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2222 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2223 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2224 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2225 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2226 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2227 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2228 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2229 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2230 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2231 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2232 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2233 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2234 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2235 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2236 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2237 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2238 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2239 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2240 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2241 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2242 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2243 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2244 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2245 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2246 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2247 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2248 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2249 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2250 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2251 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2252 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2253 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2254 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2255 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2256 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2257 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2258 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2259 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2260 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2261 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2262 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2263 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2264 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2265 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2266 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2267 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2268 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2269 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2270 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2271 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2272 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2273 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2274 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2275 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2276 nodeSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2277 description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2278 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2279 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2280 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2281 priorityClassName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2282 description: If specified, the pod's priorityClassName.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2283 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2284 serviceAccountName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2285 description: If specified, the pod's service account
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2286 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2287 tolerations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2288 description: If specified, the pod's tolerations.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2289 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2290 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2291 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2292 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2293 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2294 effect:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2295 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2296 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2297 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2298 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2299 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2300 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2301 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2302 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2303 tolerationSeconds:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2304 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2305 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2306 format: int64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2307 value:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2308 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2309 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2310 serviceType:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2311 description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2312 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2313 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2314 description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2315 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2316 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2317 dnsNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2318 description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2319 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2320 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2321 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2322 dnsZones:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2323 description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2324 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2325 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2326 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2327 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2328 description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2329 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2330 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2331 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2332 token:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2333 description: The ACME challenge token for this challenge. This is the raw value returned from the ACME server.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2334 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2335 type:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2336 description: The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2337 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2338 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2339 - HTTP-01
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2340 - DNS-01
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2341 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2342 description: The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2343 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2344 wildcard:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2345 description: wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2346 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2347 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2348 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2349 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2350 presented:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2351 description: presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2352 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2353 processing:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2354 description: Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2355 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2356 reason:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2357 description: Contains human readable information on why the Challenge is in the current state.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2358 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2359 state:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2360 description: Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2361 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2362 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2363 - valid
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2364 - ready
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2365 - pending
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2366 - processing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2367 - invalid
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2368 - expired
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2369 - errored
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2370 served: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2371 storage: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2372 subresources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2373 status: {}
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2374 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2375 # Source: cert-manager/templates/crds.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2376 apiVersion: apiextensions.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2377 kind: CustomResourceDefinition
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2378 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2379 name: certificaterequests.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2380 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2381 app: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2382 app.kubernetes.io/name: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2383 app.kubernetes.io/instance: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2384 # Generated labels
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2385 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2386 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2387 group: cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2388 names:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2389 kind: CertificateRequest
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2390 listKind: CertificateRequestList
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2391 plural: certificaterequests
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2392 shortNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2393 - cr
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2394 - crs
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2395 singular: certificaterequest
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2396 categories:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2397 - cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2398 scope: Namespaced
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2399 versions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2400 - name: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2401 subresources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2402 status: {}
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2403 additionalPrinterColumns:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2404 - jsonPath: .status.conditions[?(@.type=="Approved")].status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2405 name: Approved
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2406 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2407 - jsonPath: .status.conditions[?(@.type=="Denied")].status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2408 name: Denied
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2409 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2410 - jsonPath: .status.conditions[?(@.type=="Ready")].status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2411 name: Ready
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2412 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2413 - jsonPath: .spec.issuerRef.name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2414 name: Issuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2415 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2416 - jsonPath: .spec.username
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2417 name: Requestor
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2418 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2419 - jsonPath: .status.conditions[?(@.type=="Ready")].message
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2420 name: Status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2421 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2422 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2423 - jsonPath: .metadata.creationTimestamp
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2424 description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2425 name: Age
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2426 type: date
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2427 schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2428 openAPIV3Schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2429 description: "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used."
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2430 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2431 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2432 - spec
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2433 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2434 apiVersion:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2435 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2436 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2437 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2438 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2439 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2440 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2441 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2442 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2443 description: Desired state of the CertificateRequest resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2444 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2445 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2446 - issuerRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2447 - request
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2448 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2449 duration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2450 description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2451 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2452 extra:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2453 description: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2454 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2455 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2456 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2457 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2458 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2459 groups:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2460 description: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2461 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2462 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2463 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2464 x-kubernetes-list-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2465 isCA:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2466 description: IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2467 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2468 issuerRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2469 description: IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2470 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2471 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2472 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2473 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2474 group:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2475 description: Group of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2476 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2477 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2478 description: Kind of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2479 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2480 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2481 description: Name of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2482 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2483 request:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2484 description: The PEM-encoded x509 certificate signing request to be submitted to the CA for signing.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2485 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2486 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2487 uid:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2488 description: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2489 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2490 usages:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2491 description: Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2492 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2493 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2494 description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\""
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2495 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2496 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2497 - signing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2498 - digital signature
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2499 - content commitment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2500 - key encipherment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2501 - key agreement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2502 - data encipherment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2503 - cert sign
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2504 - crl sign
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2505 - encipher only
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2506 - decipher only
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2507 - any
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2508 - server auth
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2509 - client auth
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2510 - code signing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2511 - email protection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2512 - s/mime
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2513 - ipsec end system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2514 - ipsec tunnel
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2515 - ipsec user
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2516 - timestamping
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2517 - ocsp signing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2518 - microsoft sgc
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2519 - netscape sgc
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2520 username:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2521 description: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2522 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2523 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2524 description: Status of the CertificateRequest. This is set and managed automatically.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2525 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2526 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2527 ca:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2528 description: The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2529 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2530 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2531 certificate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2532 description: The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2533 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2534 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2535 conditions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2536 description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2537 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2538 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2539 description: CertificateRequestCondition contains condition information for a CertificateRequest.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2540 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2541 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2542 - status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2543 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2544 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2545 lastTransitionTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2546 description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2547 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2548 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2549 message:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2550 description: Message is a human readable description of the details of the last transition, complementing reason.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2551 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2552 reason:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2553 description: Reason is a brief machine readable explanation for the condition's last transition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2554 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2555 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2556 description: Status of the condition, one of (`True`, `False`, `Unknown`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2557 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2558 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2559 - "True"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2560 - "False"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2561 - Unknown
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2562 type:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2563 description: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2564 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2565 x-kubernetes-list-map-keys:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2566 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2567 x-kubernetes-list-type: map
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2568 failureTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2569 description: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2570 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2571 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2572 served: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2573 storage: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2574 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2575 # Source: cert-manager/templates/crds.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2576 apiVersion: apiextensions.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2577 kind: CustomResourceDefinition
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2578 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2579 name: issuers.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2580 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2581 app: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2582 app.kubernetes.io/name: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2583 app.kubernetes.io/instance: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2584 # Generated labels
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2585 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2586 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2587 group: cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2588 names:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2589 kind: Issuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2590 listKind: IssuerList
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2591 plural: issuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2592 singular: issuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2593 categories:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2594 - cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2595 scope: Namespaced
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2596 versions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2597 - name: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2598 subresources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2599 status: {}
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2600 additionalPrinterColumns:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2601 - jsonPath: .status.conditions[?(@.type=="Ready")].status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2602 name: Ready
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2603 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2604 - jsonPath: .status.conditions[?(@.type=="Ready")].message
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2605 name: Status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2606 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2607 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2608 - jsonPath: .metadata.creationTimestamp
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2609 description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2610 name: Age
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2611 type: date
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2612 schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2613 openAPIV3Schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2614 description: An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2615 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2616 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2617 - spec
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2618 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2619 apiVersion:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2620 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2621 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2622 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2623 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2624 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2625 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2626 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2627 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2628 description: Desired state of the Issuer resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2629 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2630 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2631 acme:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2632 description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2633 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2634 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2635 - privateKeySecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2636 - server
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2637 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2638 disableAccountKeyGeneration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2639 description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2640 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2641 email:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2642 description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2643 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2644 enableDurationFeature:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2645 description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2646 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2647 externalAccountBinding:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2648 description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2649 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2650 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2651 - keyID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2652 - keySecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2653 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2654 keyAlgorithm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2655 description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2656 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2657 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2658 - HS256
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2659 - HS384
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2660 - HS512
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2661 keyID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2662 description: keyID is the ID of the CA key that the External Account is bound to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2663 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2664 keySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2665 description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2666 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2667 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2668 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2669 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2670 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2671 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2672 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2673 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2674 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2675 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2676 preferredChain:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2677 description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2678 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2679 maxLength: 64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2680 privateKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2681 description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2682 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2683 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2684 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2685 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2686 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2687 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2688 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2689 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2690 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2691 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2692 server:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2693 description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2694 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2695 skipTLSVerify:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2696 description: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2697 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2698 solvers:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2699 description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2700 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2701 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2702 description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2703 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2704 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2705 dns01:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2706 description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2707 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2708 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2709 acmeDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2710 description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2711 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2712 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2713 - accountSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2714 - host
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2715 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2716 accountSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2717 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2718 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2719 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2720 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2721 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2722 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2723 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2724 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2725 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2726 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2727 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2728 host:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2729 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2730 akamai:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2731 description: Use the Akamai DNS zone management API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2732 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2733 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2734 - accessTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2735 - clientSecretSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2736 - clientTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2737 - serviceConsumerDomain
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2738 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2739 accessTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2740 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2741 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2742 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2743 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2744 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2745 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2746 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2747 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2748 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2749 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2750 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2751 clientSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2752 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2753 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2754 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2755 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2756 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2757 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2758 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2759 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2760 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2761 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2762 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2763 clientTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2764 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2765 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2766 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2767 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2768 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2769 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2770 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2771 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2772 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2773 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2774 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2775 serviceConsumerDomain:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2776 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2777 azureDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2778 description: Use the Microsoft Azure DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2779 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2780 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2781 - resourceGroupName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2782 - subscriptionID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2783 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2784 clientID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2785 description: if both this and ClientSecret are left unset MSI will be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2786 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2787 clientSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2788 description: if both this and ClientID are left unset MSI will be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2789 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2790 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2791 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2792 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2793 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2794 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2795 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2796 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2797 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2798 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2799 environment:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2800 description: name of the Azure environment (default AzurePublicCloud)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2801 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2802 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2803 - AzurePublicCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2804 - AzureChinaCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2805 - AzureGermanCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2806 - AzureUSGovernmentCloud
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2807 hostedZoneName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2808 description: name of the DNS zone that should be used
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2809 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2810 managedIdentity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2811 description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2812 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2813 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2814 clientID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2815 description: client ID of the managed identity, can not be used at the same time as resourceID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2816 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2817 resourceID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2818 description: resource ID of the managed identity, can not be used at the same time as clientID
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2819 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2820 resourceGroupName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2821 description: resource group the DNS zone is located in
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2822 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2823 subscriptionID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2824 description: ID of the Azure subscription
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2825 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2826 tenantID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2827 description: when specifying ClientID and ClientSecret then this field is also needed
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2828 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2829 cloudDNS:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2830 description: Use the Google Cloud DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2831 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2832 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2833 - project
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2834 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2835 hostedZoneName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2836 description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2837 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2838 project:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2839 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2840 serviceAccountSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2841 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2842 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2843 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2844 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2845 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2846 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2847 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2848 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2849 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2850 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2851 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2852 cloudflare:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2853 description: Use the Cloudflare API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2854 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2855 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2856 apiKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2857 description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2858 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2859 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2860 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2861 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2862 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2863 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2864 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2865 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2866 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2867 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2868 apiTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2869 description: API token used to authenticate with Cloudflare.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2870 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2871 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2872 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2873 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2874 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2875 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2876 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2877 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2878 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2879 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2880 email:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2881 description: Email of the account, only required when using API key based authentication.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2882 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2883 cnameStrategy:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2884 description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2885 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2886 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2887 - None
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2888 - Follow
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2889 digitalocean:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2890 description: Use the DigitalOcean DNS API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2891 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2892 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2893 - tokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2894 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2895 tokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2896 description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2897 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2898 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2899 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2900 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2901 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2902 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2903 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2904 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2905 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2906 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2907 rfc2136:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2908 description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2909 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2910 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2911 - nameserver
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2912 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2913 nameserver:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2914 description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2915 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2916 tsigAlgorithm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2917 description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2918 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2919 tsigKeyName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2920 description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2921 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2922 tsigSecretSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2923 description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2924 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2925 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2926 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2927 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2928 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2929 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2930 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2931 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2932 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2933 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2934 route53:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2935 description: Use the AWS Route53 API to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2936 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2937 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2938 - region
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2939 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2940 accessKeyID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2941 description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2942 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2943 accessKeyIDSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2944 description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2945 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2946 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2947 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2948 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2949 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2950 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2951 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2952 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2953 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2954 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2955 hostedZoneID:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2956 description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2957 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2958 region:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2959 description: Always set the region when using AccessKeyID and SecretAccessKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2960 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2961 role:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2962 description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2963 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2964 secretAccessKeySecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2965 description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2966 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2967 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2968 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2969 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2970 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2971 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2972 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2973 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2974 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2975 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2976 webhook:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2977 description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2978 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2979 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2980 - groupName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2981 - solverName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2982 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2983 config:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2984 description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2985 x-kubernetes-preserve-unknown-fields: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2986 groupName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2987 description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2988 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2989 solverName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2990 description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2991 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2992 http01:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2993 description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2994 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2995 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2996 gatewayHTTPRoute:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2997 description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2998 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
2999 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3000 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3001 description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3002 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3003 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3004 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3005 parentRefs:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3006 description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3007 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3008 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3009 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3010 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3011 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3012 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3013 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3014 group:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3015 description: "Group is the group of the referent. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3016 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3017 default: gateway.networking.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3018 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3019 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3020 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3021 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Custom (Other Resources)"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3022 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3023 default: Gateway
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3024 maxLength: 63
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3025 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3026 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3027 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3028 description: "Name is the name of the referent. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3029 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3030 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3031 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3032 namespace:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3033 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3034 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3035 maxLength: 63
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3036 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3037 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3038 port:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3039 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3040 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3041 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3042 maximum: 65535
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3043 minimum: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3044 sectionName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3045 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3046 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3047 maxLength: 253
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3048 minLength: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3049 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3050 serviceType:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3051 description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3052 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3053 ingress:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3054 description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3055 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3056 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3057 class:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3058 description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3059 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3060 ingressTemplate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3061 description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3062 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3063 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3064 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3065 description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3066 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3067 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3068 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3069 description: Annotations that should be added to the created ACME HTTP01 solver ingress.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3070 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3071 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3072 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3073 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3074 description: Labels that should be added to the created ACME HTTP01 solver ingress.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3075 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3076 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3077 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3078 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3079 description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3080 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3081 podTemplate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3082 description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3083 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3084 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3085 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3086 description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3087 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3088 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3089 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3090 description: Annotations that should be added to the create ACME HTTP01 solver pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3091 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3092 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3093 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3094 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3095 description: Labels that should be added to the created ACME HTTP01 solver pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3096 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3097 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3098 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3099 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3100 description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3101 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3102 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3103 affinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3104 description: If specified, the pod's scheduling constraints
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3105 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3106 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3107 nodeAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3108 description: Describes node affinity scheduling rules for the pod.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3109 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3110 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3111 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3112 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3113 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3114 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3115 description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3116 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3117 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3118 - preference
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3119 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3120 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3121 preference:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3122 description: A node selector term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3123 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3124 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3125 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3126 description: A list of node selector requirements by node's labels.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3127 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3128 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3129 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3130 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3131 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3132 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3133 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3134 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3135 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3136 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3137 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3138 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3139 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3140 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3141 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3142 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3143 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3144 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3145 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3146 matchFields:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3147 description: A list of node selector requirements by node's fields.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3148 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3149 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3150 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3151 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3152 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3153 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3154 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3155 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3156 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3157 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3158 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3159 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3160 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3161 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3162 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3163 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3164 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3165 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3166 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3167 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3168 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3169 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3170 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3171 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3172 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3173 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3174 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3175 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3176 - nodeSelectorTerms
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3177 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3178 nodeSelectorTerms:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3179 description: Required. A list of node selector terms. The terms are ORed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3180 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3181 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3182 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3183 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3184 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3185 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3186 description: A list of node selector requirements by node's labels.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3187 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3188 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3189 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3190 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3191 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3192 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3193 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3194 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3195 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3196 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3197 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3198 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3199 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3200 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3201 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3202 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3203 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3204 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3205 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3206 matchFields:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3207 description: A list of node selector requirements by node's fields.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3208 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3209 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3210 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3211 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3212 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3213 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3214 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3215 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3216 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3217 description: The label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3218 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3219 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3220 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3221 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3222 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3223 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3224 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3225 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3226 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3227 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3228 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3229 podAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3230 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3231 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3232 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3233 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3234 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3235 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3236 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3237 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3238 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3239 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3240 - podAffinityTerm
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3241 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3242 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3243 podAffinityTerm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3244 description: Required. A pod affinity term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3245 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3246 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3247 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3248 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3249 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3250 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3251 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3252 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3253 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3254 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3255 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3256 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3257 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3258 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3259 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3260 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3261 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3262 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3263 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3264 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3265 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3266 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3267 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3268 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3269 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3270 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3271 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3272 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3273 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3274 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3275 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3276 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3277 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3278 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3279 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3280 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3281 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3282 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3283 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3284 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3285 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3286 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3287 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3288 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3289 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3290 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3291 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3292 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3293 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3294 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3295 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3296 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3297 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3298 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3299 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3300 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3301 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3302 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3303 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3304 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3305 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3306 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3307 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3308 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3309 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3310 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3311 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3312 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3313 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3314 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3315 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3316 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3317 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3318 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3319 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3320 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3321 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3322 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3323 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3324 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3325 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3326 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3327 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3328 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3329 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3330 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3331 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3332 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3333 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3334 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3335 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3336 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3337 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3338 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3339 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3340 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3341 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3342 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3343 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3344 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3345 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3346 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3347 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3348 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3349 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3350 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3351 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3352 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3353 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3354 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3355 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3356 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3357 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3358 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3359 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3360 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3361 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3362 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3363 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3364 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3365 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3366 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3367 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3368 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3369 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3370 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3371 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3372 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3373 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3374 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3375 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3376 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3377 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3378 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3379 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3380 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3381 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3382 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3383 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3384 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3385 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3386 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3387 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3388 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3389 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3390 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3391 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3392 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3393 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3394 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3395 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3396 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3397 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3398 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3399 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3400 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3401 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3402 podAntiAffinity:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3403 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3404 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3405 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3406 preferredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3407 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3408 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3409 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3410 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3411 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3412 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3413 - podAffinityTerm
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3414 - weight
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3415 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3416 podAffinityTerm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3417 description: Required. A pod affinity term, associated with the corresponding weight.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3418 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3419 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3420 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3421 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3422 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3423 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3424 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3425 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3426 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3427 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3428 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3429 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3430 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3431 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3432 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3433 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3434 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3435 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3436 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3437 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3438 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3439 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3440 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3441 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3442 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3443 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3444 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3445 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3446 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3447 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3448 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3449 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3450 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3451 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3452 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3453 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3454 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3455 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3456 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3457 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3458 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3459 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3460 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3461 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3462 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3463 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3464 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3465 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3466 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3467 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3468 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3469 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3470 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3471 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3472 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3473 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3474 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3475 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3476 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3477 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3478 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3479 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3480 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3481 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3482 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3483 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3484 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3485 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3486 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3487 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3488 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3489 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3490 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3491 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3492 weight:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3493 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3494 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3495 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3496 requiredDuringSchedulingIgnoredDuringExecution:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3497 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3498 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3499 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3500 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3501 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3502 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3503 - topologyKey
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3504 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3505 labelSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3506 description: A label query over a set of resources, in this case pods.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3507 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3508 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3509 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3510 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3511 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3512 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3513 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3514 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3515 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3516 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3517 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3518 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3519 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3520 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3521 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3522 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3523 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3524 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3525 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3526 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3527 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3528 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3529 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3530 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3531 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3532 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3533 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3534 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3535 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3536 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3537 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3538 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3539 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3540 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3541 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3542 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3543 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3544 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3545 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3546 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3547 - key
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3548 - operator
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3549 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3550 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3551 description: key is the label key that the selector applies to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3552 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3553 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3554 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3555 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3556 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3557 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3558 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3559 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3560 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3561 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3562 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3563 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3564 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3565 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3566 x-kubernetes-map-type: atomic
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3567 namespaces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3568 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3569 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3570 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3571 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3572 topologyKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3573 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3574 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3575 nodeSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3576 description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3577 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3578 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3579 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3580 priorityClassName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3581 description: If specified, the pod's priorityClassName.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3582 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3583 serviceAccountName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3584 description: If specified, the pod's service account
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3585 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3586 tolerations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3587 description: If specified, the pod's tolerations.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3588 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3589 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3590 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3591 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3592 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3593 effect:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3594 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3595 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3596 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3597 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3598 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3599 operator:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3600 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3601 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3602 tolerationSeconds:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3603 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3604 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3605 format: int64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3606 value:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3607 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3608 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3609 serviceType:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3610 description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3611 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3612 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3613 description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3614 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3615 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3616 dnsNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3617 description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3618 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3619 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3620 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3621 dnsZones:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3622 description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3623 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3624 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3625 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3626 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3627 description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3628 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3629 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3630 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3631 ca:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3632 description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3633 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3634 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3635 - secretName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3636 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3637 crlDistributionPoints:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3638 description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3639 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3640 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3641 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3642 ocspServers:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3643 description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3644 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3645 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3646 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3647 secretName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3648 description: SecretName is the name of the secret used to sign Certificates issued by this Issuer.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3649 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3650 selfSigned:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3651 description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3652 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3653 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3654 crlDistributionPoints:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3655 description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3656 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3657 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3658 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3659 vault:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3660 description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3661 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3662 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3663 - auth
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3664 - path
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3665 - server
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3666 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3667 auth:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3668 description: Auth configures how cert-manager authenticates with the Vault server.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3669 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3670 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3671 appRole:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3672 description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3673 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3674 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3675 - path
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3676 - roleId
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3677 - secretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3678 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3679 path:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3680 description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3681 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3682 roleId:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3683 description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3684 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3685 secretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3686 description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3687 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3688 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3689 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3690 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3691 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3692 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3693 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3694 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3695 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3696 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3697 kubernetes:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3698 description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3699 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3700 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3701 - role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3702 - secretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3703 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3704 mountPath:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3705 description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3706 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3707 role:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3708 description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3709 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3710 secretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3711 description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3712 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3713 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3714 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3715 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3716 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3717 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3718 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3719 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3720 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3721 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3722 tokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3723 description: TokenSecretRef authenticates with Vault by presenting a token.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3724 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3725 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3726 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3727 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3728 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3729 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3730 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3731 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3732 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3733 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3734 caBundle:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3735 description: PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3736 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3737 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3738 caBundleSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3739 description: CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3740 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3741 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3742 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3743 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3744 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3745 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3746 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3747 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3748 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3749 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3750 namespace:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3751 description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3752 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3753 path:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3754 description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3755 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3756 server:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3757 description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3758 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3759 venafi:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3760 description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3761 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3762 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3763 - zone
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3764 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3765 cloud:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3766 description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3767 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3768 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3769 - apiTokenSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3770 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3771 apiTokenSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3772 description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3773 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3774 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3775 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3776 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3777 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3778 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3779 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3780 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3781 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3782 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3783 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3784 description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1".
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3785 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3786 tpp:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3787 description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3788 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3789 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3790 - credentialsRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3791 - url
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3792 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3793 caBundle:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3794 description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3795 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3796 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3797 credentialsRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3798 description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3799 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3800 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3801 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3802 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3803 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3804 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3805 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3806 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3807 description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3808 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3809 zone:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3810 description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3811 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3812 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3813 description: Status of the Issuer. This is set and managed automatically.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3814 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3815 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3816 acme:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3817 description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3818 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3819 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3820 lastRegisteredEmail:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3821 description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3822 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3823 uri:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3824 description: URI is the unique account identifier, which can also be used to retrieve account details from the CA
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3825 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3826 conditions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3827 description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3828 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3829 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3830 description: IssuerCondition contains condition information for an Issuer.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3831 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3832 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3833 - status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3834 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3835 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3836 lastTransitionTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3837 description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3838 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3839 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3840 message:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3841 description: Message is a human readable description of the details of the last transition, complementing reason.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3842 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3843 observedGeneration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3844 description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3845 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3846 format: int64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3847 reason:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3848 description: Reason is a brief machine readable explanation for the condition's last transition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3849 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3850 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3851 description: Status of the condition, one of (`True`, `False`, `Unknown`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3852 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3853 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3854 - "True"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3855 - "False"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3856 - Unknown
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3857 type:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3858 description: Type of the condition, known values are (`Ready`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3859 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3860 x-kubernetes-list-map-keys:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3861 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3862 x-kubernetes-list-type: map
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3863 served: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3864 storage: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3865 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3866 # Source: cert-manager/templates/crds.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3867 apiVersion: apiextensions.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3868 kind: CustomResourceDefinition
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3869 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3870 name: certificates.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3871 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3872 app: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3873 app.kubernetes.io/name: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3874 app.kubernetes.io/instance: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3875 # Generated labels
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3876 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3877 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3878 group: cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3879 names:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3880 kind: Certificate
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3881 listKind: CertificateList
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3882 plural: certificates
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3883 shortNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3884 - cert
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3885 - certs
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3886 singular: certificate
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3887 categories:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3888 - cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3889 scope: Namespaced
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3890 versions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3891 - name: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3892 subresources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3893 status: {}
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3894 additionalPrinterColumns:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3895 - jsonPath: .status.conditions[?(@.type=="Ready")].status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3896 name: Ready
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3897 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3898 - jsonPath: .spec.secretName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3899 name: Secret
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3900 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3901 - jsonPath: .spec.issuerRef.name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3902 name: Issuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3903 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3904 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3905 - jsonPath: .status.conditions[?(@.type=="Ready")].message
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3906 name: Status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3907 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3908 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3909 - jsonPath: .metadata.creationTimestamp
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3910 description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3911 name: Age
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3912 type: date
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3913 schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3914 openAPIV3Schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3915 description: "A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)."
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3916 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3917 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3918 - spec
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3919 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3920 apiVersion:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3921 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3922 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3923 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3924 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3925 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3926 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3927 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3928 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3929 description: Desired state of the Certificate resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3930 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3931 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3932 - issuerRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3933 - secretName
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3934 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3935 additionalOutputFormats:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3936 description: AdditionalOutputFormats defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option on both the controller and webhook components.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3937 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3938 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3939 description: CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3940 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3941 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3942 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3943 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3944 type:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3945 description: Type is the name of the format type that should be written to the Certificate's target Secret.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3946 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3947 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3948 - DER
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3949 - CombinedPEM
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3950 commonName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3951 description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3952 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3953 dnsNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3954 description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3955 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3956 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3957 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3958 duration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3959 description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3960 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3961 emailAddresses:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3962 description: EmailAddresses is a list of email subjectAltNames to be set on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3963 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3964 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3965 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3966 encodeUsagesInRequest:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3967 description: EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3968 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3969 ipAddresses:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3970 description: IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3971 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3972 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3973 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3974 isCA:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3975 description: IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3976 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3977 issuerRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3978 description: IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3979 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3980 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3981 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3982 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3983 group:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3984 description: Group of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3985 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3986 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3987 description: Kind of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3988 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3989 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3990 description: Name of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3991 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3992 keystores:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3993 description: Keystores configures additional keystore output formats stored in the `secretName` Secret resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3994 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3995 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3996 jks:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3997 description: JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3998 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
3999 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4000 - create
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4001 - passwordSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4002 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4003 create:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4004 description: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4005 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4006 passwordSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4007 description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4008 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4009 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4010 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4011 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4012 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4013 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4014 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4015 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4016 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4017 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4018 pkcs12:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4019 description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4020 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4021 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4022 - create
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4023 - passwordSecretRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4024 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4025 create:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4026 description: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4027 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4028 passwordSecretRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4029 description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4030 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4031 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4032 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4033 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4034 key:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4035 description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4036 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4037 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4038 description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4039 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4040 literalSubject:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4041 description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4042 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4043 privateKey:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4044 description: Options to control private keys used for the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4045 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4046 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4047 algorithm:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4048 description: Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4049 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4050 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4051 - RSA
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4052 - ECDSA
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4053 - Ed25519
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4054 encoding:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4055 description: The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4056 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4057 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4058 - PKCS1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4059 - PKCS8
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4060 rotationPolicy:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4061 description: RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4062 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4063 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4064 - Never
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4065 - Always
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4066 size:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4067 description: Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4068 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4069 renewBefore:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4070 description: How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4071 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4072 revisionHistoryLimit:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4073 description: revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4074 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4075 format: int32
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4076 secretName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4077 description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4078 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4079 secretTemplate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4080 description: SecretTemplate defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4081 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4082 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4083 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4084 description: Annotations is a key value map to be copied to the target Kubernetes Secret.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4085 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4086 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4087 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4088 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4089 description: Labels is a key value map to be copied to the target Kubernetes Secret.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4090 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4091 additionalProperties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4092 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4093 subject:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4094 description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4095 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4096 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4097 countries:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4098 description: Countries to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4099 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4100 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4101 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4102 localities:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4103 description: Cities to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4104 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4105 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4106 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4107 organizationalUnits:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4108 description: Organizational Units to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4109 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4110 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4111 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4112 organizations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4113 description: Organizations to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4114 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4115 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4116 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4117 postalCodes:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4118 description: Postal codes to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4119 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4120 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4121 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4122 provinces:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4123 description: State/Provinces to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4124 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4125 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4126 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4127 serialNumber:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4128 description: Serial number to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4129 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4130 streetAddresses:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4131 description: Street addresses to be used on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4132 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4133 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4134 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4135 uris:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4136 description: URIs is a list of URI subjectAltNames to be set on the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4137 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4138 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4139 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4140 usages:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4141 description: Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4142 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4143 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4144 description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\""
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4145 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4146 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4147 - signing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4148 - digital signature
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4149 - content commitment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4150 - key encipherment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4151 - key agreement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4152 - data encipherment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4153 - cert sign
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4154 - crl sign
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4155 - encipher only
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4156 - decipher only
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4157 - any
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4158 - server auth
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4159 - client auth
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4160 - code signing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4161 - email protection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4162 - s/mime
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4163 - ipsec end system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4164 - ipsec tunnel
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4165 - ipsec user
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4166 - timestamping
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4167 - ocsp signing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4168 - microsoft sgc
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4169 - netscape sgc
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4170 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4171 description: Status of the Certificate. This is set and managed automatically.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4172 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4173 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4174 conditions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4175 description: List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4176 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4177 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4178 description: CertificateCondition contains condition information for an Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4179 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4180 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4181 - status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4182 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4183 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4184 lastTransitionTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4185 description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4186 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4187 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4188 message:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4189 description: Message is a human readable description of the details of the last transition, complementing reason.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4190 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4191 observedGeneration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4192 description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4193 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4194 format: int64
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4195 reason:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4196 description: Reason is a brief machine readable explanation for the condition's last transition.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4197 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4198 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4199 description: Status of the condition, one of (`True`, `False`, `Unknown`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4200 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4201 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4202 - "True"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4203 - "False"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4204 - Unknown
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4205 type:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4206 description: Type of the condition, known values are (`Ready`, `Issuing`).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4207 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4208 x-kubernetes-list-map-keys:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4209 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4210 x-kubernetes-list-type: map
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4211 failedIssuanceAttempts:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4212 description: The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4213 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4214 lastFailureTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4215 description: LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4216 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4217 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4218 nextPrivateKeySecretName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4219 description: The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4220 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4221 notAfter:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4222 description: The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4223 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4224 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4225 notBefore:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4226 description: The time after which the certificate stored in the secret named by this resource in spec.secretName is valid.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4227 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4228 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4229 renewalTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4230 description: RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4231 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4232 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4233 revision:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4234 description: "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field."
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4235 type: integer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4236 served: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4237 storage: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4238 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4239 # Source: cert-manager/templates/crds.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4240 apiVersion: apiextensions.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4241 kind: CustomResourceDefinition
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4242 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4243 name: orders.acme.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4244 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4245 app: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4246 app.kubernetes.io/name: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4247 app.kubernetes.io/instance: 'cert-manager'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4248 # Generated labels
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4249 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4250 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4251 group: acme.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4252 names:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4253 kind: Order
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4254 listKind: OrderList
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4255 plural: orders
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4256 singular: order
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4257 categories:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4258 - cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4259 - cert-manager-acme
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4260 scope: Namespaced
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4261 versions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4262 - name: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4263 subresources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4264 status: {}
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4265 additionalPrinterColumns:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4266 - jsonPath: .status.state
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4267 name: State
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4268 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4269 - jsonPath: .spec.issuerRef.name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4270 name: Issuer
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4271 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4272 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4273 - jsonPath: .status.reason
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4274 name: Reason
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4275 priority: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4276 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4277 - jsonPath: .metadata.creationTimestamp
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4278 description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4279 name: Age
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4280 type: date
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4281 schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4282 openAPIV3Schema:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4283 description: Order is a type to represent an Order with an ACME server
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4284 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4285 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4286 - metadata
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4287 - spec
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4288 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4289 apiVersion:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4290 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4291 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4292 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4293 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4294 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4295 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4296 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4297 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4298 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4299 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4300 - issuerRef
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4301 - request
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4302 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4303 commonName:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4304 description: CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4305 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4306 dnsNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4307 description: DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4308 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4309 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4310 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4311 duration:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4312 description: Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4313 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4314 ipAddresses:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4315 description: IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4316 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4317 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4318 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4319 issuerRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4320 description: IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4321 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4322 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4323 - name
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4324 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4325 group:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4326 description: Group of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4327 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4328 kind:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4329 description: Kind of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4330 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4331 name:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4332 description: Name of the resource being referred to.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4333 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4334 request:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4335 description: Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4336 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4337 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4338 status:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4339 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4340 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4341 authorizations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4342 description: Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4343 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4344 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4345 description: ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4346 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4347 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4348 - url
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4349 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4350 challenges:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4351 description: Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4352 type: array
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4353 items:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4354 description: Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4355 type: object
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4356 required:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4357 - token
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4358 - type
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4359 - url
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4360 properties:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4361 token:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4362 description: Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4363 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4364 type:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4365 description: Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4366 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4367 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4368 description: URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4369 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4370 identifier:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4371 description: Identifier is the DNS name to be validated as part of this authorization
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4372 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4373 initialState:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4374 description: InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4375 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4376 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4377 - valid
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4378 - ready
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4379 - pending
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4380 - processing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4381 - invalid
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4382 - expired
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4383 - errored
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4384 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4385 description: URL is the URL of the Authorization that must be completed
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4386 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4387 wildcard:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4388 description: Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4389 type: boolean
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4390 certificate:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4391 description: Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4392 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4393 format: byte
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4394 failureTime:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4395 description: FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4396 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4397 format: date-time
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4398 finalizeURL:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4399 description: FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4400 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4401 reason:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4402 description: Reason optionally provides more information about a why the order is in the current state.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4403 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4404 state:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4405 description: State contains the current state of this Order resource. States 'success' and 'expired' are 'final'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4406 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4407 enum:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4408 - valid
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4409 - ready
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4410 - pending
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4411 - processing
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4412 - invalid
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4413 - expired
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4414 - errored
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4415 url:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4416 description: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4417 type: string
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4418 served: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4419 storage: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4420 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4421 # Source: cert-manager/templates/cainjector-serviceaccount.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4422 apiVersion: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4423 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4424 automountServiceAccountToken: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4425 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4426 name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4427 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4428 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4429 app: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4430 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4431 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4432 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4433 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4434 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4435 # Source: cert-manager/templates/serviceaccount.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4436 apiVersion: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4437 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4438 automountServiceAccountToken: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4439 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4440 name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4441 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4442 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4443 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4444 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4445 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4446 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4447 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4448 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4449 # Source: cert-manager/templates/webhook-serviceaccount.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4450 apiVersion: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4451 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4452 automountServiceAccountToken: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4453 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4454 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4455 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4456 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4457 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4458 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4459 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4460 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4461 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4462 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4463 # Source: cert-manager/templates/webhook-config.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4464 apiVersion: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4465 kind: ConfigMap
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4466 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4467 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4468 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4469 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4470 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4471 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4472 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4473 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4474 data:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4475 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4476 # Source: cert-manager/templates/cainjector-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4477 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4478 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4479 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4480 name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4481 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4482 app: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4483 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4484 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4485 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4486 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4487 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4488 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4489 resources: ["certificates"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4490 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4491 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4492 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4493 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4494 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4495 resources: ["events"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4496 verbs: ["get", "create", "update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4497 - apiGroups: ["admissionregistration.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4498 resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4499 verbs: ["get", "list", "watch", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4500 - apiGroups: ["apiregistration.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4501 resources: ["apiservices"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4502 verbs: ["get", "list", "watch", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4503 - apiGroups: ["apiextensions.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4504 resources: ["customresourcedefinitions"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4505 verbs: ["get", "list", "watch", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4506 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4507 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4508 # Issuer controller role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4509 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4510 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4511 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4512 name: cert-manager-controller-issuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4513 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4514 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4515 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4516 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4517 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4518 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4519 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4520 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4521 resources: ["issuers", "issuers/status"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4522 verbs: ["update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4523 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4524 resources: ["issuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4525 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4526 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4527 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4528 verbs: ["get", "list", "watch", "create", "update", "delete"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4529 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4530 resources: ["events"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4531 verbs: ["create", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4532 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4533 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4534 # ClusterIssuer controller role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4535 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4536 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4537 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4538 name: cert-manager-controller-clusterissuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4539 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4540 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4541 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4542 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4543 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4544 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4545 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4546 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4547 resources: ["clusterissuers", "clusterissuers/status"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4548 verbs: ["update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4549 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4550 resources: ["clusterissuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4551 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4552 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4553 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4554 verbs: ["get", "list", "watch", "create", "update", "delete"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4555 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4556 resources: ["events"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4557 verbs: ["create", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4558 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4559 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4560 # Certificates controller role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4561 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4562 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4563 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4564 name: cert-manager-controller-certificates
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4565 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4566 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4567 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4568 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4569 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4570 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4571 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4572 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4573 resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4574 verbs: ["update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4575 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4576 resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4577 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4578 # We require these rules to support users with the OwnerReferencesPermissionEnforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4579 # admission controller enabled:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4580 # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4581 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4582 resources: ["certificates/finalizers", "certificaterequests/finalizers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4583 verbs: ["update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4584 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4585 resources: ["orders"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4586 verbs: ["create", "delete", "get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4587 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4588 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4589 verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4590 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4591 resources: ["events"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4592 verbs: ["create", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4593 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4594 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4595 # Orders controller role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4596 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4597 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4598 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4599 name: cert-manager-controller-orders
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4600 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4601 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4602 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4603 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4604 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4605 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4606 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4607 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4608 resources: ["orders", "orders/status"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4609 verbs: ["update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4610 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4611 resources: ["orders", "challenges"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4612 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4613 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4614 resources: ["clusterissuers", "issuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4615 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4616 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4617 resources: ["challenges"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4618 verbs: ["create", "delete"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4619 # We require these rules to support users with the OwnerReferencesPermissionEnforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4620 # admission controller enabled:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4621 # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4622 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4623 resources: ["orders/finalizers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4624 verbs: ["update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4625 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4626 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4627 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4628 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4629 resources: ["events"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4630 verbs: ["create", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4631 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4632 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4633 # Challenges controller role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4634 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4635 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4636 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4637 name: cert-manager-controller-challenges
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4638 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4639 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4640 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4641 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4642 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4643 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4644 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4645 # Use to update challenge resource status
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4646 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4647 resources: ["challenges", "challenges/status"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4648 verbs: ["update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4649 # Used to watch challenge resources
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4650 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4651 resources: ["challenges"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4652 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4653 # Used to watch challenges, issuer and clusterissuer resources
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4654 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4655 resources: ["issuers", "clusterissuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4656 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4657 # Need to be able to retrieve ACME account private key to complete challenges
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4658 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4659 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4660 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4661 # Used to create events
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4662 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4663 resources: ["events"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4664 verbs: ["create", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4665 # HTTP01 rules
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4666 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4667 resources: ["pods", "services"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4668 verbs: ["get", "list", "watch", "create", "delete"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4669 - apiGroups: ["networking.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4670 resources: ["ingresses"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4671 verbs: ["get", "list", "watch", "create", "delete", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4672 - apiGroups: [ "gateway.networking.k8s.io" ]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4673 resources: [ "httproutes" ]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4674 verbs: ["get", "list", "watch", "create", "delete", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4675 # We require the ability to specify a custom hostname when we are creating
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4676 # new ingress resources.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4677 # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4678 - apiGroups: ["route.openshift.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4679 resources: ["routes/custom-host"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4680 verbs: ["create"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4681 # We require these rules to support users with the OwnerReferencesPermissionEnforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4682 # admission controller enabled:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4683 # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4684 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4685 resources: ["challenges/finalizers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4686 verbs: ["update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4687 # DNS01 rules (duplicated above)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4688 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4689 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4690 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4691 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4692 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4693 # ingress-shim controller role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4694 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4695 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4696 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4697 name: cert-manager-controller-ingress-shim
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4698 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4699 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4700 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4701 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4702 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4703 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4704 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4705 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4706 resources: ["certificates", "certificaterequests"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4707 verbs: ["create", "update", "delete"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4708 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4709 resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4710 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4711 - apiGroups: ["networking.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4712 resources: ["ingresses"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4713 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4714 # We require these rules to support users with the OwnerReferencesPermissionEnforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4715 # admission controller enabled:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4716 # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4717 - apiGroups: ["networking.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4718 resources: ["ingresses/finalizers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4719 verbs: ["update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4720 - apiGroups: ["gateway.networking.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4721 resources: ["gateways", "httproutes"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4722 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4723 - apiGroups: ["gateway.networking.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4724 resources: ["gateways/finalizers", "httproutes/finalizers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4725 verbs: ["update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4726 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4727 resources: ["events"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4728 verbs: ["create", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4729 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4730 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4731 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4732 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4733 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4734 name: cert-manager-view
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4735 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4736 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4737 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4738 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4739 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4740 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4741 rbac.authorization.k8s.io/aggregate-to-view: "true"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4742 rbac.authorization.k8s.io/aggregate-to-edit: "true"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4743 rbac.authorization.k8s.io/aggregate-to-admin: "true"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4744 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4745 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4746 resources: ["certificates", "certificaterequests", "issuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4747 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4748 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4749 resources: ["challenges", "orders"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4750 verbs: ["get", "list", "watch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4751 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4752 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4753 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4754 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4755 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4756 name: cert-manager-edit
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4757 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4758 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4759 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4760 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4761 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4762 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4763 rbac.authorization.k8s.io/aggregate-to-edit: "true"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4764 rbac.authorization.k8s.io/aggregate-to-admin: "true"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4765 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4766 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4767 resources: ["certificates", "certificaterequests", "issuers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4768 verbs: ["create", "delete", "deletecollection", "patch", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4769 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4770 resources: ["certificates/status"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4771 verbs: ["update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4772 - apiGroups: ["acme.cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4773 resources: ["challenges", "orders"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4774 verbs: ["create", "delete", "deletecollection", "patch", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4775 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4776 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4777 # Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4778 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4779 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4780 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4781 name: cert-manager-controller-approve:cert-manager-io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4782 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4783 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4784 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4785 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4786 app.kubernetes.io/component: "cert-manager"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4787 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4788 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4789 - apiGroups: ["cert-manager.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4790 resources: ["signers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4791 verbs: ["approve"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4792 resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4793 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4794 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4795 # Permission to:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4796 # - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4797 # - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4798 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4799 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4800 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4801 name: cert-manager-controller-certificatesigningrequests
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4802 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4803 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4804 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4805 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4806 app.kubernetes.io/component: "cert-manager"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4807 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4808 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4809 - apiGroups: ["certificates.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4810 resources: ["certificatesigningrequests"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4811 verbs: ["get", "list", "watch", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4812 - apiGroups: ["certificates.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4813 resources: ["certificatesigningrequests/status"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4814 verbs: ["update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4815 - apiGroups: ["certificates.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4816 resources: ["signers"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4817 resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4818 verbs: ["sign"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4819 - apiGroups: ["authorization.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4820 resources: ["subjectaccessreviews"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4821 verbs: ["create"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4822 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4823 # Source: cert-manager/templates/webhook-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4824 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4825 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4826 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4827 name: cert-manager-webhook:subjectaccessreviews
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4828 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4829 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4830 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4831 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4832 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4833 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4834 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4835 - apiGroups: ["authorization.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4836 resources: ["subjectaccessreviews"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4837 verbs: ["create"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4838 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4839 # Source: cert-manager/templates/cainjector-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4840 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4841 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4842 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4843 name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4844 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4845 app: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4846 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4847 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4848 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4849 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4850 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4851 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4852 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4853 name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4854 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4855 - name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4856 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4857 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4858 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4859 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4860 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4861 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4862 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4863 name: cert-manager-controller-issuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4864 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4865 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4866 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4867 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4868 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4869 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4870 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4871 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4872 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4873 name: cert-manager-controller-issuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4874 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4875 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4876 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4877 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4878 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4879 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4880 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4881 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4882 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4883 name: cert-manager-controller-clusterissuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4884 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4885 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4886 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4887 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4888 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4889 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4890 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4891 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4892 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4893 name: cert-manager-controller-clusterissuers
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4894 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4895 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4896 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4897 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4898 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4899 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4900 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4901 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4902 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4903 name: cert-manager-controller-certificates
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4904 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4905 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4906 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4907 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4908 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4909 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4910 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4911 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4912 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4913 name: cert-manager-controller-certificates
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4914 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4915 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4916 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4917 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4918 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4919 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4920 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4921 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4922 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4923 name: cert-manager-controller-orders
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4924 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4925 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4926 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4927 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4928 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4929 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4930 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4931 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4932 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4933 name: cert-manager-controller-orders
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4934 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4935 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4936 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4937 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4938 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4939 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4940 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4941 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4942 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4943 name: cert-manager-controller-challenges
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4944 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4945 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4946 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4947 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4948 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4949 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4950 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4951 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4952 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4953 name: cert-manager-controller-challenges
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4954 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4955 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4956 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4957 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4958 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4959 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4960 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4961 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4962 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4963 name: cert-manager-controller-ingress-shim
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4964 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4965 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4966 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4967 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4968 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4969 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4970 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4971 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4972 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4973 name: cert-manager-controller-ingress-shim
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4974 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4975 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4976 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4977 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4978 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4979 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4980 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4981 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4982 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4983 name: cert-manager-controller-approve:cert-manager-io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4984 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4985 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4986 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4987 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4988 app.kubernetes.io/component: "cert-manager"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4989 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4990 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4991 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4992 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4993 name: cert-manager-controller-approve:cert-manager-io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4994 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4995 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4996 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4997 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4998 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
4999 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5000 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5001 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5002 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5003 name: cert-manager-controller-certificatesigningrequests
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5004 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5005 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5006 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5007 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5008 app.kubernetes.io/component: "cert-manager"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5009 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5010 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5011 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5012 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5013 name: cert-manager-controller-certificatesigningrequests
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5014 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5015 - name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5016 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5017 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5018 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5019 # Source: cert-manager/templates/webhook-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5020 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5021 kind: ClusterRoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5022 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5023 name: cert-manager-webhook:subjectaccessreviews
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5024 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5025 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5026 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5027 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5028 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5029 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5030 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5031 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5032 kind: ClusterRole
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5033 name: cert-manager-webhook:subjectaccessreviews
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5034 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5035 - apiGroup: ""
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5036 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5037 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5038 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5039 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5040 # Source: cert-manager/templates/cainjector-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5041 # leader election rules
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5042 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5043 kind: Role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5044 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5045 name: cert-manager-cainjector:leaderelection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5046 namespace: kube-system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5047 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5048 app: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5049 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5050 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5051 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5052 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5053 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5054 # Used for leader election by the controller
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5055 # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5056 # see cmd/cainjector/start.go#L113
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5057 # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5058 # see cmd/cainjector/start.go#L137
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5059 - apiGroups: ["coordination.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5060 resources: ["leases"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5061 resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5062 verbs: ["get", "update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5063 - apiGroups: ["coordination.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5064 resources: ["leases"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5065 verbs: ["create"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5066 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5067 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5068 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5069 kind: Role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5070 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5071 name: cert-manager:leaderelection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5072 namespace: kube-system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5073 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5074 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5075 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5076 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5077 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5078 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5079 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5080 - apiGroups: ["coordination.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5081 resources: ["leases"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5082 resourceNames: ["cert-manager-controller"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5083 verbs: ["get", "update", "patch"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5084 - apiGroups: ["coordination.k8s.io"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5085 resources: ["leases"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5086 verbs: ["create"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5087 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5088 # Source: cert-manager/templates/webhook-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5089 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5090 kind: Role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5091 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5092 name: cert-manager-webhook:dynamic-serving
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5093 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5094 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5095 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5096 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5097 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5098 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5099 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5100 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5101 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5102 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5103 resourceNames:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5104 - 'cert-manager-webhook-ca'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5105 verbs: ["get", "list", "watch", "update"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5106 # It's not possible to grant CREATE permission on a single resourceName.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5107 - apiGroups: [""]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5108 resources: ["secrets"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5109 verbs: ["create"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5110 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5111 # Source: cert-manager/templates/cainjector-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5112 # grant cert-manager permission to manage the leaderelection configmap in the
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5113 # leader election namespace
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5114 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5115 kind: RoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5116 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5117 name: cert-manager-cainjector:leaderelection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5118 namespace: kube-system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5119 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5120 app: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5121 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5122 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5123 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5124 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5125 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5126 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5127 kind: Role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5128 name: cert-manager-cainjector:leaderelection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5129 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5130 - kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5131 name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5132 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5133 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5134 # Source: cert-manager/templates/rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5135 # grant cert-manager permission to manage the leaderelection configmap in the
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5136 # leader election namespace
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5137 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5138 kind: RoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5139 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5140 name: cert-manager:leaderelection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5141 namespace: kube-system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5142 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5143 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5144 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5145 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5146 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5147 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5148 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5149 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5150 kind: Role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5151 name: cert-manager:leaderelection
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5152 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5153 - apiGroup: ""
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5154 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5155 name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5156 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5157 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5158 # Source: cert-manager/templates/webhook-rbac.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5159 apiVersion: rbac.authorization.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5160 kind: RoleBinding
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5161 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5162 name: cert-manager-webhook:dynamic-serving
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5163 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5164 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5165 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5166 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5167 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5168 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5169 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5170 roleRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5171 apiGroup: rbac.authorization.k8s.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5172 kind: Role
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5173 name: cert-manager-webhook:dynamic-serving
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5174 subjects:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5175 - apiGroup: ""
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5176 kind: ServiceAccount
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5177 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5178 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5179 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5180 # Source: cert-manager/templates/service.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5181 apiVersion: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5182 kind: Service
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5183 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5184 name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5185 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5186 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5187 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5188 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5189 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5190 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5191 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5192 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5193 type: ClusterIP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5194 ports:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5195 - protocol: TCP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5196 port: 9402
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5197 name: tcp-prometheus-servicemonitor
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5198 targetPort: 9402
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5199 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5200 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5201 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5202 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5203 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5204 # Source: cert-manager/templates/webhook-service.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5205 apiVersion: v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5206 kind: Service
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5207 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5208 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5209 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5210 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5211 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5212 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5213 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5214 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5215 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5216 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5217 type: ClusterIP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5218 ports:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5219 - name: https
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5220 port: 443
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5221 protocol: TCP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5222 targetPort: "https"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5223 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5224 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5225 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5226 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5227 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5228 # Source: cert-manager/templates/cainjector-deployment.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5229 apiVersion: apps/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5230 kind: Deployment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5231 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5232 name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5233 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5234 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5235 app: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5236 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5237 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5238 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5239 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5240 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5241 replicas: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5242 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5243 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5244 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5245 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5246 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5247 template:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5248 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5249 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5250 app: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5251 app.kubernetes.io/name: cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5252 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5253 app.kubernetes.io/component: "cainjector"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5254 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5255 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5256 serviceAccountName: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5257 securityContext:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5258 runAsNonRoot: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5259 seccompProfile:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5260 type: RuntimeDefault
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5261 containers:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5262 - name: cert-manager-cainjector
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5263 image: "quay.io/jetstack/cert-manager-cainjector:v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5264 imagePullPolicy: IfNotPresent
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5265 args:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5266 - --v=2
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5267 - --leader-election-namespace=kube-system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5268 env:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5269 - name: POD_NAMESPACE
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5270 valueFrom:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5271 fieldRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5272 fieldPath: metadata.namespace
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5273 securityContext:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5274 allowPrivilegeEscalation: false
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5275 capabilities:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5276 drop:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5277 - ALL
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5278 nodeSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5279 kubernetes.io/os: linux
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5280 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5281 # Source: cert-manager/templates/deployment.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5282 apiVersion: apps/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5283 kind: Deployment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5284 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5285 name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5286 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5287 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5288 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5289 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5290 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5291 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5292 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5293 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5294 replicas: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5295 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5296 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5297 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5298 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5299 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5300 template:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5301 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5302 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5303 app: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5304 app.kubernetes.io/name: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5305 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5306 app.kubernetes.io/component: "controller"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5307 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5308 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5309 prometheus.io/path: "/metrics"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5310 prometheus.io/scrape: 'true'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5311 prometheus.io/port: '9402'
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5312 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5313 serviceAccountName: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5314 securityContext:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5315 runAsNonRoot: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5316 seccompProfile:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5317 type: RuntimeDefault
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5318 containers:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5319 - name: cert-manager-controller
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5320 image: "quay.io/jetstack/cert-manager-controller:v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5321 imagePullPolicy: IfNotPresent
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5322 args:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5323 - --v=2
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5324 - --cluster-resource-namespace=$(POD_NAMESPACE)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5325 - --leader-election-namespace=kube-system
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5326 ports:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5327 - containerPort: 9402
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5328 name: http-metrics
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5329 protocol: TCP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5330 securityContext:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5331 allowPrivilegeEscalation: false
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5332 capabilities:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5333 drop:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5334 - ALL
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5335 env:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5336 - name: POD_NAMESPACE
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5337 valueFrom:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5338 fieldRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5339 fieldPath: metadata.namespace
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5340 nodeSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5341 kubernetes.io/os: linux
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5342 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5343 # Source: cert-manager/templates/webhook-deployment.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5344 apiVersion: apps/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5345 kind: Deployment
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5346 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5347 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5348 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5349 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5350 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5351 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5352 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5353 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5354 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5355 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5356 replicas: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5357 selector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5358 matchLabels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5359 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5360 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5361 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5362 template:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5363 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5364 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5365 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5366 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5367 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5368 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5369 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5370 spec:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5371 serviceAccountName: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5372 securityContext:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5373 runAsNonRoot: true
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5374 seccompProfile:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5375 type: RuntimeDefault
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5376 containers:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5377 - name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5378 image: "quay.io/jetstack/cert-manager-webhook:v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5379 imagePullPolicy: IfNotPresent
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5380 args:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5381 - --v=2
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5382 - --secure-port=10250
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5383 - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5384 - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5385 - --dynamic-serving-dns-names=cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5386 - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5387 - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5388
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5389 ports:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5390 - name: https
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5391 protocol: TCP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5392 containerPort: 10250
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5393 - name: healthcheck
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5394 protocol: TCP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5395 containerPort: 6080
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5396 livenessProbe:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5397 httpGet:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5398 path: /livez
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5399 port: 6080
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5400 scheme: HTTP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5401 initialDelaySeconds: 60
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5402 periodSeconds: 10
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5403 timeoutSeconds: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5404 successThreshold: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5405 failureThreshold: 3
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5406 readinessProbe:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5407 httpGet:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5408 path: /healthz
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5409 port: 6080
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5410 scheme: HTTP
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5411 initialDelaySeconds: 5
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5412 periodSeconds: 5
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5413 timeoutSeconds: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5414 successThreshold: 1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5415 failureThreshold: 3
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5416 securityContext:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5417 allowPrivilegeEscalation: false
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5418 capabilities:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5419 drop:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5420 - ALL
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5421 env:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5422 - name: POD_NAMESPACE
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5423 valueFrom:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5424 fieldRef:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5425 fieldPath: metadata.namespace
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5426 nodeSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5427 kubernetes.io/os: linux
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5428 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5429 # Source: cert-manager/templates/webhook-mutating-webhook.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5430 apiVersion: admissionregistration.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5431 kind: MutatingWebhookConfiguration
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5432 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5433 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5434 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5435 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5436 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5437 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5438 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5439 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5440 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5441 cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5442 webhooks:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5443 - name: webhook.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5444 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5445 - apiGroups:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5446 - "cert-manager.io"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5447 - "acme.cert-manager.io"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5448 apiVersions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5449 - "v1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5450 operations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5451 - CREATE
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5452 - UPDATE
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5453 resources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5454 - "*/*"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5455 admissionReviewVersions: ["v1"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5456 # This webhook only accepts v1 cert-manager resources.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5457 # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5458 # this webhook (after the resources have been converted to v1).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5459 matchPolicy: Equivalent
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5460 timeoutSeconds: 10
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5461 failurePolicy: Fail
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5462 # Only include 'sideEffects' field in Kubernetes 1.12+
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5463 sideEffects: None
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5464 clientConfig:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5465 service:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5466 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5467 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5468 path: /mutate
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5469 ---
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5470 # Source: cert-manager/templates/webhook-validating-webhook.yaml
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5471 apiVersion: admissionregistration.k8s.io/v1
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5472 kind: ValidatingWebhookConfiguration
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5473 metadata:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5474 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5475 labels:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5476 app: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5477 app.kubernetes.io/name: webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5478 app.kubernetes.io/instance: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5479 app.kubernetes.io/component: "webhook"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5480 app.kubernetes.io/version: "v1.10.1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5481 annotations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5482 cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5483 webhooks:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5484 - name: webhook.cert-manager.io
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5485 namespaceSelector:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5486 matchExpressions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5487 - key: "cert-manager.io/disable-validation"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5488 operator: "NotIn"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5489 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5490 - "true"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5491 - key: "name"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5492 operator: "NotIn"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5493 values:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5494 - cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5495 rules:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5496 - apiGroups:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5497 - "cert-manager.io"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5498 - "acme.cert-manager.io"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5499 apiVersions:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5500 - "v1"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5501 operations:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5502 - CREATE
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5503 - UPDATE
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5504 resources:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5505 - "*/*"
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5506 admissionReviewVersions: ["v1"]
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5507 # This webhook only accepts v1 cert-manager resources.
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5508 # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5509 # this webhook (after the resources have been converted to v1).
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5510 matchPolicy: Equivalent
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5511 timeoutSeconds: 10
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5512 failurePolicy: Fail
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5513 sideEffects: None
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5514 clientConfig:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5515 service:
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5516 name: cert-manager-webhook
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5517 namespace: cert-manager
0ae82df13719 renames and file splits, mostly
drewp@bigasterisk.com
parents:
diff changeset
5518 path: /validate