Skip to content

Commit

Permalink
Merge pull request #161 from DavidChevallier/publish-module-cert-manager
Browse files Browse the repository at this point in the history
publish-module-cert-manager
  • Loading branch information
Peefy authored Jul 2, 2024
2 parents f7f7b57 + 3d31186 commit 9ba91f1
Show file tree
Hide file tree
Showing 15 changed files with 17,438 additions and 830 deletions.
772 changes: 0 additions & 772 deletions cert-manager/cert-manager

This file was deleted.

328 changes: 328 additions & 0 deletions cert-manager/crds/crd-certificaterequests.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,328 @@
# {{- include "cert-manager.crd-check" . }}
# START crd {{- if or .Values.crds.enabled .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: certificaterequests.cert-manager.io
# START annotations {{- if .Values.crds.keep }}
annotations:
helm.sh/resource-policy: keep
# END annotations {{- end }}
labels:
app: '{{ template "cert-manager.name" . }}'
app.kubernetes.io/name: '{{ template "cert-manager.name" . }}'
app.kubernetes.io/instance: '{{ .Release.Name }}'
# Generated labels {{- include "labels" . | nindent 4 }}
spec:
group: cert-manager.io
names:
kind: CertificateRequest
listKind: CertificateRequestList
plural: certificaterequests
shortNames:
- cr
- crs
singular: certificaterequest
categories:
- cert-manager
scope: Namespaced
versions:
- name: v1
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Approved")].status
name: Approved
type: string
- jsonPath: .status.conditions[?(@.type=="Denied")].status
name: Denied
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .spec.issuerRef.name
name: Issuer
type: string
- jsonPath: .spec.username
name: Requestor
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
priority: 1
type: string
- jsonPath: .metadata.creationTimestamp
description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
name: Age
type: date
schema:
openAPIV3Schema:
description: |-
A CertificateRequest is used to request a signed certificate from one of the
configured issuers.
All fields within the CertificateRequest's `spec` are immutable after creation.
A CertificateRequest will either succeed or fail, as denoted by its `Ready` status
condition and its `status.failureTime` field.
A CertificateRequest is a one-shot resource, meaning it represents a single
point in time request for a certificate and cannot be re-used.
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of the desired state of the CertificateRequest resource.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- issuerRef
- request
properties:
duration:
description: |-
Requested 'duration' (i.e. lifetime) of the Certificate. Note that the
issuer may choose to ignore the requested duration, just like any other
requested attribute.
type: string
extra:
description: |-
Extra contains extra attributes of the user that created the CertificateRequest.
Populated by the cert-manager webhook on creation and immutable.
type: object
additionalProperties:
type: array
items:
type: string
groups:
description: |-
Groups contains group membership of the user that created the CertificateRequest.
Populated by the cert-manager webhook on creation and immutable.
type: array
items:
type: string
x-kubernetes-list-type: atomic
isCA:
description: |-
Requested basic constraints isCA value. Note that the issuer may choose
to ignore the requested isCA value, just like any other requested attribute.
NOTE: If the CSR in the `Request` field has a BasicConstraints extension,
it must have the same isCA value as specified here.
If true, this will automatically add the `cert sign` usage to the list
of requested `usages`.
type: boolean
issuerRef:
description: |-
Reference to the issuer responsible for issuing the certificate.
If the issuer is namespace-scoped, it must be in the same namespace
as the Certificate. If the issuer is cluster-scoped, it can be used
from any namespace.
The `name` field of the reference must always be specified.
type: object
required:
- name
properties:
group:
description: Group of the resource being referred to.
type: string
kind:
description: Kind of the resource being referred to.
type: string
name:
description: Name of the resource being referred to.
type: string
request:
description: |-
The PEM-encoded X.509 certificate signing request to be submitted to the
issuer for signing.
If the CSR has a BasicConstraints extension, its isCA attribute must
match the `isCA` value of this CertificateRequest.
If the CSR has a KeyUsage extension, its key usages must match the
key usages in the `usages` field of this CertificateRequest.
If the CSR has a ExtKeyUsage extension, its extended key usages
must match the extended key usages in the `usages` field of this
CertificateRequest.
type: string
format: byte
uid:
description: |-
UID contains the uid of the user that created the CertificateRequest.
Populated by the cert-manager webhook on creation and immutable.
type: string
usages:
description: |-
Requested key usages and extended key usages.
NOTE: If the CSR in the `Request` field has uses the KeyUsage or
ExtKeyUsage extension, these extensions must have the same values
as specified here without any additional values.
If unset, defaults to `digital signature` and `key encipherment`.
type: array
items:
description: |-
KeyUsage specifies valid usage contexts for keys.
See:
https://tools.ietf.org/html/rfc5280#section-4.2.1.3
https://tools.ietf.org/html/rfc5280#section-4.2.1.12
Valid KeyUsage values are as follows:
"signing",
"digital signature",
"content commitment",
"key encipherment",
"key agreement",
"data encipherment",
"cert sign",
"crl sign",
"encipher only",
"decipher only",
"any",
"server auth",
"client auth",
"code signing",
"email protection",
"s/mime",
"ipsec end system",
"ipsec tunnel",
"ipsec user",
"timestamping",
"ocsp signing",
"microsoft sgc",
"netscape sgc"
type: string
enum:
- signing
- digital signature
- content commitment
- key encipherment
- key agreement
- data encipherment
- cert sign
- crl sign
- encipher only
- decipher only
- any
- server auth
- client auth
- code signing
- email protection
- s/mime
- ipsec end system
- ipsec tunnel
- ipsec user
- timestamping
- ocsp signing
- microsoft sgc
- netscape sgc
username:
description: |-
Username contains the name of the user that created the CertificateRequest.
Populated by the cert-manager webhook on creation and immutable.
type: string
status:
description: |-
Status of the CertificateRequest.
This is set and managed automatically.
Read-only.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
ca:
description: |-
The PEM encoded X.509 certificate of the signer, also known as the CA
(Certificate Authority).
This is set on a best-effort basis by different issuers.
If not set, the CA is assumed to be unknown/not available.
type: string
format: byte
certificate:
description: |-
The PEM encoded X.509 certificate resulting from the certificate
signing request.
If not set, the CertificateRequest has either not been completed or has
failed. More information on failure can be found by checking the
`conditions` field.
type: string
format: byte
conditions:
description: |-
List of status conditions to indicate the status of a CertificateRequest.
Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`.
type: array
items:
description: CertificateRequestCondition contains condition information for a CertificateRequest.
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the timestamp corresponding to the last status
change of this condition.
type: string
format: date-time
message:
description: |-
Message is a human readable description of the details of the last
transition, complementing reason.
type: string
reason:
description: |-
Reason is a brief machine readable explanation for the condition's last
transition.
type: string
status:
description: Status of the condition, one of (`True`, `False`, `Unknown`).
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: |-
Type of the condition, known values are (`Ready`, `InvalidRequest`,
`Approved`, `Denied`).
type: string
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
failureTime:
description: |-
FailureTime stores the time that this CertificateRequest failed. This is
used to influence garbage collection and back-off.
type: string
format: date-time
served: true
storage: true

# END crd {{- end }}
Loading

0 comments on commit 9ba91f1

Please sign in to comment.