github.com/replicatedhq/ship@v0.55.0/integration/init/cert-manager/expected/base/deploy/manifests/CustomResourceDefinitions.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1beta1 2 kind: CustomResourceDefinition 3 metadata: 4 creationTimestamp: null 5 labels: 6 controller-tools.k8s.io: "1.0" 7 name: certificates.certmanager.k8s.io 8 spec: 9 additionalPrinterColumns: 10 - JSONPath: .status.conditions[?(@.type==\"Ready\")].status 11 name: Ready 12 type: string 13 - JSONPath: .spec.secretName 14 name: Secret 15 type: string 16 - JSONPath: .spec.issuerRef.name 17 name: Issuer 18 priority: 1 19 type: string 20 - JSONPath: .status.conditions[?(@.type==\"Ready\")].message 21 name: Status 22 priority: 1 23 type: string 24 - JSONPath: .metadata.creationTimestamp 25 description: CreationTimestamp is a timestamp representing the server time when 26 this object was created. It is not guaranteed to be set in happens-before order 27 across separate operations. Clients may not set this value. It is represented 28 in RFC3339 form and is in UTC. 29 name: Age 30 type: date 31 group: certmanager.k8s.io 32 names: 33 kind: Certificate 34 plural: certificates 35 shortNames: 36 - cert 37 - certs 38 scope: Namespaced 39 validation: 40 openAPIV3Schema: 41 properties: 42 apiVersion: 43 description: 'APIVersion defines the versioned schema of this representation 44 of an object. Servers should convert recognized schemas to the latest 45 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 46 type: string 47 kind: 48 description: 'Kind is a string value representing the REST resource this 49 object represents. Servers may infer this from the endpoint the client 50 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 51 type: string 52 metadata: 53 type: object 54 spec: 55 properties: 56 acme: 57 description: ACME contains configuration specific to ACME Certificates. 58 Notably, this contains details on how the domain names listed on this 59 Certificate resource should be 'solved', i.e. mapping HTTP01 and DNS01 60 providers to DNS names. 61 properties: 62 config: 63 items: 64 properties: 65 domains: 66 description: Domains is the list of domains that this SolverConfig 67 applies to. 68 items: 69 type: string 70 type: array 71 required: 72 - domains 73 type: object 74 type: array 75 required: 76 - config 77 type: object 78 commonName: 79 description: CommonName is a common name to be used on the Certificate 80 type: string 81 dnsNames: 82 description: DNSNames is a list of subject alt names to be used on the 83 Certificate 84 items: 85 type: string 86 type: array 87 duration: 88 description: Certificate default Duration 89 type: string 90 ipAddresses: 91 description: IPAddresses is a list of IP addresses to be used on the 92 Certificate 93 items: 94 type: string 95 type: array 96 isCA: 97 description: IsCA will mark this Certificate as valid for signing. This 98 implies that the 'signing' usage is set 99 type: boolean 100 issuerRef: 101 description: IssuerRef is a reference to the issuer for this certificate. 102 If the 'kind' field is not set, or set to 'Issuer', an Issuer resource 103 with the given name in the same namespace as the Certificate will 104 be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer 105 with the provided name will be used. The 'name' field in this stanza 106 is required at all times. 107 properties: 108 kind: 109 type: string 110 name: 111 type: string 112 required: 113 - name 114 type: object 115 keyAlgorithm: 116 description: KeyAlgorithm is the private key algorithm of the corresponding 117 private key for this certificate. If provided, allowed values are 118 either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize is 119 not provided, key size of 256 will be used for "ecdsa" key algorithm 120 and key size of 2048 will be used for "rsa" key algorithm. 121 enum: 122 - rsa 123 - ecdsa 124 type: string 125 keySize: 126 description: KeySize is the key bit size of the corresponding private 127 key for this certificate. If provided, value must be between 2048 128 and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa", 129 and value must be one of (256, 384, 521) when KeyAlgorithm is set 130 to "ecdsa". 131 format: int64 132 type: integer 133 organization: 134 description: Organization is the organization to be used on the Certificate 135 items: 136 type: string 137 type: array 138 renewBefore: 139 description: Certificate renew before expiration duration 140 type: string 141 secretName: 142 description: SecretName is the name of the secret resource to store 143 this secret in 144 type: string 145 required: 146 - secretName 147 - issuerRef 148 type: object 149 status: 150 properties: 151 conditions: 152 items: 153 properties: 154 lastTransitionTime: 155 description: LastTransitionTime is the timestamp corresponding 156 to the last status change of this condition. 157 format: date-time 158 type: string 159 message: 160 description: Message is a human readable description of the details 161 of the last transition, complementing reason. 162 type: string 163 reason: 164 description: Reason is a brief machine readable explanation for 165 the condition's last transition. 166 type: string 167 status: 168 description: Status of the condition, one of ('True', 'False', 169 'Unknown'). 170 enum: 171 - "True" 172 - "False" 173 - Unknown 174 type: string 175 type: 176 description: Type of the condition, currently ('Ready'). 177 type: string 178 required: 179 - type 180 - status 181 - lastTransitionTime 182 - reason 183 - message 184 type: object 185 type: array 186 lastFailureTime: 187 format: date-time 188 type: string 189 notAfter: 190 description: The expiration time of the certificate stored in the secret 191 named by this resource in spec.secretName. 192 format: date-time 193 type: string 194 type: object 195 version: v1alpha1 196 status: 197 acceptedNames: 198 kind: "" 199 plural: "" 200 conditions: [] 201 storedVersions: [] 202 --- 203 apiVersion: apiextensions.k8s.io/v1beta1 204 kind: CustomResourceDefinition 205 metadata: 206 creationTimestamp: null 207 labels: 208 controller-tools.k8s.io: "1.0" 209 name: challenges.certmanager.k8s.io 210 spec: 211 additionalPrinterColumns: 212 - JSONPath: .status.state 213 name: State 214 type: string 215 - JSONPath: .spec.dnsName 216 name: Domain 217 type: string 218 - JSONPath: .status.reason 219 name: Reason 220 priority: 1 221 type: string 222 - JSONPath: .metadata.creationTimestamp 223 description: CreationTimestamp is a timestamp representing the server time when 224 this object was created. It is not guaranteed to be set in happens-before order 225 across separate operations. Clients may not set this value. It is represented 226 in RFC3339 form and is in UTC. 227 name: Age 228 type: date 229 group: certmanager.k8s.io 230 names: 231 kind: Challenge 232 plural: challenges 233 scope: Namespaced 234 validation: 235 openAPIV3Schema: 236 properties: 237 apiVersion: 238 description: 'APIVersion defines the versioned schema of this representation 239 of an object. Servers should convert recognized schemas to the latest 240 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 241 type: string 242 kind: 243 description: 'Kind is a string value representing the REST resource this 244 object represents. Servers may infer this from the endpoint the client 245 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 246 type: string 247 metadata: 248 type: object 249 spec: 250 properties: 251 authzURL: 252 description: AuthzURL is the URL to the ACME Authorization resource 253 that this challenge is a part of. 254 type: string 255 config: 256 description: Config specifies the solver configuration for this challenge. 257 type: object 258 dnsName: 259 description: DNSName is the identifier that this challenge is for, e.g. 260 example.com. 261 type: string 262 issuerRef: 263 description: IssuerRef references a properly configured ACME-type Issuer 264 which should be used to create this Challenge. If the Issuer does 265 not exist, processing will be retried. If the Issuer is not an 'ACME' 266 Issuer, an error will be returned and the Challenge will be marked 267 as failed. 268 properties: 269 kind: 270 type: string 271 name: 272 type: string 273 required: 274 - name 275 type: object 276 key: 277 description: Key is the ACME challenge key for this challenge 278 type: string 279 token: 280 description: Token is the ACME challenge token for this challenge. 281 type: string 282 type: 283 description: Type is the type of ACME challenge this resource represents, 284 e.g. "dns01" or "http01" 285 type: string 286 url: 287 description: URL is the URL of the ACME Challenge resource for this 288 challenge. This can be used to lookup details about the status of 289 this challenge. 290 type: string 291 wildcard: 292 description: Wildcard will be true if this challenge is for a wildcard 293 identifier, for example '*.example.com' 294 type: boolean 295 required: 296 - authzURL 297 - type 298 - url 299 - dnsName 300 - token 301 - key 302 - wildcard 303 - config 304 - issuerRef 305 type: object 306 status: 307 properties: 308 presented: 309 description: Presented will be set to true if the challenge values for 310 this challenge are currently 'presented'. This *does not* imply the 311 self check is passing. Only that the values have been 'submitted' 312 for the appropriate challenge mechanism (i.e. the DNS01 TXT record 313 has been presented, or the HTTP01 configuration has been configured). 314 type: boolean 315 processing: 316 description: Processing is used to denote whether this challenge should 317 be processed or not. This field will only be set to true by the 'scheduling' 318 component. It will only be set to false by the 'challenges' controller, 319 after the challenge has reached a final state or timed out. If this 320 field is set to false, the challenge controller will not take any 321 more action. 322 type: boolean 323 reason: 324 description: Reason contains human readable information on why the Challenge 325 is in the current state. 326 type: string 327 state: 328 description: State contains the current 'state' of the challenge. If 329 not set, the state of the challenge is unknown. 330 enum: 331 - "" 332 - valid 333 - ready 334 - pending 335 - processing 336 - invalid 337 - expired 338 - errored 339 type: string 340 required: 341 - processing 342 - presented 343 - reason 344 type: object 345 required: 346 - metadata 347 - spec 348 - status 349 version: v1alpha1 350 status: 351 acceptedNames: 352 kind: "" 353 plural: "" 354 conditions: [] 355 storedVersions: [] 356 --- 357 apiVersion: apiextensions.k8s.io/v1beta1 358 kind: CustomResourceDefinition 359 metadata: 360 creationTimestamp: null 361 labels: 362 controller-tools.k8s.io: "1.0" 363 name: clusterissuers.certmanager.k8s.io 364 spec: 365 group: certmanager.k8s.io 366 names: 367 kind: ClusterIssuer 368 plural: clusterissuers 369 scope: Cluster 370 validation: 371 openAPIV3Schema: 372 properties: 373 apiVersion: 374 description: 'APIVersion defines the versioned schema of this representation 375 of an object. Servers should convert recognized schemas to the latest 376 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 377 type: string 378 kind: 379 description: 'Kind is a string value representing the REST resource this 380 object represents. Servers may infer this from the endpoint the client 381 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 382 type: string 383 metadata: 384 type: object 385 spec: 386 properties: 387 acme: 388 properties: 389 email: 390 description: Email is the email for this account 391 type: string 392 privateKeySecretRef: 393 description: PrivateKey is the name of a secret containing the private 394 key for this user account. 395 properties: 396 key: 397 description: The key of the secret to select from. Must be a 398 valid secret key. 399 type: string 400 name: 401 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 402 TODO: Add other useful fields. apiVersion, kind, uid?' 403 type: string 404 required: 405 - name 406 type: object 407 server: 408 description: Server is the ACME server URL 409 type: string 410 skipTLSVerify: 411 description: If true, skip verifying the ACME server TLS certificate 412 type: boolean 413 required: 414 - email 415 - server 416 - privateKeySecretRef 417 type: object 418 ca: 419 properties: 420 secretName: 421 description: SecretName is the name of the secret used to sign Certificates 422 issued by this Issuer. 423 type: string 424 required: 425 - secretName 426 type: object 427 selfSigned: 428 type: object 429 vault: 430 properties: 431 auth: 432 description: Vault authentication 433 properties: 434 appRole: 435 description: This Secret contains a AppRole and Secret 436 properties: 437 path: 438 description: Where the authentication path is mounted in 439 Vault. 440 type: string 441 roleId: 442 type: string 443 secretRef: 444 properties: 445 key: 446 description: The key of the secret to select from. Must 447 be a valid secret key. 448 type: string 449 name: 450 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 451 TODO: Add other useful fields. apiVersion, kind, uid?' 452 type: string 453 required: 454 - name 455 type: object 456 required: 457 - path 458 - roleId 459 - secretRef 460 type: object 461 tokenSecretRef: 462 description: This Secret contains the Vault token key 463 properties: 464 key: 465 description: The key of the secret to select from. Must 466 be a valid secret key. 467 type: string 468 name: 469 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 470 TODO: Add other useful fields. apiVersion, kind, uid?' 471 type: string 472 required: 473 - name 474 type: object 475 type: object 476 caBundle: 477 description: Base64 encoded CA bundle to validate Vault server certificate. 478 Only used if the Server URL is using HTTPS protocol. This parameter 479 is ignored for plain HTTP protocol connection. If not set the 480 system root certificates are used to validate the TLS connection. 481 format: byte 482 type: string 483 path: 484 description: Vault URL path to the certificate role 485 type: string 486 server: 487 description: Server is the vault connection address 488 type: string 489 required: 490 - auth 491 - server 492 - path 493 type: object 494 venafi: 495 properties: 496 cloud: 497 description: Cloud specifies the Venafi cloud configuration settings. 498 Only one of TPP or Cloud may be specified. 499 properties: 500 apiTokenSecretRef: 501 description: APITokenSecretRef is a secret key selector for 502 the Venafi Cloud API token. 503 properties: 504 key: 505 description: The key of the secret to select from. Must 506 be a valid secret key. 507 type: string 508 name: 509 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 510 TODO: Add other useful fields. apiVersion, kind, uid?' 511 type: string 512 required: 513 - name 514 type: object 515 url: 516 description: URL is the base URL for Venafi Cloud 517 type: string 518 required: 519 - url 520 - apiTokenSecretRef 521 type: object 522 tpp: 523 description: TPP specifies Trust Protection Platform configuration 524 settings. Only one of TPP or Cloud may be specified. 525 properties: 526 caBundle: 527 description: CABundle is a PEM encoded TLS certifiate to use 528 to verify connections to the TPP instance. If specified, system 529 roots will not be used and the issuing CA for the TPP instance 530 must be verifiable using the provided root. If not specified, 531 the connection will be verified using the cert-manager system 532 root certificates. 533 format: byte 534 type: string 535 credentialsRef: 536 description: CredentialsRef is a reference to a Secret containing 537 the username and password for the TPP server. The secret must 538 contain two keys, 'username' and 'password'. 539 properties: 540 name: 541 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 542 TODO: Add other useful fields. apiVersion, kind, uid?' 543 type: string 544 required: 545 - name 546 type: object 547 url: 548 description: URL is the base URL for the Venafi TPP instance 549 type: string 550 required: 551 - url 552 - credentialsRef 553 type: object 554 zone: 555 description: Zone is the Venafi Policy Zone to use for this issuer. 556 All requests made to the Venafi platform will be restricted by 557 the named zone policy. This field is required. 558 type: string 559 required: 560 - zone 561 type: object 562 type: object 563 status: 564 properties: 565 acme: 566 properties: 567 uri: 568 description: URI is the unique account identifier, which can also 569 be used to retrieve account details from the CA 570 type: string 571 type: object 572 conditions: 573 items: 574 properties: 575 lastTransitionTime: 576 description: LastTransitionTime is the timestamp corresponding 577 to the last status change of this condition. 578 format: date-time 579 type: string 580 message: 581 description: Message is a human readable description of the details 582 of the last transition, complementing reason. 583 type: string 584 reason: 585 description: Reason is a brief machine readable explanation for 586 the condition's last transition. 587 type: string 588 status: 589 description: Status of the condition, one of ('True', 'False', 590 'Unknown'). 591 enum: 592 - "True" 593 - "False" 594 - Unknown 595 type: string 596 type: 597 description: Type of the condition, currently ('Ready'). 598 type: string 599 required: 600 - type 601 - status 602 - lastTransitionTime 603 - reason 604 - message 605 type: object 606 type: array 607 type: object 608 version: v1alpha1 609 status: 610 acceptedNames: 611 kind: "" 612 plural: "" 613 conditions: [] 614 storedVersions: [] 615 --- 616 apiVersion: apiextensions.k8s.io/v1beta1 617 kind: CustomResourceDefinition 618 metadata: 619 creationTimestamp: null 620 labels: 621 controller-tools.k8s.io: "1.0" 622 name: issuers.certmanager.k8s.io 623 spec: 624 group: certmanager.k8s.io 625 names: 626 kind: Issuer 627 plural: issuers 628 scope: Namespaced 629 validation: 630 openAPIV3Schema: 631 properties: 632 apiVersion: 633 description: 'APIVersion defines the versioned schema of this representation 634 of an object. Servers should convert recognized schemas to the latest 635 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 636 type: string 637 kind: 638 description: 'Kind is a string value representing the REST resource this 639 object represents. Servers may infer this from the endpoint the client 640 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 641 type: string 642 metadata: 643 type: object 644 spec: 645 properties: 646 acme: 647 properties: 648 email: 649 description: Email is the email for this account 650 type: string 651 privateKeySecretRef: 652 description: PrivateKey is the name of a secret containing the private 653 key for this user account. 654 properties: 655 key: 656 description: The key of the secret to select from. Must be a 657 valid secret key. 658 type: string 659 name: 660 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 661 TODO: Add other useful fields. apiVersion, kind, uid?' 662 type: string 663 required: 664 - name 665 type: object 666 server: 667 description: Server is the ACME server URL 668 type: string 669 skipTLSVerify: 670 description: If true, skip verifying the ACME server TLS certificate 671 type: boolean 672 required: 673 - email 674 - server 675 - privateKeySecretRef 676 type: object 677 ca: 678 properties: 679 secretName: 680 description: SecretName is the name of the secret used to sign Certificates 681 issued by this Issuer. 682 type: string 683 required: 684 - secretName 685 type: object 686 selfSigned: 687 type: object 688 vault: 689 properties: 690 auth: 691 description: Vault authentication 692 properties: 693 appRole: 694 description: This Secret contains a AppRole and Secret 695 properties: 696 path: 697 description: Where the authentication path is mounted in 698 Vault. 699 type: string 700 roleId: 701 type: string 702 secretRef: 703 properties: 704 key: 705 description: The key of the secret to select from. Must 706 be a valid secret key. 707 type: string 708 name: 709 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 710 TODO: Add other useful fields. apiVersion, kind, uid?' 711 type: string 712 required: 713 - name 714 type: object 715 required: 716 - path 717 - roleId 718 - secretRef 719 type: object 720 tokenSecretRef: 721 description: This Secret contains the Vault token key 722 properties: 723 key: 724 description: The key of the secret to select from. Must 725 be a valid secret key. 726 type: string 727 name: 728 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 729 TODO: Add other useful fields. apiVersion, kind, uid?' 730 type: string 731 required: 732 - name 733 type: object 734 type: object 735 caBundle: 736 description: Base64 encoded CA bundle to validate Vault server certificate. 737 Only used if the Server URL is using HTTPS protocol. This parameter 738 is ignored for plain HTTP protocol connection. If not set the 739 system root certificates are used to validate the TLS connection. 740 format: byte 741 type: string 742 path: 743 description: Vault URL path to the certificate role 744 type: string 745 server: 746 description: Server is the vault connection address 747 type: string 748 required: 749 - auth 750 - server 751 - path 752 type: object 753 venafi: 754 properties: 755 cloud: 756 description: Cloud specifies the Venafi cloud configuration settings. 757 Only one of TPP or Cloud may be specified. 758 properties: 759 apiTokenSecretRef: 760 description: APITokenSecretRef is a secret key selector for 761 the Venafi Cloud API token. 762 properties: 763 key: 764 description: The key of the secret to select from. Must 765 be a valid secret key. 766 type: string 767 name: 768 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 769 TODO: Add other useful fields. apiVersion, kind, uid?' 770 type: string 771 required: 772 - name 773 type: object 774 url: 775 description: URL is the base URL for Venafi Cloud 776 type: string 777 required: 778 - url 779 - apiTokenSecretRef 780 type: object 781 tpp: 782 description: TPP specifies Trust Protection Platform configuration 783 settings. Only one of TPP or Cloud may be specified. 784 properties: 785 caBundle: 786 description: CABundle is a PEM encoded TLS certifiate to use 787 to verify connections to the TPP instance. If specified, system 788 roots will not be used and the issuing CA for the TPP instance 789 must be verifiable using the provided root. If not specified, 790 the connection will be verified using the cert-manager system 791 root certificates. 792 format: byte 793 type: string 794 credentialsRef: 795 description: CredentialsRef is a reference to a Secret containing 796 the username and password for the TPP server. The secret must 797 contain two keys, 'username' and 'password'. 798 properties: 799 name: 800 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 801 TODO: Add other useful fields. apiVersion, kind, uid?' 802 type: string 803 required: 804 - name 805 type: object 806 url: 807 description: URL is the base URL for the Venafi TPP instance 808 type: string 809 required: 810 - url 811 - credentialsRef 812 type: object 813 zone: 814 description: Zone is the Venafi Policy Zone to use for this issuer. 815 All requests made to the Venafi platform will be restricted by 816 the named zone policy. This field is required. 817 type: string 818 required: 819 - zone 820 type: object 821 type: object 822 status: 823 properties: 824 acme: 825 properties: 826 uri: 827 description: URI is the unique account identifier, which can also 828 be used to retrieve account details from the CA 829 type: string 830 type: object 831 conditions: 832 items: 833 properties: 834 lastTransitionTime: 835 description: LastTransitionTime is the timestamp corresponding 836 to the last status change of this condition. 837 format: date-time 838 type: string 839 message: 840 description: Message is a human readable description of the details 841 of the last transition, complementing reason. 842 type: string 843 reason: 844 description: Reason is a brief machine readable explanation for 845 the condition's last transition. 846 type: string 847 status: 848 description: Status of the condition, one of ('True', 'False', 849 'Unknown'). 850 enum: 851 - "True" 852 - "False" 853 - Unknown 854 type: string 855 type: 856 description: Type of the condition, currently ('Ready'). 857 type: string 858 required: 859 - type 860 - status 861 - lastTransitionTime 862 - reason 863 - message 864 type: object 865 type: array 866 type: object 867 version: v1alpha1 868 status: 869 acceptedNames: 870 kind: "" 871 plural: "" 872 conditions: [] 873 storedVersions: [] 874 --- 875 apiVersion: apiextensions.k8s.io/v1beta1 876 kind: CustomResourceDefinition 877 metadata: 878 creationTimestamp: null 879 labels: 880 controller-tools.k8s.io: "1.0" 881 name: orders.certmanager.k8s.io 882 spec: 883 additionalPrinterColumns: 884 - JSONPath: .status.state 885 name: State 886 type: string 887 - JSONPath: .spec.issuerRef.name 888 name: Issuer 889 priority: 1 890 type: string 891 - JSONPath: .status.reason 892 name: Reason 893 priority: 1 894 type: string 895 - JSONPath: .metadata.creationTimestamp 896 description: CreationTimestamp is a timestamp representing the server time when 897 this object was created. It is not guaranteed to be set in happens-before order 898 across separate operations. Clients may not set this value. It is represented 899 in RFC3339 form and is in UTC. 900 name: Age 901 type: date 902 group: certmanager.k8s.io 903 names: 904 kind: Order 905 plural: orders 906 scope: Namespaced 907 validation: 908 openAPIV3Schema: 909 properties: 910 apiVersion: 911 description: 'APIVersion defines the versioned schema of this representation 912 of an object. Servers should convert recognized schemas to the latest 913 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 914 type: string 915 kind: 916 description: 'Kind is a string value representing the REST resource this 917 object represents. Servers may infer this from the endpoint the client 918 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 919 type: string 920 metadata: 921 type: object 922 spec: 923 properties: 924 commonName: 925 description: CommonName is the common name as specified on the DER encoded 926 CSR. If CommonName is not specified, the first DNSName specified will 927 be used as the CommonName. At least one of CommonName or a DNSNames 928 must be set. This field must match the corresponding field on the 929 DER encoded CSR. 930 type: string 931 config: 932 description: Config specifies a mapping from DNS identifiers to how 933 those identifiers should be solved when performing ACME challenges. 934 A config entry must exist for each domain listed in DNSNames and CommonName. 935 items: 936 properties: 937 domains: 938 description: Domains is the list of domains that this SolverConfig 939 applies to. 940 items: 941 type: string 942 type: array 943 required: 944 - domains 945 type: object 946 type: array 947 csr: 948 description: Certificate signing request bytes in DER encoding. This 949 will be used when finalizing the order. This field must be set on 950 the order. 951 format: byte 952 type: string 953 dnsNames: 954 description: DNSNames is a list of DNS names that should be included 955 as part of the Order validation process. If CommonName is not specified, 956 the first DNSName specified will be used as the CommonName. At least 957 one of CommonName or a DNSNames must be set. This field must match 958 the corresponding field on the DER encoded CSR. 959 items: 960 type: string 961 type: array 962 issuerRef: 963 description: IssuerRef references a properly configured ACME-type Issuer 964 which should be used to create this Order. If the Issuer does not 965 exist, processing will be retried. If the Issuer is not an 'ACME' 966 Issuer, an error will be returned and the Order will be marked as 967 failed. 968 properties: 969 kind: 970 type: string 971 name: 972 type: string 973 required: 974 - name 975 type: object 976 required: 977 - csr 978 - issuerRef 979 - config 980 type: object 981 status: 982 properties: 983 certificate: 984 description: Certificate is a copy of the PEM encoded certificate for 985 this Order. This field will be populated after the order has been 986 successfully finalized with the ACME server, and the order has transitioned 987 to the 'valid' state. 988 format: byte 989 type: string 990 challenges: 991 description: Challenges is a list of ChallengeSpecs for Challenges that 992 must be created in order to complete this Order. 993 items: 994 properties: 995 authzURL: 996 description: AuthzURL is the URL to the ACME Authorization resource 997 that this challenge is a part of. 998 type: string 999 config: 1000 description: Config specifies the solver configuration for this 1001 challenge. 1002 type: object 1003 dnsName: 1004 description: DNSName is the identifier that this challenge is 1005 for, e.g. example.com. 1006 type: string 1007 issuerRef: 1008 description: IssuerRef references a properly configured ACME-type 1009 Issuer which should be used to create this Challenge. If the 1010 Issuer does not exist, processing will be retried. If the Issuer 1011 is not an 'ACME' Issuer, an error will be returned and the Challenge 1012 will be marked as failed. 1013 properties: 1014 kind: 1015 type: string 1016 name: 1017 type: string 1018 required: 1019 - name 1020 type: object 1021 key: 1022 description: Key is the ACME challenge key for this challenge 1023 type: string 1024 token: 1025 description: Token is the ACME challenge token for this challenge. 1026 type: string 1027 type: 1028 description: Type is the type of ACME challenge this resource 1029 represents, e.g. "dns01" or "http01" 1030 type: string 1031 url: 1032 description: URL is the URL of the ACME Challenge resource for 1033 this challenge. This can be used to lookup details about the 1034 status of this challenge. 1035 type: string 1036 wildcard: 1037 description: Wildcard will be true if this challenge is for a 1038 wildcard identifier, for example '*.example.com' 1039 type: boolean 1040 required: 1041 - authzURL 1042 - type 1043 - url 1044 - dnsName 1045 - token 1046 - key 1047 - wildcard 1048 - config 1049 - issuerRef 1050 type: object 1051 type: array 1052 failureTime: 1053 description: FailureTime stores the time that this order failed. This 1054 is used to influence garbage collection and back-off. 1055 format: date-time 1056 type: string 1057 finalizeURL: 1058 description: FinalizeURL of the Order. This is used to obtain certificates 1059 for this order once it has been completed. 1060 type: string 1061 reason: 1062 description: Reason optionally provides more information about a why 1063 the order is in the current state. 1064 type: string 1065 state: 1066 description: State contains the current state of this Order resource. 1067 States 'success' and 'expired' are 'final' 1068 enum: 1069 - "" 1070 - valid 1071 - ready 1072 - pending 1073 - processing 1074 - invalid 1075 - expired 1076 - errored 1077 type: string 1078 url: 1079 description: URL of the Order. This will initially be empty when the 1080 resource is first created. The Order controller will populate this 1081 field when the Order is first processed. This field will be immutable 1082 after it is initially set. 1083 type: string 1084 type: object 1085 required: 1086 - metadata 1087 - spec 1088 - status 1089 version: v1alpha1 1090 status: 1091 acceptedNames: 1092 kind: "" 1093 plural: "" 1094 conditions: [] 1095 storedVersions: []