github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/package-examples/cert-manager-basic/crds/customresourcedefinition-certificaterequests-cert-manager-io.yaml (about) 1 # Source: cert-manager/templates/crd-templates.yaml 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 name: certificaterequests.cert-manager.io 6 labels: 7 app: 'cert-manager' 8 app.kubernetes.io/name: 'cert-manager' 9 app.kubernetes.io/instance: 'cert-manager' 10 # Generated labels 11 app.kubernetes.io/version: "v1.8.2" 12 spec: 13 group: cert-manager.io 14 names: 15 kind: CertificateRequest 16 listKind: CertificateRequestList 17 plural: certificaterequests 18 shortNames: 19 - cr 20 - crs 21 singular: certificaterequest 22 categories: 23 - cert-manager 24 scope: Namespaced 25 versions: 26 - name: v1 27 subresources: 28 status: {} 29 additionalPrinterColumns: 30 - jsonPath: .status.conditions[?(@.type=="Approved")].status 31 name: Approved 32 type: string 33 - jsonPath: .status.conditions[?(@.type=="Denied")].status 34 name: Denied 35 type: string 36 - jsonPath: .status.conditions[?(@.type=="Ready")].status 37 name: Ready 38 type: string 39 - jsonPath: .spec.issuerRef.name 40 name: Issuer 41 type: string 42 - jsonPath: .spec.username 43 name: Requestor 44 type: string 45 - jsonPath: .status.conditions[?(@.type=="Ready")].message 46 name: Status 47 priority: 1 48 type: string 49 - jsonPath: .metadata.creationTimestamp 50 description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 51 name: Age 52 type: date 53 schema: 54 openAPIV3Schema: 55 description: "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used." 56 type: object 57 required: 58 - spec 59 properties: 60 apiVersion: 61 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 62 type: string 63 kind: 64 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 65 type: string 66 metadata: 67 type: object 68 spec: 69 description: Desired state of the CertificateRequest resource. 70 type: object 71 required: 72 - issuerRef 73 - request 74 properties: 75 duration: 76 description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. 77 type: string 78 extra: 79 description: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. 80 type: object 81 additionalProperties: 82 type: array 83 items: 84 type: string 85 groups: 86 description: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. 87 type: array 88 items: 89 type: string 90 x-kubernetes-list-type: atomic 91 isCA: 92 description: IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`. 93 type: boolean 94 issuerRef: 95 description: IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty. 96 type: object 97 required: 98 - name 99 properties: 100 group: 101 description: Group of the resource being referred to. 102 type: string 103 kind: 104 description: Kind of the resource being referred to. 105 type: string 106 name: 107 description: Name of the resource being referred to. 108 type: string 109 request: 110 description: The PEM-encoded x509 certificate signing request to be submitted to the CA for signing. 111 type: string 112 format: byte 113 uid: 114 description: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. 115 type: string 116 usages: 117 description: Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified. 118 type: array 119 items: 120 description: 'KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"' 121 type: string 122 enum: 123 - signing 124 - digital signature 125 - content commitment 126 - key encipherment 127 - key agreement 128 - data encipherment 129 - cert sign 130 - crl sign 131 - encipher only 132 - decipher only 133 - any 134 - server auth 135 - client auth 136 - code signing 137 - email protection 138 - s/mime 139 - ipsec end system 140 - ipsec tunnel 141 - ipsec user 142 - timestamping 143 - ocsp signing 144 - microsoft sgc 145 - netscape sgc 146 username: 147 description: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. 148 type: string 149 status: 150 description: Status of the CertificateRequest. This is set and managed automatically. 151 type: object 152 properties: 153 ca: 154 description: The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. 155 type: string 156 format: byte 157 certificate: 158 description: The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. 159 type: string 160 format: byte 161 conditions: 162 description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. 163 type: array 164 items: 165 description: CertificateRequestCondition contains condition information for a CertificateRequest. 166 type: object 167 required: 168 - status 169 - type 170 properties: 171 lastTransitionTime: 172 description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. 173 type: string 174 format: date-time 175 message: 176 description: Message is a human readable description of the details of the last transition, complementing reason. 177 type: string 178 reason: 179 description: Reason is a brief machine readable explanation for the condition's last transition. 180 type: string 181 status: 182 description: Status of the condition, one of (`True`, `False`, `Unknown`). 183 type: string 184 enum: 185 - "True" 186 - "False" 187 - Unknown 188 type: 189 description: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). 190 type: string 191 x-kubernetes-list-map-keys: 192 - type 193 x-kubernetes-list-type: map 194 failureTime: 195 description: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. 196 type: string 197 format: date-time 198 served: true 199 storage: true 200