You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/11/12 14:19:48 UTC
[incubator-dlab] branch DLAB-1158 updated: fixed issue with chart
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new e98af0a fixed issue with chart
e98af0a is described below
commit e98af0a5a9a025da591cb42b83ff79a77a618a98
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Tue Nov 12 16:19:33 2019 +0200
fixed issue with chart
---
.../helm_charts/cert-manager-crd-chart/.helmignore | 43 +
.../helm_charts/cert-manager-crd-chart/Chart.yaml | 26 +
.../cert-manager-crd-chart/templates/NOTES.txt | 27 +
.../cert-manager-crd-chart/templates/_helpers.tpl | 65 +
.../cert-manager-crd-chart/templates/crd.yaml | 1449 ++++++++++++++++++++
.../helm_charts/cert-manager-crd-chart/values.yaml | 26 +
6 files changed, 1636 insertions(+)
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/.helmignore b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/.helmignore
new file mode 100644
index 0000000..4976779
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/.helmignore
@@ -0,0 +1,43 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/Chart.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/Chart.yaml
new file mode 100644
index 0000000..039e6d0
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/Chart.yaml
@@ -0,0 +1,26 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: cert-manager-crd
+version: 0.1.0
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/NOTES.txt b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/NOTES.txt
new file mode 100644
index 0000000..58e9f20
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/NOTES.txt
@@ -0,0 +1,27 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+ $ helm status {{ .Release.Name }}
+ $ helm get {{ .Release.Name }}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/_helpers.tpl b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/_helpers.tpl
new file mode 100644
index 0000000..b5ada58
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/_helpers.tpl
@@ -0,0 +1,65 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cert-manager-crd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cert-manager-crd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cert-manager-crd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "cert-manager-crd.labels" -}}
+app.kubernetes.io/name: {{ include "cert-manager-crd.name" . }}
+helm.sh/chart: {{ include "cert-manager-crd.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/crd.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/crd.yaml
new file mode 100644
index 0000000..c2d6a4c
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/templates/crd.yaml
@@ -0,0 +1,1449 @@
+{{- /*
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+*/ -}}
+
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: certificates.certmanager.k8s.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - JSONPath: .spec.secretName
+ name: Secret
+ type: string
+ - JSONPath: .spec.issuerRef.name
+ name: Issuer
+ priority: 1
+ type: string
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ priority: 1
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when
+ this object was created. It is not guaranteed to be set in happens-before order
+ across separate operations. Clients may not set this value. It is represented
+ in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ group: certmanager.k8s.io
+ names:
+ kind: Certificate
+ plural: certificates
+ shortNames:
+ - cert
+ - certs
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ acme:
+ description: ACME contains configuration specific to ACME Certificates.
+ Notably, this contains details on how the domain names listed on this
+ Certificate resource should be 'solved', i.e. mapping HTTP01 and DNS01
+ providers to DNS names.
+ properties:
+ config:
+ items:
+ properties:
+ domains:
+ description: Domains is the list of domains that this SolverConfig
+ applies to.
+ items:
+ type: string
+ type: array
+ required:
+ - domains
+ type: object
+ type: array
+ required:
+ - config
+ type: object
+ commonName:
+ description: CommonName is a common name to be used on the Certificate.
+ If no CommonName is given, then the first entry in DNSNames is used
+ as the CommonName. The CommonName should have a length of 64 characters
+ or fewer to avoid generating invalid CSRs; in order to have longer
+ domain names, set the CommonName (or first DNSNames entry) to have
+ 64 characters or fewer, and then add the longer domain name to DNSNames.
+ type: string
+ dnsNames:
+ description: DNSNames is a list of subject alt names to be used on the
+ Certificate. If no CommonName is given, then the first entry in DNSNames
+ is used as the CommonName and must have a length of 64 characters
+ or fewer.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Certificate default Duration
+ type: string
+ ipAddresses:
+ description: IPAddresses is a list of IP addresses to be used on the
+ Certificate
+ items:
+ type: string
+ type: array
+ isCA:
+ description: IsCA will mark this Certificate as valid for signing. This
+ implies that the 'signing' usage is set
+ type: boolean
+ issuerRef:
+ description: IssuerRef is a reference to the issuer for this certificate.
+ If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ with the given name in the same namespace as the Certificate will
+ be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
+ with the provided name will be used. The 'name' field in this stanza
+ is required at all times.
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ keyAlgorithm:
+ description: KeyAlgorithm is the private key algorithm of the corresponding
+ private key for this certificate. If provided, allowed values are
+ either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize is
+ not provided, key size of 256 will be used for "ecdsa" key algorithm
+ and key size of 2048 will be used for "rsa" key algorithm.
+ enum:
+ - rsa
+ - ecdsa
+ type: string
+ keyEncoding:
+ description: KeyEncoding is the private key cryptography standards (PKCS)
+ for this certificate's private key to be encoded in. If provided,
+ allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8,
+ respectively. If KeyEncoding is not specified, then PKCS#1 will be
+ used by default.
+ type: string
+ keySize:
+ description: KeySize is the key bit size of the corresponding private
+ key for this certificate. If provided, value must be between 2048
+ and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa",
+ and value must be one of (256, 384, 521) when KeyAlgorithm is set
+ to "ecdsa".
+ format: int64
+ type: integer
+ organization:
+ description: Organization is the organization to be used on the Certificate
+ items:
+ type: string
+ type: array
+ renewBefore:
+ description: Certificate renew before expiration duration
+ type: string
+ secretName:
+ description: SecretName is the name of the secret resource to store
+ this secret in
+ type: string
+ required:
+ - secretName
+ - issuerRef
+ type: object
+ status:
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
+ type: string
+ message:
+ description: Message is a human readable description of the details
+ of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for
+ the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: Type of the condition, currently ('Ready').
+ type: string
+ required:
+ - type
+ - status
+ type: object
+ type: array
+ lastFailureTime:
+ format: date-time
+ type: string
+ notAfter:
+ description: The expiration time of the certificate stored in the secret
+ named by this resource in spec.secretName.
+ format: date-time
+ type: string
+ type: object
+ version: v1alpha1
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: certificaterequests.certmanager.k8s.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - JSONPath: .spec.issuerRef.name
+ name: Issuer
+ priority: 1
+ type: string
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ priority: 1
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when
+ this object was created. It is not guaranteed to be set in happens-before order
+ across separate operations. Clients may not set this value. It is represented
+ in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ group: certmanager.k8s.io
+ names:
+ kind: CertificateRequest
+ plural: certificaterequests
+ shortNames:
+ - cr
+ - crs
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ csr:
+ description: Byte slice containing the PEM encoded CertificateSigningRequest
+ format: byte
+ type: string
+ duration:
+ description: Requested certificate default Duration
+ type: string
+ isCA:
+ description: IsCA will mark the resulting certificate as valid for signing.
+ This implies that the 'signing' usage is set
+ type: boolean
+ issuerRef:
+ description: IssuerRef is a reference to the issuer for this CertificateRequest. If
+ the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ with the given name in the same namespace as the CertificateRequest
+ will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
+ with the provided name will be used. The 'name' field in this stanza
+ is required at all times. The group field refers to the API group
+ of the issuer which defaults to 'certmanager.k8s.io' if empty.
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - issuerRef
+ type: object
+ status:
+ properties:
+ ca:
+ description: Byte slice containing the PEM encoded certificate authority
+ of the signed certificate.
+ format: byte
+ type: string
+ certificate:
+ description: Byte slice containing a PEM encoded signed certificate
+ resulting from the given certificate signing request.
+ format: byte
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
+ type: string
+ message:
+ description: Message is a human readable description of the details
+ of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for
+ the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: Type of the condition, currently ('Ready').
+ type: string
+ required:
+ - type
+ - status
+ type: object
+ type: array
+ type: object
+ version: v1alpha1
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: challenges.certmanager.k8s.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.state
+ name: State
+ type: string
+ - JSONPath: .spec.dnsName
+ name: Domain
+ type: string
+ - JSONPath: .status.reason
+ name: Reason
+ priority: 1
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when
+ this object was created. It is not guaranteed to be set in happens-before order
+ across separate operations. Clients may not set this value. It is represented
+ in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ group: certmanager.k8s.io
+ names:
+ kind: Challenge
+ plural: challenges
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ authzURL:
+ description: AuthzURL is the URL to the ACME Authorization resource
+ that this challenge is a part of.
+ type: string
+ config:
+ description: 'Config specifies the solver configuration for this challenge.
+ Only **one** of ''config'' or ''solver'' may be specified, and if
+ both are specified then no action will be performed on the Challenge
+ resource. DEPRECATED: the ''solver'' field should be specified instead'
+ type: object
+ dnsName:
+ description: DNSName is the identifier that this challenge is for, e.g.
+ example.com.
+ type: string
+ issuerRef:
+ description: IssuerRef references a properly configured ACME-type Issuer
+ which should be used to create this Challenge. If the Issuer does
+ not exist, processing will be retried. If the Issuer is not an 'ACME'
+ Issuer, an error will be returned and the Challenge will be marked
+ as failed.
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ key:
+ description: Key is the ACME challenge key for this challenge
+ type: string
+ solver:
+ description: Solver contains the domain solving configuration that should
+ be used to solve this challenge resource. Only **one** of 'config'
+ or 'solver' may be specified, and if both are specified then no action
+ will be performed on the Challenge resource.
+ properties:
+ selector:
+ description: Selector selects a set of DNSNames on the Certificate
+ resource that should be solved using this challenge solver.
+ properties:
+ dnsNames:
+ description: List of DNSNames that this solver will be used
+ to solve. If specified and a match is found, a dnsNames selector
+ will take precedence over a dnsZones selector. If multiple
+ solvers match with the same dnsNames value, the solver with
+ the most matching labels in matchLabels will be selected.
+ If neither has more matches, the solver defined earlier in
+ the list will be selected.
+ items:
+ type: string
+ type: array
+ dnsZones:
+ description: List of DNSZones that this solver will be used
+ to solve. The most specific DNS zone match specified here
+ will take precedence over other DNS zone matches, so a solver
+ specifying sys.example.com will be selected over one specifying
+ example.com for the domain www.sys.example.com. If multiple
+ solvers match with the same dnsZones value, the solver with
+ the most matching labels in matchLabels will be selected.
+ If neither has more matches, the solver defined earlier in
+ the list will be selected.
+ items:
+ type: string
+ type: array
+ matchLabels:
+ description: A label selector that is used to refine the set
+ of certificate's that this challenge solver will apply to.
+ type: object
+ type: object
+ type: object
+ token:
+ description: Token is the ACME challenge token for this challenge.
+ type: string
+ type:
+ description: Type is the type of ACME challenge this resource represents,
+ e.g. "dns01" or "http01"
+ type: string
+ url:
+ description: URL is the URL of the ACME Challenge resource for this
+ challenge. This can be used to lookup details about the status of
+ this challenge.
+ type: string
+ wildcard:
+ description: Wildcard will be true if this challenge is for a wildcard
+ identifier, for example '*.example.com'
+ type: boolean
+ required:
+ - authzURL
+ - type
+ - url
+ - dnsName
+ - token
+ - key
+ - wildcard
+ - issuerRef
+ type: object
+ status:
+ properties:
+ presented:
+ description: Presented will be set to true if the challenge values for
+ this challenge are currently 'presented'. This *does not* imply the
+ self check is passing. Only that the values have been 'submitted'
+ for the appropriate challenge mechanism (i.e. the DNS01 TXT record
+ has been presented, or the HTTP01 configuration has been configured).
+ type: boolean
+ processing:
+ description: Processing is used to denote whether this challenge should
+ be processed or not. This field will only be set to true by the 'scheduling'
+ component. It will only be set to false by the 'challenges' controller,
+ after the challenge has reached a final state or timed out. If this
+ field is set to false, the challenge controller will not take any
+ more action.
+ type: boolean
+ reason:
+ description: Reason contains human readable information on why the Challenge
+ is in the current state.
+ type: string
+ state:
+ description: State contains the current 'state' of the challenge. If
+ not set, the state of the challenge is unknown.
+ enum:
+ - ""
+ - valid
+ - ready
+ - pending
+ - processing
+ - invalid
+ - expired
+ - errored
+ type: string
+ required:
+ - processing
+ - presented
+ - reason
+ type: object
+ required:
+ - metadata
+ - spec
+ - status
+ version: v1alpha1
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: clusterissuers.certmanager.k8s.io
+spec:
+ group: certmanager.k8s.io
+ names:
+ kind: ClusterIssuer
+ plural: clusterissuers
+ scope: Cluster
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ acme:
+ properties:
+ email:
+ description: Email is the email for this account
+ type: string
+ privateKeySecretRef:
+ description: PrivateKey is the name of a secret containing the private
+ key for this user account.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ server:
+ description: Server is the ACME server URL
+ type: string
+ skipTLSVerify:
+ description: If true, skip verifying the ACME server TLS certificate
+ type: boolean
+ solvers:
+ description: Solvers is a list of challenge solvers that will be
+ used to solve ACME challenges for the matching domains.
+ items:
+ properties:
+ selector:
+ description: Selector selects a set of DNSNames on the Certificate
+ resource that should be solved using this challenge solver.
+ properties:
+ dnsNames:
+ description: List of DNSNames that this solver will be
+ used to solve. If specified and a match is found, a
+ dnsNames selector will take precedence over a dnsZones
+ selector. If multiple solvers match with the same dnsNames
+ value, the solver with the most matching labels in matchLabels
+ will be selected. If neither has more matches, the solver
+ defined earlier in the list will be selected.
+ items:
+ type: string
+ type: array
+ dnsZones:
+ description: List of DNSZones that this solver will be
+ used to solve. The most specific DNS zone match specified
+ here will take precedence over other DNS zone matches,
+ so a solver specifying sys.example.com will be selected
+ over one specifying example.com for the domain www.sys.example.com.
+ If multiple solvers match with the same dnsZones value,
+ the solver with the most matching labels in matchLabels
+ will be selected. If neither has more matches, the solver
+ defined earlier in the list will be selected.
+ items:
+ type: string
+ type: array
+ matchLabels:
+ description: A label selector that is used to refine the
+ set of certificate's that this challenge solver will
+ apply to.
+ type: object
+ type: object
+ type: object
+ type: array
+ required:
+ - server
+ - privateKeySecretRef
+ type: object
+ ca:
+ properties:
+ secretName:
+ description: SecretName is the name of the secret used to sign Certificates
+ issued by this Issuer.
+ type: string
+ required:
+ - secretName
+ type: object
+ selfSigned:
+ type: object
+ vault:
+ properties:
+ auth:
+ description: Vault authentication
+ properties:
+ appRole:
+ description: This Secret contains a AppRole and Secret
+ properties:
+ path:
+ description: Where the authentication path is mounted in
+ Vault.
+ type: string
+ roleId:
+ type: string
+ secretRef:
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - path
+ - roleId
+ - secretRef
+ type: object
+ tokenSecretRef:
+ description: This Secret contains the Vault token key
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ caBundle:
+ description: Base64 encoded CA bundle to validate Vault server certificate.
+ Only used if the Server URL is using HTTPS protocol. This parameter
+ is ignored for plain HTTP protocol connection. If not set the
+ system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ path:
+ description: Vault URL path to the certificate role
+ type: string
+ server:
+ description: Server is the vault connection address
+ type: string
+ required:
+ - auth
+ - server
+ - path
+ type: object
+ venafi:
+ properties:
+ cloud:
+ description: Cloud specifies the Venafi cloud configuration settings.
+ Only one of TPP or Cloud may be specified.
+ properties:
+ apiTokenSecretRef:
+ description: APITokenSecretRef is a secret key selector for
+ the Venafi Cloud API token.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ url:
+ description: URL is the base URL for Venafi Cloud
+ type: string
+ required:
+ - url
+ - apiTokenSecretRef
+ type: object
+ tpp:
+ description: TPP specifies Trust Protection Platform configuration
+ settings. Only one of TPP or Cloud may be specified.
+ properties:
+ caBundle:
+ description: CABundle is a PEM encoded TLS certifiate to use
+ to verify connections to the TPP instance. If specified, system
+ roots will not be used and the issuing CA for the TPP instance
+ must be verifiable using the provided root. If not specified,
+ the connection will be verified using the cert-manager system
+ root certificates.
+ format: byte
+ type: string
+ credentialsRef:
+ description: CredentialsRef is a reference to a Secret containing
+ the username and password for the TPP server. The secret must
+ contain two keys, 'username' and 'password'.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ url:
+ description: URL is the base URL for the Venafi TPP instance
+ type: string
+ required:
+ - url
+ - credentialsRef
+ type: object
+ zone:
+ description: Zone is the Venafi Policy Zone to use for this issuer.
+ All requests made to the Venafi platform will be restricted by
+ the named zone policy. This field is required.
+ type: string
+ required:
+ - zone
+ type: object
+ type: object
+ status:
+ properties:
+ acme:
+ properties:
+ lastRegisteredEmail:
+ description: LastRegisteredEmail is the email associated with the
+ latest registered ACME account, in order to track changes made
+ to registered account associated with the Issuer
+ type: string
+ uri:
+ description: URI is the unique account identifier, which can also
+ be used to retrieve account details from the CA
+ type: string
+ type: object
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
+ type: string
+ message:
+ description: Message is a human readable description of the details
+ of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for
+ the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: Type of the condition, currently ('Ready').
+ type: string
+ required:
+ - type
+ - status
+ type: object
+ type: array
+ type: object
+ version: v1alpha1
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: issuers.certmanager.k8s.io
+spec:
+ group: certmanager.k8s.io
+ names:
+ kind: Issuer
+ plural: issuers
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ acme:
+ properties:
+ email:
+ description: Email is the email for this account
+ type: string
+ privateKeySecretRef:
+ description: PrivateKey is the name of a secret containing the private
+ key for this user account.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ server:
+ description: Server is the ACME server URL
+ type: string
+ skipTLSVerify:
+ description: If true, skip verifying the ACME server TLS certificate
+ type: boolean
+ solvers:
+ description: Solvers is a list of challenge solvers that will be
+ used to solve ACME challenges for the matching domains.
+ items:
+ properties:
+ selector:
+ description: Selector selects a set of DNSNames on the Certificate
+ resource that should be solved using this challenge solver.
+ properties:
+ dnsNames:
+ description: List of DNSNames that this solver will be
+ used to solve. If specified and a match is found, a
+ dnsNames selector will take precedence over a dnsZones
+ selector. If multiple solvers match with the same dnsNames
+ value, the solver with the most matching labels in matchLabels
+ will be selected. If neither has more matches, the solver
+ defined earlier in the list will be selected.
+ items:
+ type: string
+ type: array
+ dnsZones:
+ description: List of DNSZones that this solver will be
+ used to solve. The most specific DNS zone match specified
+ here will take precedence over other DNS zone matches,
+ so a solver specifying sys.example.com will be selected
+ over one specifying example.com for the domain www.sys.example.com.
+ If multiple solvers match with the same dnsZones value,
+ the solver with the most matching labels in matchLabels
+ will be selected. If neither has more matches, the solver
+ defined earlier in the list will be selected.
+ items:
+ type: string
+ type: array
+ matchLabels:
+ description: A label selector that is used to refine the
+ set of certificate's that this challenge solver will
+ apply to.
+ type: object
+ type: object
+ type: object
+ type: array
+ required:
+ - server
+ - privateKeySecretRef
+ type: object
+ ca:
+ properties:
+ secretName:
+ description: SecretName is the name of the secret used to sign Certificates
+ issued by this Issuer.
+ type: string
+ required:
+ - secretName
+ type: object
+ selfSigned:
+ type: object
+ vault:
+ properties:
+ auth:
+ description: Vault authentication
+ properties:
+ appRole:
+ description: This Secret contains a AppRole and Secret
+ properties:
+ path:
+ description: Where the authentication path is mounted in
+ Vault.
+ type: string
+ roleId:
+ type: string
+ secretRef:
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - path
+ - roleId
+ - secretRef
+ type: object
+ tokenSecretRef:
+ description: This Secret contains the Vault token key
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ caBundle:
+ description: Base64 encoded CA bundle to validate Vault server certificate.
+ Only used if the Server URL is using HTTPS protocol. This parameter
+ is ignored for plain HTTP protocol connection. If not set the
+ system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ path:
+ description: Vault URL path to the certificate role
+ type: string
+ server:
+ description: Server is the vault connection address
+ type: string
+ required:
+ - auth
+ - server
+ - path
+ type: object
+ venafi:
+ properties:
+ cloud:
+ description: Cloud specifies the Venafi cloud configuration settings.
+ Only one of TPP or Cloud may be specified.
+ properties:
+ apiTokenSecretRef:
+ description: APITokenSecretRef is a secret key selector for
+ the Venafi Cloud API token.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ url:
+ description: URL is the base URL for Venafi Cloud
+ type: string
+ required:
+ - url
+ - apiTokenSecretRef
+ type: object
+ tpp:
+ description: TPP specifies Trust Protection Platform configuration
+ settings. Only one of TPP or Cloud may be specified.
+ properties:
+ caBundle:
+ description: CABundle is a PEM encoded TLS certifiate to use
+ to verify connections to the TPP instance. If specified, system
+ roots will not be used and the issuing CA for the TPP instance
+ must be verifiable using the provided root. If not specified,
+ the connection will be verified using the cert-manager system
+ root certificates.
+ format: byte
+ type: string
+ credentialsRef:
+ description: CredentialsRef is a reference to a Secret containing
+ the username and password for the TPP server. The secret must
+ contain two keys, 'username' and 'password'.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ required:
+ - name
+ type: object
+ url:
+ description: URL is the base URL for the Venafi TPP instance
+ type: string
+ required:
+ - url
+ - credentialsRef
+ type: object
+ zone:
+ description: Zone is the Venafi Policy Zone to use for this issuer.
+ All requests made to the Venafi platform will be restricted by
+ the named zone policy. This field is required.
+ type: string
+ required:
+ - zone
+ type: object
+ type: object
+ status:
+ properties:
+ acme:
+ properties:
+ lastRegisteredEmail:
+ description: LastRegisteredEmail is the email associated with the
+ latest registered ACME account, in order to track changes made
+ to registered account associated with the Issuer
+ type: string
+ uri:
+ description: URI is the unique account identifier, which can also
+ be used to retrieve account details from the CA
+ type: string
+ type: object
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
+ type: string
+ message:
+ description: Message is a human readable description of the details
+ of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for
+ the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: Type of the condition, currently ('Ready').
+ type: string
+ required:
+ - type
+ - status
+ type: object
+ type: array
+ type: object
+ version: v1alpha1
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: orders.certmanager.k8s.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.state
+ name: State
+ type: string
+ - JSONPath: .spec.issuerRef.name
+ name: Issuer
+ priority: 1
+ type: string
+ - JSONPath: .status.reason
+ name: Reason
+ priority: 1
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when
+ this object was created. It is not guaranteed to be set in happens-before order
+ across separate operations. Clients may not set this value. It is represented
+ in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ group: certmanager.k8s.io
+ names:
+ kind: Order
+ plural: orders
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ commonName:
+ description: CommonName is the common name as specified on the DER encoded
+ CSR. If CommonName is not specified, the first DNSName specified will
+ be used as the CommonName. At least one of CommonName or a DNSNames
+ must be set. This field must match the corresponding field on the
+ DER encoded CSR.
+ type: string
+ config:
+ description: 'Config specifies a mapping from DNS identifiers to how
+ those identifiers should be solved when performing ACME challenges.
+ A config entry must exist for each domain listed in DNSNames and CommonName.
+ Only **one** of ''config'' or ''solvers'' may be specified, and if
+ both are specified then no action will be performed on the Order resource. This
+ field will be removed when support for solver config specified on
+ the Certificate under certificate.spec.acme has been removed. DEPRECATED:
+ this field will be removed in future. Solver configuration must instead
+ be provided on ACME Issuer resources.'
+ items:
+ properties:
+ domains:
+ description: Domains is the list of domains that this SolverConfig
+ applies to.
+ items:
+ type: string
+ type: array
+ required:
+ - domains
+ type: object
+ type: array
+ csr:
+ description: Certificate signing request bytes in DER encoding. This
+ will be used when finalizing the order. This field must be set on
+ the order.
+ format: byte
+ type: string
+ dnsNames:
+ description: DNSNames is a list of DNS names that should be included
+ as part of the Order validation process. If CommonName is not specified,
+ the first DNSName specified will be used as the CommonName. At least
+ one of CommonName or a DNSNames must be set. This field must match
+ the corresponding field on the DER encoded CSR.
+ items:
+ type: string
+ type: array
+ issuerRef:
+ description: IssuerRef references a properly configured ACME-type Issuer
+ which should be used to create this Order. If the Issuer does not
+ exist, processing will be retried. If the Issuer is not an 'ACME'
+ Issuer, an error will be returned and the Order will be marked as
+ failed.
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - csr
+ - issuerRef
+ type: object
+ status:
+ properties:
+ certificate:
+ description: Certificate is a copy of the PEM encoded certificate for
+ this Order. This field will be populated after the order has been
+ successfully finalized with the ACME server, and the order has transitioned
+ to the 'valid' state.
+ format: byte
+ type: string
+ challenges:
+ description: Challenges is a list of ChallengeSpecs for Challenges that
+ must be created in order to complete this Order.
+ items:
+ properties:
+ authzURL:
+ description: AuthzURL is the URL to the ACME Authorization resource
+ that this challenge is a part of.
+ type: string
+ config:
+ description: 'Config specifies the solver configuration for this
+ challenge. Only **one** of ''config'' or ''solver'' may be specified,
+ and if both are specified then no action will be performed on
+ the Challenge resource. DEPRECATED: the ''solver'' field should
+ be specified instead'
+ type: object
+ dnsName:
+ description: DNSName is the identifier that this challenge is
+ for, e.g. example.com.
+ type: string
+ issuerRef:
+ description: IssuerRef references a properly configured ACME-type
+ Issuer which should be used to create this Challenge. If the
+ Issuer does not exist, processing will be retried. If the Issuer
+ is not an 'ACME' Issuer, an error will be returned and the Challenge
+ will be marked as failed.
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ key:
+ description: Key is the ACME challenge key for this challenge
+ type: string
+ solver:
+ description: Solver contains the domain solving configuration
+ that should be used to solve this challenge resource. Only **one**
+ of 'config' or 'solver' may be specified, and if both are specified
+ then no action will be performed on the Challenge resource.
+ properties:
+ selector:
+ description: Selector selects a set of DNSNames on the Certificate
+ resource that should be solved using this challenge solver.
+ properties:
+ dnsNames:
+ description: List of DNSNames that this solver will be
+ used to solve. If specified and a match is found, a
+ dnsNames selector will take precedence over a dnsZones
+ selector. If multiple solvers match with the same dnsNames
+ value, the solver with the most matching labels in matchLabels
+ will be selected. If neither has more matches, the solver
+ defined earlier in the list will be selected.
+ items:
+ type: string
+ type: array
+ dnsZones:
+ description: List of DNSZones that this solver will be
+ used to solve. The most specific DNS zone match specified
+ here will take precedence over other DNS zone matches,
+ so a solver specifying sys.example.com will be selected
+ over one specifying example.com for the domain www.sys.example.com.
+ If multiple solvers match with the same dnsZones value,
+ the solver with the most matching labels in matchLabels
+ will be selected. If neither has more matches, the solver
+ defined earlier in the list will be selected.
+ items:
+ type: string
+ type: array
+ matchLabels:
+ description: A label selector that is used to refine the
+ set of certificate's that this challenge solver will
+ apply to.
+ type: object
+ type: object
+ type: object
+ token:
+ description: Token is the ACME challenge token for this challenge.
+ type: string
+ type:
+ description: Type is the type of ACME challenge this resource
+ represents, e.g. "dns01" or "http01"
+ type: string
+ url:
+ description: URL is the URL of the ACME Challenge resource for
+ this challenge. This can be used to lookup details about the
+ status of this challenge.
+ type: string
+ wildcard:
+ description: Wildcard will be true if this challenge is for a
+ wildcard identifier, for example '*.example.com'
+ type: boolean
+ required:
+ - authzURL
+ - type
+ - url
+ - dnsName
+ - token
+ - key
+ - wildcard
+ - issuerRef
+ type: object
+ type: array
+ failureTime:
+ description: FailureTime stores the time that this order failed. This
+ is used to influence garbage collection and back-off.
+ format: date-time
+ type: string
+ finalizeURL:
+ description: FinalizeURL of the Order. This is used to obtain certificates
+ for this order once it has been completed.
+ type: string
+ reason:
+ description: Reason optionally provides more information about a why
+ the order is in the current state.
+ type: string
+ state:
+ description: State contains the current state of this Order resource.
+ States 'success' and 'expired' are 'final'
+ enum:
+ - ""
+ - valid
+ - ready
+ - pending
+ - processing
+ - invalid
+ - expired
+ - errored
+ type: string
+ url:
+ description: URL of the Order. This will initially be empty when the
+ resource is first created. The Order controller will populate this
+ field when the Order is first processed. This field will be immutable
+ after it is initially set.
+ type: string
+ type: object
+ required:
+ - metadata
+ - spec
+ - status
+ version: v1alpha1
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/values.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/values.yaml
new file mode 100644
index 0000000..0c6d2cf
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager-crd-chart/values.yaml
@@ -0,0 +1,26 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+replicaCount: 1
+
+ingress:
+ enabled: false
+labels: {}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org