1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: alpha
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com
13spec:
14 group: certificatemanager.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: CertificateManagerCertificate
19 plural: certificatemanagercertificates
20 shortNames:
21 - gcpcertificatemanagercertificate
22 - gcpcertificatemanagercertificates
23 singular: certificatemanagercertificate
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1alpha1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 description:
62 description: A human-readable description of the resource.
63 type: string
64 location:
65 description: The Certificate Manager location. If not specified, "global"
66 is used.
67 type: string
68 managed:
69 description: |-
70 Immutable. Configuration and state of a Managed Certificate.
71 Certificate Manager provisions and renews Managed Certificates
72 automatically, for as long as it's authorized to do so.
73 properties:
74 authorizationAttemptInfo:
75 description: |-
76 Detailed state of the latest authorization attempt for each domain
77 specified for this Managed Certificate.
78 items:
79 properties:
80 details:
81 description: |-
82 Human readable explanation for reaching the state. Provided to help
83 address the configuration issues.
84 Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
85 type: string
86 domain:
87 description: Domain name of the authorization attempt.
88 type: string
89 failureReason:
90 description: Reason for failure of the authorization attempt
91 for the domain.
92 type: string
93 state:
94 description: State of the domain for managed certificate
95 issuance.
96 type: string
97 type: object
98 type: array
99 dnsAuthorizations:
100 description: Immutable. Authorizations that will be used for performing
101 domain authorization.
102 items:
103 type: string
104 type: array
105 domains:
106 description: |-
107 Immutable. The domains for which a managed SSL certificate will be generated.
108 Wildcard domains are only supported with DNS challenge resolution.
109 items:
110 type: string
111 type: array
112 provisioningIssue:
113 description: Information about issues with provisioning this Managed
114 Certificate.
115 items:
116 properties:
117 details:
118 description: |-
119 Human readable explanation about the issue. Provided to help address
120 the configuration issues.
121 Not guaranteed to be stable. For programmatic access use 'reason' field.
122 type: string
123 reason:
124 description: Reason for provisioning failures.
125 type: string
126 type: object
127 type: array
128 state:
129 description: A state of this Managed Certificate.
130 type: string
131 type: object
132 projectRef:
133 description: The project that this resource belongs to.
134 oneOf:
135 - not:
136 required:
137 - external
138 required:
139 - name
140 - not:
141 anyOf:
142 - required:
143 - name
144 - required:
145 - namespace
146 required:
147 - external
148 properties:
149 external:
150 description: 'Allowed value: The `name` field of a `Project` resource.'
151 type: string
152 name:
153 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
154 type: string
155 namespace:
156 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
157 type: string
158 type: object
159 resourceID:
160 description: Immutable. Optional. The name of the resource. Used for
161 creation and acquisition. When unset, the value of `metadata.name`
162 is used as the default.
163 type: string
164 scope:
165 description: |-
166 Immutable. The scope of the certificate.
167
168 DEFAULT: Certificates with default scope are served from core Google data centers.
169 If unsure, choose this option.
170
171 EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,
172 served from non-core Google data centers.
173 Currently allowed only for managed certificates.
174 type: string
175 selfManaged:
176 description: |-
177 Immutable. Certificate data for a SelfManaged Certificate.
178 SelfManaged Certificates are uploaded by the user. Updating such
179 certificates before they expire remains the user's responsibility.
180 properties:
181 certificatePem:
182 description: |-
183 DEPRECATED. Deprecated in favor of `pem_certificate`. Immutable. **Deprecated** The certificate chain in PEM-encoded form.
184
185 Leaf certificate comes first, followed by intermediate ones if any.
186 oneOf:
187 - not:
188 required:
189 - valueFrom
190 required:
191 - value
192 - not:
193 required:
194 - value
195 required:
196 - valueFrom
197 properties:
198 value:
199 description: Value of the field. Cannot be used if 'valueFrom'
200 is specified.
201 type: string
202 valueFrom:
203 description: Source for the field's value. Cannot be used
204 if 'value' is specified.
205 properties:
206 secretKeyRef:
207 description: Reference to a value with the given key in
208 the given Secret in the resource's namespace.
209 properties:
210 key:
211 description: Key that identifies the value to be extracted.
212 type: string
213 name:
214 description: Name of the Secret to extract a value
215 from.
216 type: string
217 required:
218 - name
219 - key
220 type: object
221 type: object
222 type: object
223 pemCertificate:
224 description: |-
225 Immutable. The certificate chain in PEM-encoded form.
226
227 Leaf certificate comes first, followed by intermediate ones if any.
228 type: string
229 pemPrivateKey:
230 description: Immutable. The private key of the leaf certificate
231 in PEM-encoded form.
232 oneOf:
233 - not:
234 required:
235 - valueFrom
236 required:
237 - value
238 - not:
239 required:
240 - value
241 required:
242 - valueFrom
243 properties:
244 value:
245 description: Value of the field. Cannot be used if 'valueFrom'
246 is specified.
247 type: string
248 valueFrom:
249 description: Source for the field's value. Cannot be used
250 if 'value' is specified.
251 properties:
252 secretKeyRef:
253 description: Reference to a value with the given key in
254 the given Secret in the resource's namespace.
255 properties:
256 key:
257 description: Key that identifies the value to be extracted.
258 type: string
259 name:
260 description: Name of the Secret to extract a value
261 from.
262 type: string
263 required:
264 - name
265 - key
266 type: object
267 type: object
268 type: object
269 privateKeyPem:
270 description: DEPRECATED. Deprecated in favor of `pem_private_key`.
271 Immutable. **Deprecated** The private key of the leaf certificate
272 in PEM-encoded form.
273 oneOf:
274 - not:
275 required:
276 - valueFrom
277 required:
278 - value
279 - not:
280 required:
281 - value
282 required:
283 - valueFrom
284 properties:
285 value:
286 description: Value of the field. Cannot be used if 'valueFrom'
287 is specified.
288 type: string
289 valueFrom:
290 description: Source for the field's value. Cannot be used
291 if 'value' is specified.
292 properties:
293 secretKeyRef:
294 description: Reference to a value with the given key in
295 the given Secret in the resource's namespace.
296 properties:
297 key:
298 description: Key that identifies the value to be extracted.
299 type: string
300 name:
301 description: Name of the Secret to extract a value
302 from.
303 type: string
304 required:
305 - name
306 - key
307 type: object
308 type: object
309 type: object
310 type: object
311 required:
312 - projectRef
313 type: object
314 status:
315 properties:
316 conditions:
317 description: Conditions represent the latest available observation
318 of the resource's current state.
319 items:
320 properties:
321 lastTransitionTime:
322 description: Last time the condition transitioned from one status
323 to another.
324 type: string
325 message:
326 description: Human-readable message indicating details about
327 last transition.
328 type: string
329 reason:
330 description: Unique, one-word, CamelCase reason for the condition's
331 last transition.
332 type: string
333 status:
334 description: Status is the status of the condition. Can be True,
335 False, Unknown.
336 type: string
337 type:
338 description: Type is the type of the condition.
339 type: string
340 type: object
341 type: array
342 observedGeneration:
343 description: ObservedGeneration is the generation of the resource
344 that was most recently observed by the Config Connector controller.
345 If this is equal to metadata.generation, then that means that the
346 current reported status reflects the most recent desired state of
347 the resource.
348 type: integer
349 type: object
350 required:
351 - spec
352 type: object
353 served: true
354 storage: true
355 subresources:
356 status: {}
357status:
358 acceptedNames:
359 kind: ""
360 plural: ""
361 conditions: []
362 storedVersions: []
View as plain text