1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com
27spec:
28 group: certificatemanager.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: CertificateManagerCertificate
33 plural: certificatemanagercertificates
34 shortNames:
35 - gcpcertificatemanagercertificate
36 - gcpcertificatemanagercertificates
37 singular: certificatemanagercertificate
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 description:
75 description: A human-readable description of the resource.
76 type: string
77 location:
78 description: The Certificate Manager location. If not specified, "global"
79 is used.
80 type: string
81 managed:
82 description: |-
83 Immutable. Configuration and state of a Managed Certificate.
84 Certificate Manager provisions and renews Managed Certificates
85 automatically, for as long as it's authorized to do so.
86 properties:
87 authorizationAttemptInfo:
88 description: |-
89 Detailed state of the latest authorization attempt for each domain
90 specified for this Managed Certificate.
91 items:
92 properties:
93 details:
94 description: |-
95 Human readable explanation for reaching the state. Provided to help
96 address the configuration issues.
97 Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
98 type: string
99 domain:
100 description: Domain name of the authorization attempt.
101 type: string
102 failureReason:
103 description: Reason for failure of the authorization attempt
104 for the domain.
105 type: string
106 state:
107 description: State of the domain for managed certificate
108 issuance.
109 type: string
110 type: object
111 type: array
112 dnsAuthorizations:
113 description: Immutable. Authorizations that will be used for performing
114 domain authorization.
115 items:
116 type: string
117 type: array
118 domains:
119 description: |-
120 Immutable. The domains for which a managed SSL certificate will be generated.
121 Wildcard domains are only supported with DNS challenge resolution.
122 items:
123 type: string
124 type: array
125 provisioningIssue:
126 description: Information about issues with provisioning this Managed
127 Certificate.
128 items:
129 properties:
130 details:
131 description: |-
132 Human readable explanation about the issue. Provided to help address
133 the configuration issues.
134 Not guaranteed to be stable. For programmatic access use 'reason' field.
135 type: string
136 reason:
137 description: Reason for provisioning failures.
138 type: string
139 type: object
140 type: array
141 state:
142 description: A state of this Managed Certificate.
143 type: string
144 type: object
145 projectRef:
146 description: The project that this resource belongs to.
147 oneOf:
148 - not:
149 required:
150 - external
151 required:
152 - name
153 - not:
154 anyOf:
155 - required:
156 - name
157 - required:
158 - namespace
159 required:
160 - external
161 properties:
162 external:
163 description: 'Allowed value: The `name` field of a `Project` resource.'
164 type: string
165 name:
166 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
167 type: string
168 namespace:
169 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
170 type: string
171 type: object
172 resourceID:
173 description: Immutable. Optional. The name of the resource. Used for
174 creation and acquisition. When unset, the value of `metadata.name`
175 is used as the default.
176 type: string
177 scope:
178 description: |-
179 Immutable. The scope of the certificate.
180
181 DEFAULT: Certificates with default scope are served from core Google data centers.
182 If unsure, choose this option.
183
184 EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,
185 served from non-core Google data centers.
186 Currently allowed only for managed certificates.
187 type: string
188 selfManaged:
189 description: |-
190 Immutable. Certificate data for a SelfManaged Certificate.
191 SelfManaged Certificates are uploaded by the user. Updating such
192 certificates before they expire remains the user's responsibility.
193 properties:
194 certificatePem:
195 description: |-
196 DEPRECATED. Deprecated in favor of `pem_certificate`. Immutable. **Deprecated** The certificate chain in PEM-encoded form.
197
198 Leaf certificate comes first, followed by intermediate ones if any.
199 oneOf:
200 - not:
201 required:
202 - valueFrom
203 required:
204 - value
205 - not:
206 required:
207 - value
208 required:
209 - valueFrom
210 properties:
211 value:
212 description: Value of the field. Cannot be used if 'valueFrom'
213 is specified.
214 type: string
215 valueFrom:
216 description: Source for the field's value. Cannot be used
217 if 'value' is specified.
218 properties:
219 secretKeyRef:
220 description: Reference to a value with the given key in
221 the given Secret in the resource's namespace.
222 properties:
223 key:
224 description: Key that identifies the value to be extracted.
225 type: string
226 name:
227 description: Name of the Secret to extract a value
228 from.
229 type: string
230 required:
231 - name
232 - key
233 type: object
234 type: object
235 type: object
236 pemCertificate:
237 description: |-
238 Immutable. The certificate chain in PEM-encoded form.
239
240 Leaf certificate comes first, followed by intermediate ones if any.
241 type: string
242 pemPrivateKey:
243 description: Immutable. The private key of the leaf certificate
244 in PEM-encoded form.
245 oneOf:
246 - not:
247 required:
248 - valueFrom
249 required:
250 - value
251 - not:
252 required:
253 - value
254 required:
255 - valueFrom
256 properties:
257 value:
258 description: Value of the field. Cannot be used if 'valueFrom'
259 is specified.
260 type: string
261 valueFrom:
262 description: Source for the field's value. Cannot be used
263 if 'value' is specified.
264 properties:
265 secretKeyRef:
266 description: Reference to a value with the given key in
267 the given Secret in the resource's namespace.
268 properties:
269 key:
270 description: Key that identifies the value to be extracted.
271 type: string
272 name:
273 description: Name of the Secret to extract a value
274 from.
275 type: string
276 required:
277 - name
278 - key
279 type: object
280 type: object
281 type: object
282 privateKeyPem:
283 description: DEPRECATED. Deprecated in favor of `pem_private_key`.
284 Immutable. **Deprecated** The private key of the leaf certificate
285 in PEM-encoded form.
286 oneOf:
287 - not:
288 required:
289 - valueFrom
290 required:
291 - value
292 - not:
293 required:
294 - value
295 required:
296 - valueFrom
297 properties:
298 value:
299 description: Value of the field. Cannot be used if 'valueFrom'
300 is specified.
301 type: string
302 valueFrom:
303 description: Source for the field's value. Cannot be used
304 if 'value' is specified.
305 properties:
306 secretKeyRef:
307 description: Reference to a value with the given key in
308 the given Secret in the resource's namespace.
309 properties:
310 key:
311 description: Key that identifies the value to be extracted.
312 type: string
313 name:
314 description: Name of the Secret to extract a value
315 from.
316 type: string
317 required:
318 - name
319 - key
320 type: object
321 type: object
322 type: object
323 type: object
324 required:
325 - projectRef
326 type: object
327 status:
328 properties:
329 conditions:
330 description: Conditions represent the latest available observation
331 of the resource's current state.
332 items:
333 properties:
334 lastTransitionTime:
335 description: Last time the condition transitioned from one status
336 to another.
337 type: string
338 message:
339 description: Human-readable message indicating details about
340 last transition.
341 type: string
342 reason:
343 description: Unique, one-word, CamelCase reason for the condition's
344 last transition.
345 type: string
346 status:
347 description: Status is the status of the condition. Can be True,
348 False, Unknown.
349 type: string
350 type:
351 description: Type is the type of the condition.
352 type: string
353 type: object
354 type: array
355 observedGeneration:
356 description: ObservedGeneration is the generation of the resource
357 that was most recently observed by the Config Connector controller.
358 If this is equal to metadata.generation, then that means that the
359 current reported status reflects the most recent desired state of
360 the resource.
361 type: integer
362 type: object
363 required:
364 - spec
365 type: object
366 served: true
367 storage: true
368 subresources:
369 status: {}
370status:
371 acceptedNames:
372 kind: ""
373 plural: ""
374 conditions: []
375 storedVersions: []
View as plain text