...

Text file src/github.com/GoogleCloudPlatform/k8s-config-connector/samples/resources/privatecacapool/privateca_v1beta1_privatecacapool.yaml

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/samples/resources/privatecacapool

     1# Copyright 2021 Google LLC
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#     http://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14
    15apiVersion: privateca.cnrm.cloud.google.com/v1beta1
    16kind: PrivateCACAPool
    17metadata:
    18  labels:
    19    label-two: "value-two"
    20  name: privatecacapool-sample
    21spec:
    22  projectRef:
    23    external: projects/${PROJECT_ID?}
    24  location: "us-central1"
    25  tier: ENTERPRISE
    26  issuancePolicy:
    27    allowedKeyTypes:
    28    - rsa:
    29        minModulusSize: 64
    30        maxModulusSize: 128
    31    - ellipticCurve:
    32        signatureAlgorithm: ECDSA_P384
    33    maximumLifetime: 43200s
    34    allowedIssuanceModes:
    35      allowCsrBasedIssuance: true
    36      allowConfigBasedIssuance: false
    37    baselineValues:
    38      keyUsage:
    39        baseKeyUsage:
    40          digitalSignature: false
    41          contentCommitment: false
    42          keyEncipherment: false
    43          dataEncipherment: false
    44          keyAgreement: false
    45          certSign: false
    46          crlSign: false
    47          encipherOnly: false
    48          decipherOnly: false
    49        extendedKeyUsage:
    50          serverAuth: false
    51          clientAuth: false
    52          codeSigning: false
    53          emailProtection: false
    54          timeStamping: false
    55          ocspSigning: false
    56        unknownExtendedKeyUsages:
    57        - objectIdPath:
    58          - 1
    59          - 7
    60      caOptions:
    61        isCa: false
    62        maxIssuerPathLength: 7
    63      policyIds:
    64      - objectIdPath:
    65        - 1
    66        - 7
    67      aiaOcspServers:
    68      - string
    69      additionalExtensions:
    70      - objectId:
    71          objectIdPath:
    72          - 1
    73          - 7
    74        critical: false
    75        value: c3RyaW5nCg==
    76    identityConstraints:
    77      celExpression:
    78        title: Sample expression
    79        description: Always false
    80        expression: 'false'
    81        location: devops.ca_pool.json
    82      allowSubjectPassthrough: false
    83      allowSubjectAltNamesPassthrough: false
    84    passthroughExtensions:
    85      knownExtensions:
    86      - BASE_KEY_USAGE
    87      additionalExtensions:
    88      - objectIdPath:
    89        - 1
    90        - 7

View as plain text