---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: issuers.anthos-cert-manager.io
spec:
group: anthos-cert-manager.io
names:
kind: Issuer
listKind: IssuerList
plural: issuers
singular: issuer
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: An Issuer represents a certificate issuing authority which can
be referenced as part of `issuerRef` fields. It is scoped to a single namespace
and can therefore only be referenced by resources within the same namespace.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired state of the Issuer resource.
properties:
ca:
description: CA configures this issuer to sign certificates using
a signing CA keypair stored in a Secret resource. This is used to
build internal PKIs that are managed by cert-manager.
properties:
crlDistributionPoints:
description: The CRL distribution points is an X.509 v3 certificate
extension which identifies the location of the CRL from which
the revocation of this certificate can be checked. If not set,
certificates will be issued without distribution points set.
items:
type: string
type: array
ocspServers:
description: The OCSP server list is an X.509 v3 extension that
defines a list of URLs of OCSP responders. The OCSP responders
can be queried for the revocation status of an issued certificate.
If not set, the certificate will be issued with no OCSP servers
set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
items:
type: string
type: array
secretName:
description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
type: string
required:
- secretName
type: object
selfSigned:
description: SelfSigned configures this issuer to 'self sign' certificates
using the private key used to create the CertificateRequest object.
properties:
crlDistributionPoints:
description: The CRL distribution points is an X.509 v3 certificate
extension which identifies the location of the CRL from which
the revocation of this certificate can be checked. If not set
certificate will be issued without CDP. Values are strings.
items:
type: string
type: array
type: object
type: object
status:
description: Status of the Issuer. This is set and managed automatically.
properties:
conditions:
description: List of status conditions to indicate the status of a
CertificateRequest. Known condition types are `Ready`.
items:
description: IssuerCondition contains condition information for
an Issuer.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding
to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the
details of the last transition, complementing reason.
type: string
observedGeneration:
description: If set, this represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.condition[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the Issuer.
format: int64
type: integer
reason:
description: Reason is a brief machine readable explanation
for the condition's last transition.
type: string
status:
description: Status of the condition, one of (`True`, `False`,
`Unknown`).
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: Type of the condition, known values are (`Ready`).
type: string
required:
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true
