· 6 years ago · Dec 07, 2019, 12:50 AM
1---
2# Source: cert-manager/templates/namespace.yaml
3apiVersion: v1
4kind: Namespace
5metadata:
6 name: cert-manager
7 labels:
8 certmanager.k8s.io/disable-validation: "true"
9---
10# Source: cert-manager/charts/cert-manager/charts/cainjector/templates/serviceaccount.yaml
11apiVersion: v1
12kind: ServiceAccount
13metadata:
14 name: cert-manager-cainjector
15 namespace: "cert-manager"
16 labels:
17 app: cainjector
18 app.kubernetes.io/name: cainjector
19 app.kubernetes.io/instance: cert-manager
20 app.kubernetes.io/managed-by: Tiller
21 argocd.argoproj.io/instance: cert-manager
22 helm.sh/chart: cainjector-v0.10.0
23---
24# Source: cert-manager/charts/cert-manager/templates/serviceaccount.yaml
25apiVersion: v1
26kind: ServiceAccount
27metadata:
28 name: cert-manager
29 namespace: "cert-manager"
30 labels:
31 app: cert-manager
32 app.kubernetes.io/name: cert-manager
33 app.kubernetes.io/instance: cert-manager
34 app.kubernetes.io/managed-by: Tiller
35 argocd.argoproj.io/instance: cert-manager
36 helm.sh/chart: cert-manager-v0.10.0
37---
38# Source: cert-manager/charts/cert-manager/templates/webhook-serviceaccount.yaml
39apiVersion: v1
40kind: ServiceAccount
41metadata:
42 name: cert-manager-webhook
43 namespace: "cert-manager"
44 labels:
45 app: webhook
46 app.kubernetes.io/name: webhook
47 app.kubernetes.io/instance: cert-manager
48 app.kubernetes.io/managed-by: Tiller
49 argocd.argoproj.io/instance: cert-manager
50 helm.sh/chart: cert-manager-v0.10.0
51---
52# Source: cert-manager/templates/crds.yaml
53---
54apiVersion: apiextensions.k8s.io/v1beta1
55kind: CustomResourceDefinition
56metadata:
57 creationTimestamp: null
58 name: challenges.certmanager.k8s.io
59spec:
60 additionalPrinterColumns:
61 - JSONPath: .status.state
62 name: State
63 type: string
64 - JSONPath: .spec.dnsName
65 name: Domain
66 type: string
67 - JSONPath: .status.reason
68 name: Reason
69 priority: 1
70 type: string
71 - JSONPath: .metadata.creationTimestamp
72 description: CreationTimestamp is a timestamp representing the server time when
73 this object was created. It is not guaranteed to be set in happens-before order
74 across separate operations. Clients may not set this value. It is represented
75 in RFC3339 form and is in UTC.
76 name: Age
77 type: date
78 group: certmanager.k8s.io
79 names:
80 kind: Challenge
81 plural: challenges
82 scope: Namespaced
83 subresources: {}
84 validation:
85 openAPIV3Schema:
86 description: Challenge is a type to represent a Challenge request with an ACME
87 server
88 properties:
89 apiVersion:
90 description: 'APIVersion defines the versioned schema of this representation
91 of an object. Servers should convert recognized schemas to the latest
92 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
93 type: string
94 kind:
95 description: 'Kind is a string value representing the REST resource this
96 object represents. Servers may infer this from the endpoint the client
97 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
98 type: string
99 metadata:
100 type: object
101 spec:
102 properties:
103 authzURL:
104 description: AuthzURL is the URL to the ACME Authorization resource
105 that this challenge is a part of.
106 type: string
107 config:
108 description: 'Config specifies the solver configuration for this challenge.
109 Only **one** of ''config'' or ''solver'' may be specified, and if
110 both are specified then no action will be performed on the Challenge
111 resource. DEPRECATED: the ''solver'' field should be specified instead'
112 properties:
113 dns01:
114 description: DNS01 contains DNS01 challenge solving configuration
115 properties:
116 provider:
117 description: Provider is the name of the DNS01 challenge provider
118 to use, as configure on the referenced Issuer or ClusterIssuer
119 resource.
120 type: string
121 required:
122 - provider
123 type: object
124 http01:
125 description: HTTP01 contains HTTP01 challenge solving configuration
126 properties:
127 ingress:
128 description: Ingress is the name of an Ingress resource that
129 will be edited to include the ACME HTTP01 'well-known' challenge
130 path in order to solve HTTP01 challenges. If this field is
131 specified, 'ingressClass' **must not** be specified.
132 type: string
133 ingressClass:
134 description: IngressClass is the ingress class that should be
135 set on new ingress resources that are created in order to
136 solve HTTP01 challenges. This field should be used when using
137 an ingress controller such as nginx, which 'flattens' ingress
138 configuration instead of maintaining a 1:1 mapping between
139 loadbalancer IP:ingress resources. If this field is not set,
140 and 'ingress' is not set, then ingresses without an ingress
141 class set will be created to solve HTTP01 challenges. If this
142 field is specified, 'ingress' **must not** be specified.
143 type: string
144 type: object
145 type: object
146 dnsName:
147 description: DNSName is the identifier that this challenge is for, e.g.
148 example.com.
149 type: string
150 issuerRef:
151 description: IssuerRef references a properly configured ACME-type Issuer
152 which should be used to create this Challenge. If the Issuer does
153 not exist, processing will be retried. If the Issuer is not an 'ACME'
154 Issuer, an error will be returned and the Challenge will be marked
155 as failed.
156 properties:
157 group:
158 type: string
159 kind:
160 type: string
161 name:
162 type: string
163 required:
164 - name
165 type: object
166 key:
167 description: Key is the ACME challenge key for this challenge
168 type: string
169 solver:
170 description: Solver contains the domain solving configuration that should
171 be used to solve this challenge resource. Only **one** of 'config'
172 or 'solver' may be specified, and if both are specified then no action
173 will be performed on the Challenge resource.
174 properties:
175 dns01:
176 properties:
177 acmedns:
178 description: ACMEIssuerDNS01ProviderAcmeDNS is a structure containing
179 the configuration for ACME-DNS servers
180 properties:
181 accountSecretRef:
182 properties:
183 key:
184 description: The key of the secret to select from. Must
185 be a valid secret key.
186 type: string
187 name:
188 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
189 TODO: Add other useful fields. apiVersion, kind, uid?'
190 type: string
191 required:
192 - name
193 type: object
194 host:
195 type: string
196 required:
197 - accountSecretRef
198 - host
199 type: object
200 akamai:
201 description: ACMEIssuerDNS01ProviderAkamai is a structure containing
202 the DNS configuration for Akamai DNS—Zone Record Management
203 API
204 properties:
205 accessTokenSecretRef:
206 properties:
207 key:
208 description: The key of the secret to select from. Must
209 be a valid secret key.
210 type: string
211 name:
212 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
213 TODO: Add other useful fields. apiVersion, kind, uid?'
214 type: string
215 required:
216 - name
217 type: object
218 clientSecretSecretRef:
219 properties:
220 key:
221 description: The key of the secret to select from. Must
222 be a valid secret key.
223 type: string
224 name:
225 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
226 TODO: Add other useful fields. apiVersion, kind, uid?'
227 type: string
228 required:
229 - name
230 type: object
231 clientTokenSecretRef:
232 properties:
233 key:
234 description: The key of the secret to select from. Must
235 be a valid secret key.
236 type: string
237 name:
238 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
239 TODO: Add other useful fields. apiVersion, kind, uid?'
240 type: string
241 required:
242 - name
243 type: object
244 serviceConsumerDomain:
245 type: string
246 required:
247 - accessTokenSecretRef
248 - clientSecretSecretRef
249 - clientTokenSecretRef
250 - serviceConsumerDomain
251 type: object
252 azuredns:
253 description: ACMEIssuerDNS01ProviderAzureDNS is a structure
254 containing the configuration for Azure DNS
255 properties:
256 clientID:
257 type: string
258 clientSecretSecretRef:
259 properties:
260 key:
261 description: The key of the secret to select from. Must
262 be a valid secret key.
263 type: string
264 name:
265 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
266 TODO: Add other useful fields. apiVersion, kind, uid?'
267 type: string
268 required:
269 - name
270 type: object
271 environment:
272 enum:
273 - AzurePublicCloud
274 - AzureChinaCloud
275 - AzureGermanCloud
276 - AzureUSGovernmentCloud
277 type: string
278 hostedZoneName:
279 type: string
280 resourceGroupName:
281 type: string
282 subscriptionID:
283 type: string
284 tenantID:
285 type: string
286 required:
287 - clientID
288 - clientSecretSecretRef
289 - resourceGroupName
290 - subscriptionID
291 - tenantID
292 type: object
293 clouddns:
294 description: ACMEIssuerDNS01ProviderCloudDNS is a structure
295 containing the DNS configuration for Google Cloud DNS
296 properties:
297 project:
298 type: string
299 serviceAccountSecretRef:
300 properties:
301 key:
302 description: The key of the secret to select from. Must
303 be a valid secret key.
304 type: string
305 name:
306 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
307 TODO: Add other useful fields. apiVersion, kind, uid?'
308 type: string
309 required:
310 - name
311 type: object
312 required:
313 - project
314 - serviceAccountSecretRef
315 type: object
316 cloudflare:
317 description: ACMEIssuerDNS01ProviderCloudflare is a structure
318 containing the DNS configuration for Cloudflare
319 properties:
320 apiKeySecretRef:
321 properties:
322 key:
323 description: The key of the secret to select from. Must
324 be a valid secret key.
325 type: string
326 name:
327 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
328 TODO: Add other useful fields. apiVersion, kind, uid?'
329 type: string
330 required:
331 - name
332 type: object
333 email:
334 type: string
335 required:
336 - apiKeySecretRef
337 - email
338 type: object
339 cnameStrategy:
340 description: CNAMEStrategy configures how the DNS01 provider
341 should handle CNAME records when found in DNS zones.
342 enum:
343 - None
344 - Follow
345 type: string
346 digitalocean:
347 description: ACMEIssuerDNS01ProviderDigitalOcean is a structure
348 containing the DNS configuration for DigitalOcean Domains
349 properties:
350 tokenSecretRef:
351 properties:
352 key:
353 description: The key of the secret to select from. Must
354 be a valid secret key.
355 type: string
356 name:
357 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
358 TODO: Add other useful fields. apiVersion, kind, uid?'
359 type: string
360 required:
361 - name
362 type: object
363 required:
364 - tokenSecretRef
365 type: object
366 rfc2136:
367 description: ACMEIssuerDNS01ProviderRFC2136 is a structure containing
368 the configuration for RFC2136 DNS
369 properties:
370 nameserver:
371 description: 'The IP address of the DNS supporting RFC2136.
372 Required. Note: FQDN is not a valid value, only IP.'
373 type: string
374 tsigAlgorithm:
375 description: 'The TSIG Algorithm configured in the DNS supporting
376 RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName``
377 are defined. Supported values are (case-insensitive):
378 ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or
379 ``HMACSHA512``.'
380 type: string
381 tsigKeyName:
382 description: The TSIG Key name configured in the DNS. If
383 ``tsigSecretSecretRef`` is defined, this field is required.
384 type: string
385 tsigSecretSecretRef:
386 description: The name of the secret containing the TSIG
387 value. If ``tsigKeyName`` is defined, this field is required.
388 properties:
389 key:
390 description: The key of the secret to select from. Must
391 be a valid secret key.
392 type: string
393 name:
394 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
395 TODO: Add other useful fields. apiVersion, kind, uid?'
396 type: string
397 required:
398 - name
399 type: object
400 required:
401 - nameserver
402 type: object
403 route53:
404 description: ACMEIssuerDNS01ProviderRoute53 is a structure containing
405 the Route 53 configuration for AWS
406 properties:
407 accessKeyID:
408 description: 'The AccessKeyID is used for authentication.
409 If not set we fall-back to using env vars, shared credentials
410 file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
411 type: string
412 hostedZoneID:
413 description: If set, the provider will manage only this
414 zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName
415 api call.
416 type: string
417 region:
418 description: Always set the region when using AccessKeyID
419 and SecretAccessKey
420 type: string
421 role:
422 description: Role is a Role ARN which the Route53 provider
423 will assume using either the explicit credentials AccessKeyID/SecretAccessKey
424 or the inferred credentials from environment variables,
425 shared credentials file or AWS Instance metadata
426 type: string
427 secretAccessKeySecretRef:
428 description: The SecretAccessKey is used for authentication.
429 If not set we fall-back to using env vars, shared credentials
430 file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
431 properties:
432 key:
433 description: The key of the secret to select from. Must
434 be a valid secret key.
435 type: string
436 name:
437 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
438 TODO: Add other useful fields. apiVersion, kind, uid?'
439 type: string
440 required:
441 - name
442 type: object
443 required:
444 - region
445 type: object
446 webhook:
447 description: ACMEIssuerDNS01ProviderWebhook specifies configuration
448 for a webhook DNS01 provider, including where to POST ChallengePayload
449 resources.
450 properties:
451 config:
452 description: Additional configuration that should be passed