Update deprecated api (#6245)
This commit is contained in:
parent
b064274e27
commit
16ec5939c2
11 changed files with 7011 additions and 156 deletions
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
apiVersion: storage.k8s.io/v1beta1
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: CSIDriver
|
||||
metadata:
|
||||
name: ebs.csi.aws.com
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
apiVersion: storage.k8s.io/v1beta1
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: CSIDriver
|
||||
metadata:
|
||||
name: disk.csi.azure.com
|
||||
|
|
|
@ -1,17 +1,22 @@
|
|||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: csinodeinfos.csi.storage.k8s.io
|
||||
spec:
|
||||
group: csi.storage.k8s.io
|
||||
scope: Cluster
|
||||
names:
|
||||
kind: CSINodeInfo
|
||||
plural: csinodeinfos
|
||||
scope: Cluster
|
||||
validation:
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
csiDrivers:
|
||||
description: List of CSI drivers running on the node and their properties.
|
||||
|
@ -29,7 +34,6 @@ spec:
|
|||
type: string
|
||||
type: array
|
||||
type: array
|
||||
version: v1alpha1
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
apiVersion: storage.k8s.io/v1beta1
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: CSIDriver
|
||||
metadata:
|
||||
name: cinder.csi.openstack.org
|
||||
|
|
|
@ -119,7 +119,7 @@ spec:
|
|||
path: /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com
|
||||
type: DirectoryOrCreate
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1beta1
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: CSIDriver
|
||||
metadata:
|
||||
name: csi.vsphere.vmware.com
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: certificates.certmanager.k8s.io
|
||||
annotations:
|
||||
"helm.sh/hook": crd-install
|
||||
"api-approved.kubernetes.io": "unapproved-will-be-remove-with-cert-manager-update"
|
||||
labels:
|
||||
app: cert-manager
|
||||
chart: cert-manager-v0.5.2
|
||||
|
@ -12,8 +13,704 @@ metadata:
|
|||
heritage: Tiller
|
||||
spec:
|
||||
group: certmanager.k8s.io
|
||||
version: v1alpha1
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Certificate is a type to represent a Certificate from ACME
|
||||
type: object
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: CertificateSpec defines the desired state of Certificate.
|
||||
A valid Certificate requires at least one of a CommonName, DNSName,
|
||||
or URISAN to be valid.
|
||||
type: object
|
||||
required:
|
||||
- issuerRef
|
||||
- secretName
|
||||
properties:
|
||||
commonName:
|
||||
description: 'CommonName is a common name to be used on the Certificate.
|
||||
The CommonName should have a length of 64 characters or fewer to
|
||||
avoid generating invalid CSRs. This value is ignored by TLS clients
|
||||
when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4'
|
||||
type: string
|
||||
dnsNames:
|
||||
description: DNSNames is a list of subject alt names to be used on
|
||||
the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
duration:
|
||||
description: Certificate default Duration
|
||||
type: string
|
||||
emailSANs:
|
||||
description: EmailSANs is a list of Email Subject Alternative Names
|
||||
to be set on this Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ipAddresses:
|
||||
description: IPAddresses is a list of IP addresses to be used on the
|
||||
Certificate
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
isCA:
|
||||
description: IsCA will mark this Certificate as valid for signing.
|
||||
This implies that the 'cert sign' usage is set
|
||||
type: boolean
|
||||
issuerRef:
|
||||
description: IssuerRef is a reference to the issuer for this certificate.
|
||||
If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
|
||||
with the given name in the same namespace as the Certificate will
|
||||
be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
|
||||
with the provided name will be used. The 'name' field in this stanza
|
||||
is required at all times.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
keyAlgorithm:
|
||||
description: KeyAlgorithm is the private key algorithm of the corresponding
|
||||
private key for this certificate. If provided, allowed values are
|
||||
either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize
|
||||
is not provided, key size of 256 will be used for "ecdsa" key algorithm
|
||||
and key size of 2048 will be used for "rsa" key algorithm.
|
||||
type: string
|
||||
enum:
|
||||
- rsa
|
||||
- ecdsa
|
||||
keyEncoding:
|
||||
description: KeyEncoding is the private key cryptography standards
|
||||
(PKCS) for this certificate's private key to be encoded in. If provided,
|
||||
allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8,
|
||||
respectively. If KeyEncoding is not specified, then PKCS#1 will
|
||||
be used by default.
|
||||
type: string
|
||||
enum:
|
||||
- pkcs1
|
||||
- pkcs8
|
||||
keySize:
|
||||
description: KeySize is the key bit size of the corresponding private
|
||||
key for this certificate. If provided, value must be between 2048
|
||||
and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa",
|
||||
and value must be one of (256, 384, 521) when KeyAlgorithm is set
|
||||
to "ecdsa".
|
||||
type: integer
|
||||
maximum: 8192
|
||||
minimum: 0
|
||||
keystores:
|
||||
description: Keystores configures additional keystore output formats
|
||||
stored in the `secretName` Secret resource.
|
||||
type: object
|
||||
properties:
|
||||
jks:
|
||||
description: JKS configures options for storing a JKS keystore
|
||||
in the `spec.secretName` Secret resource.
|
||||
type: object
|
||||
required:
|
||||
- create
|
||||
- passwordSecretRef
|
||||
properties:
|
||||
create:
|
||||
description: Create enables JKS keystore creation for the
|
||||
Certificate. If true, a file named `keystore.jks` will be
|
||||
created in the target Secret resource, encrypted using the
|
||||
password stored in `passwordSecretRef`. The keystore file
|
||||
will only be updated upon re-issuance.
|
||||
type: boolean
|
||||
passwordSecretRef:
|
||||
description: PasswordSecretRef is a reference to a key in
|
||||
a Secret resource containing the password used to encrypt
|
||||
the JKS keystore.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
pkcs12:
|
||||
description: PKCS12 configures options for storing a PKCS12 keystore
|
||||
in the `spec.secretName` Secret resource.
|
||||
type: object
|
||||
required:
|
||||
- create
|
||||
- passwordSecretRef
|
||||
properties:
|
||||
create:
|
||||
description: Create enables PKCS12 keystore creation for the
|
||||
Certificate. If true, a file named `keystore.p12` will be
|
||||
created in the target Secret resource, encrypted using the
|
||||
password stored in `passwordSecretRef`. The keystore file
|
||||
will only be updated upon re-issuance.
|
||||
type: boolean
|
||||
passwordSecretRef:
|
||||
description: PasswordSecretRef is a reference to a key in
|
||||
a Secret resource containing the password used to encrypt
|
||||
the PKCS12 keystore.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
organization:
|
||||
description: Organization is the organization to be used on the Certificate
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
privateKey:
|
||||
description: Options to control private keys used for the Certificate.
|
||||
type: object
|
||||
properties:
|
||||
rotationPolicy:
|
||||
description: RotationPolicy controls how private keys should be
|
||||
regenerated when a re-issuance is being processed. If set to
|
||||
Never, a private key will only be generated if one does not
|
||||
already exist in the target `spec.secretName`. If one does exists
|
||||
but it does not have the correct algorithm or size, a warning
|
||||
will be raised to await user intervention. If set to Always,
|
||||
a private key matching the specified requirements will be generated
|
||||
whenever a re-issuance occurs. Default is 'Never' for backward
|
||||
compatibility.
|
||||
type: string
|
||||
renewBefore:
|
||||
description: Certificate renew before expiration duration
|
||||
type: string
|
||||
secretName:
|
||||
description: SecretName is the name of the secret resource to store
|
||||
this secret in
|
||||
type: string
|
||||
subject:
|
||||
description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
|
||||
type: object
|
||||
properties:
|
||||
countries:
|
||||
description: Countries to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
localities:
|
||||
description: Cities to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
organizationalUnits:
|
||||
description: Organizational Units to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
postalCodes:
|
||||
description: Postal codes to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
provinces:
|
||||
description: State/Provinces to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
serialNumber:
|
||||
description: Serial number to be used on the Certificate.
|
||||
type: string
|
||||
streetAddresses:
|
||||
description: Street addresses to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
uriSANs:
|
||||
description: URISANs is a list of URI Subject Alternative Names to
|
||||
be set on this Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
usages:
|
||||
description: Usages is the set of x509 actions that are enabled for
|
||||
a given key. Defaults are ('digital signature', 'key encipherment')
|
||||
if empty
|
||||
type: array
|
||||
items:
|
||||
description: 'KeyUsage specifies valid usage contexts for keys.
|
||||
See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
||||
Valid KeyUsage values are as follows: "signing", "digital signature",
|
||||
"content commitment", "key encipherment", "key agreement", "data
|
||||
encipherment", "cert sign", "crl sign", "encipher only", "decipher
|
||||
only", "any", "server auth", "client auth", "code signing", "email
|
||||
protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec
|
||||
user", "timestamping", "ocsp signing", "microsoft sgc", "netscape
|
||||
sgc"'
|
||||
type: string
|
||||
enum:
|
||||
- signing
|
||||
- digital signature
|
||||
- content commitment
|
||||
- key encipherment
|
||||
- key agreement
|
||||
- data encipherment
|
||||
- cert sign
|
||||
- crl sign
|
||||
- encipher only
|
||||
- decipher only
|
||||
- any
|
||||
- server auth
|
||||
- client auth
|
||||
- code signing
|
||||
- email protection
|
||||
- s/mime
|
||||
- ipsec end system
|
||||
- ipsec tunnel
|
||||
- ipsec user
|
||||
- timestamping
|
||||
- ocsp signing
|
||||
- microsoft sgc
|
||||
- netscape sgc
|
||||
status:
|
||||
description: CertificateStatus defines the observed state of Certificate
|
||||
type: object
|
||||
properties:
|
||||
conditions:
|
||||
type: array
|
||||
items:
|
||||
description: CertificateCondition contains condition information
|
||||
for an Certificate.
|
||||
type: object
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding
|
||||
to the last status change of this condition.
|
||||
type: string
|
||||
format: date-time
|
||||
message:
|
||||
description: Message is a human readable description of the
|
||||
details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation
|
||||
for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False',
|
||||
'Unknown').
|
||||
type: string
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type:
|
||||
description: Type of the condition, currently ('Ready').
|
||||
type: string
|
||||
lastFailureTime:
|
||||
type: string
|
||||
format: date-time
|
||||
nextPrivateKeySecretName:
|
||||
description: The name of the Secret resource containing the private
|
||||
key to be used for the next certificate iteration. The keymanager
|
||||
controller will automatically set this field if the `Issuing` condition
|
||||
is set to `True`. It will automatically unset this field when the
|
||||
Issuing condition is not set or False.
|
||||
type: string
|
||||
notAfter:
|
||||
description: The expiration time of the certificate stored in the
|
||||
secret named by this resource in spec.secretName.
|
||||
type: string
|
||||
format: date-time
|
||||
revision:
|
||||
description: "The current 'revision' of the certificate as issued.
|
||||
\n When a CertificateRequest resource is created, it will have the
|
||||
`cert-manager.io/certificate-revision` set to one greater than the
|
||||
current value of this field. \n Upon issuance, this field will be
|
||||
set to the value of the annotation on the CertificateRequest resource
|
||||
used to issue the certificate. \n Persisting the value on the CertificateRequest
|
||||
resource allows the certificates controller to know whether a request
|
||||
is part of an old issuance or if it is part of the ongoing revision's
|
||||
issuance by checking if the revision value in the annotation is
|
||||
greater than this field."
|
||||
type: integer
|
||||
- name: v1alpha3
|
||||
served: true
|
||||
storage: false
|
||||
"schema":
|
||||
"openAPIV3Schema":
|
||||
description: Certificate is a type to represent a Certificate from ACME
|
||||
type: object
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: CertificateSpec defines the desired state of Certificate.
|
||||
A valid Certificate requires at least one of a CommonName, DNSName,
|
||||
or URISAN to be valid.
|
||||
type: object
|
||||
required:
|
||||
- issuerRef
|
||||
- secretName
|
||||
properties:
|
||||
commonName:
|
||||
description: 'CommonName is a common name to be used on the Certificate.
|
||||
The CommonName should have a length of 64 characters or fewer to
|
||||
avoid generating invalid CSRs. This value is ignored by TLS clients
|
||||
when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4'
|
||||
type: string
|
||||
dnsNames:
|
||||
description: DNSNames is a list of subject alt names to be used on
|
||||
the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
duration:
|
||||
description: Certificate default Duration
|
||||
type: string
|
||||
emailSANs:
|
||||
description: EmailSANs is a list of Email Subject Alternative Names
|
||||
to be set on this Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ipAddresses:
|
||||
description: IPAddresses is a list of IP addresses to be used on the
|
||||
Certificate
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
isCA:
|
||||
description: IsCA will mark this Certificate as valid for signing.
|
||||
This implies that the 'cert sign' usage is set
|
||||
type: boolean
|
||||
issuerRef:
|
||||
description: IssuerRef is a reference to the issuer for this certificate.
|
||||
If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
|
||||
with the given name in the same namespace as the Certificate will
|
||||
be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
|
||||
with the provided name will be used. The 'name' field in this stanza
|
||||
is required at all times.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
keyAlgorithm:
|
||||
description: KeyAlgorithm is the private key algorithm of the corresponding
|
||||
private key for this certificate. If provided, allowed values are
|
||||
either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize
|
||||
is not provided, key size of 256 will be used for "ecdsa" key algorithm
|
||||
and key size of 2048 will be used for "rsa" key algorithm.
|
||||
type: string
|
||||
enum:
|
||||
- rsa
|
||||
- ecdsa
|
||||
keyEncoding:
|
||||
description: KeyEncoding is the private key cryptography standards
|
||||
(PKCS) for this certificate's private key to be encoded in. If provided,
|
||||
allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8,
|
||||
respectively. If KeyEncoding is not specified, then PKCS#1 will
|
||||
be used by default.
|
||||
type: string
|
||||
enum:
|
||||
- pkcs1
|
||||
- pkcs8
|
||||
keySize:
|
||||
description: KeySize is the key bit size of the corresponding private
|
||||
key for this certificate. If provided, value must be between 2048
|
||||
and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa",
|
||||
and value must be one of (256, 384, 521) when KeyAlgorithm is set
|
||||
to "ecdsa".
|
||||
type: integer
|
||||
maximum: 8192
|
||||
minimum: 0
|
||||
keystores:
|
||||
description: Keystores configures additional keystore output formats
|
||||
stored in the `secretName` Secret resource.
|
||||
type: object
|
||||
properties:
|
||||
jks:
|
||||
description: JKS configures options for storing a JKS keystore
|
||||
in the `spec.secretName` Secret resource.
|
||||
type: object
|
||||
required:
|
||||
- create
|
||||
- passwordSecretRef
|
||||
properties:
|
||||
create:
|
||||
description: Create enables JKS keystore creation for the
|
||||
Certificate. If true, a file named `keystore.jks` will be
|
||||
created in the target Secret resource, encrypted using the
|
||||
password stored in `passwordSecretRef`. The keystore file
|
||||
will only be updated upon re-issuance.
|
||||
type: boolean
|
||||
passwordSecretRef:
|
||||
description: PasswordSecretRef is a reference to a key in
|
||||
a Secret resource containing the password used to encrypt
|
||||
the JKS keystore.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
pkcs12:
|
||||
description: PKCS12 configures options for storing a PKCS12 keystore
|
||||
in the `spec.secretName` Secret resource.
|
||||
type: object
|
||||
required:
|
||||
- create
|
||||
- passwordSecretRef
|
||||
properties:
|
||||
create:
|
||||
description: Create enables PKCS12 keystore creation for the
|
||||
Certificate. If true, a file named `keystore.p12` will be
|
||||
created in the target Secret resource, encrypted using the
|
||||
password stored in `passwordSecretRef`. The keystore file
|
||||
will only be updated upon re-issuance.
|
||||
type: boolean
|
||||
passwordSecretRef:
|
||||
description: PasswordSecretRef is a reference to a key in
|
||||
a Secret resource containing the password used to encrypt
|
||||
the PKCS12 keystore.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
privateKey:
|
||||
description: Options to control private keys used for the Certificate.
|
||||
type: object
|
||||
properties:
|
||||
rotationPolicy:
|
||||
description: RotationPolicy controls how private keys should be
|
||||
regenerated when a re-issuance is being processed. If set to
|
||||
Never, a private key will only be generated if one does not
|
||||
already exist in the target `spec.secretName`. If one does exists
|
||||
but it does not have the correct algorithm or size, a warning
|
||||
will be raised to await user intervention. If set to Always,
|
||||
a private key matching the specified requirements will be generated
|
||||
whenever a re-issuance occurs. Default is 'Never' for backward
|
||||
compatibility.
|
||||
type: string
|
||||
renewBefore:
|
||||
description: Certificate renew before expiration duration
|
||||
type: string
|
||||
secretName:
|
||||
description: SecretName is the name of the secret resource to store
|
||||
this secret in
|
||||
type: string
|
||||
subject:
|
||||
description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
|
||||
type: object
|
||||
properties:
|
||||
countries:
|
||||
description: Countries to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
localities:
|
||||
description: Cities to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
organizationalUnits:
|
||||
description: Organizational Units to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
organizations:
|
||||
description: Organizations to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
postalCodes:
|
||||
description: Postal codes to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
provinces:
|
||||
description: State/Provinces to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
serialNumber:
|
||||
description: Serial number to be used on the Certificate.
|
||||
type: string
|
||||
streetAddresses:
|
||||
description: Street addresses to be used on the Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
uriSANs:
|
||||
description: URISANs is a list of URI Subject Alternative Names to
|
||||
be set on this Certificate.
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
usages:
|
||||
description: Usages is the set of x509 actions that are enabled for
|
||||
a given key. Defaults are ('digital signature', 'key encipherment')
|
||||
if empty
|
||||
type: array
|
||||
items:
|
||||
description: 'KeyUsage specifies valid usage contexts for keys.
|
||||
See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
||||
Valid KeyUsage values are as follows: "signing", "digital signature",
|
||||
"content commitment", "key encipherment", "key agreement", "data
|
||||
encipherment", "cert sign", "crl sign", "encipher only", "decipher
|
||||
only", "any", "server auth", "client auth", "code signing", "email
|
||||
protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec
|
||||
user", "timestamping", "ocsp signing", "microsoft sgc", "netscape
|
||||
sgc"'
|
||||
type: string
|
||||
enum:
|
||||
- signing
|
||||
- digital signature
|
||||
- content commitment
|
||||
- key encipherment
|
||||
- key agreement
|
||||
- data encipherment
|
||||
- cert sign
|
||||
- crl sign
|
||||
- encipher only
|
||||
- decipher only
|
||||
- any
|
||||
- server auth
|
||||
- client auth
|
||||
- code signing
|
||||
- email protection
|
||||
- s/mime
|
||||
- ipsec end system
|
||||
- ipsec tunnel
|
||||
- ipsec user
|
||||
- timestamping
|
||||
- ocsp signing
|
||||
- microsoft sgc
|
||||
- netscape sgc
|
||||
status:
|
||||
description: CertificateStatus defines the observed state of Certificate
|
||||
type: object
|
||||
properties:
|
||||
conditions:
|
||||
type: array
|
||||
items:
|
||||
description: CertificateCondition contains condition information
|
||||
for an Certificate.
|
||||
type: object
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding
|
||||
to the last status change of this condition.
|
||||
type: string
|
||||
format: date-time
|
||||
message:
|
||||
description: Message is a human readable description of the
|
||||
details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation
|
||||
for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False',
|
||||
'Unknown').
|
||||
type: string
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type:
|
||||
description: Type of the condition, currently ('Ready').
|
||||
type: string
|
||||
lastFailureTime:
|
||||
type: string
|
||||
format: date-time
|
||||
nextPrivateKeySecretName:
|
||||
description: The name of the Secret resource containing the private
|
||||
key to be used for the next certificate iteration. The keymanager
|
||||
controller will automatically set this field if the `Issuing` condition
|
||||
is set to `True`. It will automatically unset this field when the
|
||||
Issuing condition is not set or False.
|
||||
type: string
|
||||
notAfter:
|
||||
description: The expiration time of the certificate stored in the
|
||||
secret named by this resource in spec.secretName.
|
||||
type: string
|
||||
format: date-time
|
||||
revision:
|
||||
description: "The current 'revision' of the certificate as issued.
|
||||
\n When a CertificateRequest resource is created, it will have the
|
||||
`cert-manager.io/certificate-revision` set to one greater than the
|
||||
current value of this field. \n Upon issuance, this field will be
|
||||
set to the value of the annotation on the CertificateRequest resource
|
||||
used to issue the certificate. \n Persisting the value on the CertificateRequest
|
||||
resource allows the certificates controller to know whether a request
|
||||
is part of an old issuance or if it is part of the ongoing revision's
|
||||
issuance by checking if the revision value in the annotation is
|
||||
greater than this field."
|
||||
type: integer
|
||||
names:
|
||||
kind: Certificate
|
||||
plural: certificates
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,4 @@
|
|||
apiVersion: apiregistration.k8s.io/v1beta1
|
||||
apiVersion: apiregistration.k8s.io/v1
|
||||
kind: APIService
|
||||
metadata:
|
||||
name: v1beta1.metrics.k8s.io
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,10 +1,62 @@
|
|||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: ips.kubeovn.io
|
||||
spec:
|
||||
group: kubeovn.io
|
||||
version: v1
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
additionalPrinterColumns:
|
||||
- name: Provider
|
||||
type: string
|
||||
jsonPath: .spec.provider
|
||||
- name: IP
|
||||
type: string
|
||||
jsonPath: .spec.ipAddress
|
||||
- name: Mac
|
||||
type: string
|
||||
jsonPath: .spec.macAddress
|
||||
- name: Node
|
||||
type: string
|
||||
jsonPath: .spec.nodeName
|
||||
- name: Subnet
|
||||
type: string
|
||||
jsonPath: .spec.subnet
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
podName:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
subnet:
|
||||
type: string
|
||||
attachSubnets:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
nodeName:
|
||||
type: string
|
||||
ipAddress:
|
||||
type: string
|
||||
attachIps:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
macAddress:
|
||||
type: string
|
||||
attachMacs:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
containerID:
|
||||
type: string
|
||||
scope: Cluster
|
||||
names:
|
||||
plural: ips
|
||||
|
@ -12,27 +64,111 @@ spec:
|
|||
kind: IP
|
||||
shortNames:
|
||||
- ip
|
||||
additionalPrinterColumns:
|
||||
- name: IP
|
||||
type: string
|
||||
JSONPath: .spec.ipAddress
|
||||
- name: Mac
|
||||
type: string
|
||||
JSONPath: .spec.macAddress
|
||||
- name: Node
|
||||
type: string
|
||||
JSONPath: .spec.nodeName
|
||||
- name: Subnet
|
||||
type: string
|
||||
JSONPath: .spec.subnet
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: subnets.kubeovn.io
|
||||
spec:
|
||||
group: kubeovn.io
|
||||
version: v1
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Protocol
|
||||
type: string
|
||||
jsonPath: .spec.protocol
|
||||
- name: CIDR
|
||||
type: string
|
||||
jsonPath: .spec.cidrBlock
|
||||
- name: Private
|
||||
type: boolean
|
||||
jsonPath: .spec.private
|
||||
- name: NAT
|
||||
type: boolean
|
||||
jsonPath: .spec.natOutgoing
|
||||
- name: Default
|
||||
type: boolean
|
||||
jsonPath: .spec.default
|
||||
- name: GatewayType
|
||||
type: string
|
||||
jsonPath: .spec.gatewayType
|
||||
- name: Used
|
||||
type: number
|
||||
jsonPath: .status.usingIPs
|
||||
- name: Available
|
||||
type: number
|
||||
jsonPath: .status.availableIPs
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
availableIPs:
|
||||
type: number
|
||||
usingIPs:
|
||||
type: number
|
||||
activateGateway:
|
||||
type: string
|
||||
conditions:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
status:
|
||||
type: string
|
||||
reason:
|
||||
type: string
|
||||
message:
|
||||
type: string
|
||||
lastUpdateTime:
|
||||
type: string
|
||||
lastTransitionTime:
|
||||
type: string
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
default:
|
||||
type: boolean
|
||||
protocol:
|
||||
type: string
|
||||
cidrBlock:
|
||||
type: string
|
||||
namespaces:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
gateway:
|
||||
type: string
|
||||
provider:
|
||||
type: string
|
||||
excludeIps:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
gatewayType:
|
||||
type: string
|
||||
allowSubnets:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
gatewayNode:
|
||||
type: string
|
||||
natOutgoing:
|
||||
type: boolean
|
||||
private:
|
||||
type: boolean
|
||||
vlan:
|
||||
type: string
|
||||
underlayGateway:
|
||||
type: boolean
|
||||
scope: Cluster
|
||||
names:
|
||||
plural: subnets
|
||||
|
@ -40,54 +176,42 @@ spec:
|
|||
kind: Subnet
|
||||
shortNames:
|
||||
- subnet
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Provider
|
||||
type: string
|
||||
JSONPath: .spec.provider
|
||||
- name: Protocol
|
||||
type: string
|
||||
JSONPath: .spec.protocol
|
||||
- name: CIDR
|
||||
type: string
|
||||
JSONPath: .spec.cidrBlock
|
||||
- name: Private
|
||||
type: boolean
|
||||
JSONPath: .spec.private
|
||||
- name: NAT
|
||||
type: boolean
|
||||
JSONPath: .spec.natOutgoing
|
||||
- name: Default
|
||||
type: boolean
|
||||
JSONPath: .spec.default
|
||||
- name: GatewayType
|
||||
type: string
|
||||
JSONPath: .spec.gatewayType
|
||||
- name: Used
|
||||
type: number
|
||||
JSONPath: .status.usingIPs
|
||||
- name: Available
|
||||
type: number
|
||||
JSONPath: .status.availableIPs
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
spec:
|
||||
required: ["cidrBlock"]
|
||||
properties:
|
||||
cidrBlock:
|
||||
type: "string"
|
||||
gateway:
|
||||
type: "string"
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: vlans.kubeovn.io
|
||||
spec:
|
||||
group: kubeovn.io
|
||||
version: v1
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
vlanId:
|
||||
type: integer
|
||||
providerInterfaceName:
|
||||
type: string
|
||||
logicalInterfaceName:
|
||||
type: string
|
||||
subnet:
|
||||
type: string
|
||||
additionalPrinterColumns:
|
||||
- name: VlanID
|
||||
type: string
|
||||
jsonPath: .spec.vlanId
|
||||
- name: ProviderInterfaceName
|
||||
type: string
|
||||
jsonPath: .spec.providerInterfaceName
|
||||
- name: Subnet
|
||||
type: string
|
||||
jsonPath: .spec.subnet
|
||||
scope: Cluster
|
||||
names:
|
||||
plural: vlans
|
||||
|
@ -95,13 +219,3 @@ spec:
|
|||
kind: Vlan
|
||||
shortNames:
|
||||
- vlan
|
||||
additionalPrinterColumns:
|
||||
- name: VlanID
|
||||
type: string
|
||||
JSONPath: .spec.vlanId
|
||||
- name: ProviderInterfaceName
|
||||
type: string
|
||||
JSONPath: .spec.providerInterfaceName
|
||||
- name: Subnet
|
||||
type: string
|
||||
JSONPath: .spec.subnet
|
||||
|
|
Loading…
Reference in a new issue