← Back to index Esc
Kind
Bundle
Group
trust.cert-manager.io
Version
v1alpha1
apiVersion: trust.cert-manager.io/v1alpha1 kind: Bundle metadata: name: example
Tip: use .spec.sources for path-only search
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object required
spec represents the desired state of the Bundle resource.
sources []object required
sources is a set of references to data whose data will sync to the target.
minItems: 1
maxItems: 100
configMap object
configMap is a reference (by name) to a ConfigMap's `data` key(s), or to a list of ConfigMap's `data` key(s) using label selector, in the trust namespace.
includeAllKeys boolean
includeAllKeys is a flag to include all keys in the object's `data` field to be used. False by default. This field must not be true when `key` is set.
key string
key of the entry in the object's `data` field to be used.
minLength: 1
maxLength: 253
name string
name is the name of the source object in the trust namespace. This field must be left empty when `selector` is set
minLength: 1
maxLength: 253
selector object
selector is the label selector to use to fetch a list of objects. Must not be set when `name` is set.
matchExpressions []object
matchExpressions is a list of label selector requirements. The requirements are ANDed.
key string required
key is the label key that the selector applies to.
operator string required
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values []string
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
inLine string
inLine is a simple string to append as the source data.
minLength: 1
maxLength: 1048576
secret object
secret is a reference (by name) to a Secret's `data` key(s), or to a list of Secret's `data` key(s) using label selector, in the trust namespace.
includeAllKeys boolean
includeAllKeys is a flag to include all keys in the object's `data` field to be used. False by default. This field must not be true when `key` is set.
key string
key of the entry in the object's `data` field to be used.
minLength: 1
maxLength: 253
name string
name is the name of the source object in the trust namespace. This field must be left empty when `selector` is set
minLength: 1
maxLength: 253
selector object
selector is the label selector to use to fetch a list of objects. Must not be set when `name` is set.
matchExpressions []object
matchExpressions is a list of label selector requirements. The requirements are ANDed.
key string required
key is the label key that the selector applies to.
operator string required
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values []string
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
useDefaultCAs boolean
useDefaultCAs indicates whether the default CA bundle should be used as a source. The default CA bundle is available only if trust-manager was installed with default CA support enabled, either via the Helm chart or by starting the trust-manager controller with the "--default-package-location" flag. If default CA support was not enabled at startup, setting this field to true will result in reconciliation failure. The version of the default CA package used for this Bundle is reported in status.defaultCAVersion.
target object
target is the target location in all namespaces to sync source data to.
additionalFormats object
additionalFormats specifies any additional formats to write to the target
jks object
jks requests a JKS-formatted binary trust bundle to be written to the target. The bundle has "changeit" as the default password. For more information refer to this link https://cert-manager.io/docs/faq/#keystore-passwords Format is deprecated: Writing JKS is subject for removal. Please migrate to PKCS12. PKCS#12 trust stores created by trust-manager are compatible with Java.
key string required
key is the key of the entry in the object's `data` field to be used.
minLength: 1
maxLength: 253
password string
password for JKS trust store
minLength: 1
maxLength: 128
pkcs12 object
pkcs12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is by default created without a password. For more information refer to this link https://cert-manager.io/docs/faq/#keystore-passwords
key string required
key is the key of the entry in the object's `data` field to be used.
minLength: 1
maxLength: 253
password string
password for PKCS12 trust store
minLength: 0
maxLength: 128
profile string
profile specifies the certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 trust store. If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (e.g. because of company policy). Default value is `LegacyRC2` for backward compatibility.
enum: LegacyRC2, LegacyDES, Modern2023
configMap object
configMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.
key string required
key is the key of the entry in the object's `data` field to be used.
minLength: 1
maxLength: 253
metadata object
metadata is an optional set of labels and annotations to be copied to the target.
annotations object
annotations is a key value map to be copied to the target.
labels object
labels is a key value map to be copied to the target.
namespaceSelector object
namespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.
matchExpressions []object
matchExpressions is a list of label selector requirements. The requirements are ANDed.
key string required
key is the label key that the selector applies to.
operator string required
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values []string
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
secret object
secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.
key string required
key is the key of the entry in the object's `data` field to be used.
minLength: 1
maxLength: 253
metadata object
metadata is an optional set of labels and annotations to be copied to the target.
annotations object
annotations is a key value map to be copied to the target.
labels object
labels is a key value map to be copied to the target.
status object
status of the Bundle. This is set and managed automatically.
conditions []object
conditions represent the latest available observations of the Bundle's current state.
minItems: 0
maxItems: 10
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
defaultCAVersion string
defaultCAVersion is the version of the default CA package used when resolving the default CA source(s) for this Bundle (for example, when any source has useDefaultCAs set to true), if applicable. Bundles resolved from identical sets of default CA certificates will report the same defaultCAVersion value.
minLength: 1
maxLength: 253

No matches. Try .spec.sources for an exact path

Copied!