From b0c087a3b62e122f4be27614d40a83ae11fc2185 Mon Sep 17 00:00:00 2001 From: shipper Date: Fri, 19 May 2023 13:33:00 +0000 Subject: [PATCH] auto-update crds catalog --- cert-manager.io/certificate_v1.json | 6 ++-- cert-manager.io/challenge_v1.json | 26 +++++++++++++-- cert-manager.io/clusterissuer_v1.json | 47 ++++++++++++++++++++++++--- cert-manager.io/issuer_v1.json | 47 ++++++++++++++++++++++++--- 4 files changed, 110 insertions(+), 16 deletions(-) diff --git a/cert-manager.io/certificate_v1.json b/cert-manager.io/certificate_v1.json index 02b98a1..e85cc39 100644 --- a/cert-manager.io/certificate_v1.json +++ b/cert-manager.io/certificate_v1.json @@ -118,7 +118,7 @@ ], "properties": { "create": { - "description": "Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority", + "description": "Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority", "type": "boolean" }, "passwordSecretRef": { @@ -151,7 +151,7 @@ ], "properties": { "create": { - "description": "Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority", + "description": "Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority", "type": "boolean" }, "passwordSecretRef": { @@ -414,7 +414,7 @@ "type": "integer" }, "lastFailureTime": { - "description": "LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time.", + "description": "LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset.", "type": "string", "format": "date-time" }, diff --git a/cert-manager.io/challenge_v1.json b/cert-manager.io/challenge_v1.json index 3292f45..43341f5 100644 --- a/cert-manager.io/challenge_v1.json +++ b/cert-manager.io/challenge_v1.json @@ -577,7 +577,11 @@ "type": "object", "properties": { "class": { - "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", + "description": "This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified.", + "type": "string" + }, + "ingressClassName": { + "description": "This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified.", "type": "string" }, "ingressTemplate": { @@ -609,7 +613,7 @@ "additionalProperties": false }, "name": { - "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified.", "type": "string" }, "podTemplate": { @@ -638,7 +642,7 @@ "additionalProperties": false }, "spec": { - "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored.", "type": "object", "properties": { "affinity": { @@ -1332,6 +1336,22 @@ }, "additionalProperties": false }, + "imagePullSecrets": { + "description": "If specified, the pod's imagePullSecrets", + "type": "array", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, "nodeSelector": { "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", "type": "object", diff --git a/cert-manager.io/clusterissuer_v1.json b/cert-manager.io/clusterissuer_v1.json index 8268f40..13360f0 100644 --- a/cert-manager.io/clusterissuer_v1.json +++ b/cert-manager.io/clusterissuer_v1.json @@ -634,7 +634,11 @@ "type": "object", "properties": { "class": { - "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", + "description": "This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified.", + "type": "string" + }, + "ingressClassName": { + "description": "This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified.", "type": "string" }, "ingressTemplate": { @@ -666,7 +670,7 @@ "additionalProperties": false }, "name": { - "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified.", "type": "string" }, "podTemplate": { @@ -695,7 +699,7 @@ "additionalProperties": false }, "spec": { - "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored.", "type": "object", "properties": { "affinity": { @@ -1389,6 +1393,22 @@ }, "additionalProperties": false }, + "imagePullSecrets": { + "description": "If specified, the pod's imagePullSecrets", + "type": "array", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, "nodeSelector": { "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", "type": "object", @@ -1584,8 +1604,7 @@ "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", "type": "object", "required": [ - "role", - "secretRef" + "role" ], "properties": { "mountPath": { @@ -1613,6 +1632,20 @@ } }, "additionalProperties": false + }, + "serviceAccountRef": { + "description": "A reference to a service account that will be used to request a bound token (also known as \"projected token\"). Compared to using \"secretRef\", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name of the ServiceAccount used to request a token.", + "type": "string" + } + }, + "additionalProperties": false } }, "additionalProperties": false @@ -1767,6 +1800,10 @@ "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", "type": "object", "properties": { + "lastPrivateKeyHash": { + "description": "LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", + "type": "string" + }, "lastRegisteredEmail": { "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string" diff --git a/cert-manager.io/issuer_v1.json b/cert-manager.io/issuer_v1.json index cf603a4..cbcd2aa 100644 --- a/cert-manager.io/issuer_v1.json +++ b/cert-manager.io/issuer_v1.json @@ -634,7 +634,11 @@ "type": "object", "properties": { "class": { - "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", + "description": "This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified.", + "type": "string" + }, + "ingressClassName": { + "description": "This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified.", "type": "string" }, "ingressTemplate": { @@ -666,7 +670,7 @@ "additionalProperties": false }, "name": { - "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified.", "type": "string" }, "podTemplate": { @@ -695,7 +699,7 @@ "additionalProperties": false }, "spec": { - "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored.", "type": "object", "properties": { "affinity": { @@ -1389,6 +1393,22 @@ }, "additionalProperties": false }, + "imagePullSecrets": { + "description": "If specified, the pod's imagePullSecrets", + "type": "array", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, "nodeSelector": { "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", "type": "object", @@ -1584,8 +1604,7 @@ "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", "type": "object", "required": [ - "role", - "secretRef" + "role" ], "properties": { "mountPath": { @@ -1613,6 +1632,20 @@ } }, "additionalProperties": false + }, + "serviceAccountRef": { + "description": "A reference to a service account that will be used to request a bound token (also known as \"projected token\"). Compared to using \"secretRef\", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name of the ServiceAccount used to request a token.", + "type": "string" + } + }, + "additionalProperties": false } }, "additionalProperties": false @@ -1767,6 +1800,10 @@ "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", "type": "object", "properties": { + "lastPrivateKeyHash": { + "description": "LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", + "type": "string" + }, "lastRegisteredEmail": { "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string"