Documentation
¶
Overview ¶
Package v1 contains API Schema definitions for the cert-estuary v1 API group. +kubebuilder:object:generate=true +groupName=cert-estuary.atelierhsn.com
Index ¶
Constants ¶
const ( // ESTAuthorizedClientFinalizer is the finalizer for ESTAuthorizedClient resources. ESTAuthorizedClientFinalizer = "cert-estuary.atelierhsn.com/finalizer" // ESTAuthorizedClientLabel is the label for ESTAuthorizedClient resources. // Since CertificateSigningRequest resources are not namespaced, we need to use a label // to identify the ESTAuthorizedClient resource that created the CSR. ESTAuthorizedClientOwnerReferenceLabel = "cert-estuary.atelierhsn.com/estauthorizedclient" )
const ESTAuthorizedClientConditionTypeReady = "Ready"
Variables ¶
var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "cert-estuary.atelierhsn.com", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme // EstAuthorizedClientKind is the kind of the ESTAuthorizedClient resource. EstAuthorizedClientKind = "ESTAuthorizedClient" )
Functions ¶
This section is empty.
Types ¶
type ESTAuthorizedClient ¶
type ESTAuthorizedClient struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ESTAuthorizedClientSpec `json:"spec,omitempty"`
Status ESTAuthorizedClientStatus `json:"status,omitempty"`
}
ESTAuthorizedClient is the Schema for the estauthorizedclients API.
func (*ESTAuthorizedClient) DeepCopy ¶
func (in *ESTAuthorizedClient) DeepCopy() *ESTAuthorizedClient
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ESTAuthorizedClient.
func (*ESTAuthorizedClient) DeepCopyInto ¶
func (in *ESTAuthorizedClient) DeepCopyInto(out *ESTAuthorizedClient)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ESTAuthorizedClient) DeepCopyObject ¶
func (in *ESTAuthorizedClient) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (ESTAuthorizedClient) GenerateCSRName ¶
func (e ESTAuthorizedClient) GenerateCSRName() string
type ESTAuthorizedClientList ¶
type ESTAuthorizedClientList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ESTAuthorizedClient `json:"items"`
}
ESTAuthorizedClientList contains a list of ESTAuthorizedClient.
func (*ESTAuthorizedClientList) DeepCopy ¶
func (in *ESTAuthorizedClientList) DeepCopy() *ESTAuthorizedClientList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ESTAuthorizedClientList.
func (*ESTAuthorizedClientList) DeepCopyInto ¶
func (in *ESTAuthorizedClientList) DeepCopyInto(out *ESTAuthorizedClientList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ESTAuthorizedClientList) DeepCopyObject ¶
func (in *ESTAuthorizedClientList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ESTAuthorizedClientSpec ¶
type ESTAuthorizedClientSpec struct {
// Subject is the Common Name (CN) of the client certificate.
// It is used to identify the client when requesting a certificate from the EST server.
// +kubebuilder:validation:Required
Subject string `json:"subject"`
// SubjectAltNames is an optional field that allows you to specify additional
// subject alternative names for the certificate. These names can be used to identify the client
// in addition to the main subject DN.
SubjectAltNames []string `json:"subjectAltNames,omitempty"`
// used for authentication. The secret must be in the same namespace as the ESTAuthorizedClient resource.
// The secret should contain a key named "username" for the username and "password" for the password.
PresharedKeyRef SecretRef `json:"presharedKeyRef,omitempty"`
// TrustAnchor is a reference to a secret that contains the CA certificate used to verify the EST client's certificate.
// When present, client certificate validation relies on the specified CA certificate instead of using the system's CA certificates.
// The secret must be in the same namespace as the ESTAuthorizedClient resource and contain a key named "ca.crt" with the CA certificate in PEM format.
TrustAnchor SecretRef `json:"trustAnchor,omitempty"`
// SignerName is the name of the Issuer or ClusterIssuer
// that will be used to sign the certificate.
// It should be in the format "issuers.cert-manager.io/<namespace>.<issuer-name>" or
// "clusterissuers.cert-manager.io/<cluster-issuer-name>".
// See https://cert-manager.io/docs/usage/kube-csr/#signer-name for more details.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^(issuers|clusterissuers)\.cert-manager\.io/([a-z][a-z-]*\.)?[a-z][a-z-]*$`
SignerName string `json:"signerName"`
// CSRAutoApprove indicates whether the Certificate Signing Request (CSR) should be automatically approved.
// If set to true, the CSR will be automatically approved by the controller.
// If set to false, the CSR will need to be manually approved by a user with the appropriate permissions.
// This field defaults to true.
// +kubebuilder:default=true
CSRAutoApprove bool `json:"csrAutoApprove"`
// Duration is the duration for which the certificate will be valid.
// Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.
// +kubebuilder:default="1128h"
Duration *metav1.Duration `json:"duration"`
}
ESTAuthorizedClientSpec defines the desired state of ESTAuthorizedClient.
func (*ESTAuthorizedClientSpec) DeepCopy ¶
func (in *ESTAuthorizedClientSpec) DeepCopy() *ESTAuthorizedClientSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ESTAuthorizedClientSpec.
func (*ESTAuthorizedClientSpec) DeepCopyInto ¶
func (in *ESTAuthorizedClientSpec) DeepCopyInto(out *ESTAuthorizedClientSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ESTAuthorizedClientStatus ¶
type ESTAuthorizedClientStatus struct {
// CurrentCSRName is the name of the latest CertificateSigningRequest.
CurrentCSRName string `json:"latestCSRName,omitempty"`
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
}
ESTAuthorizedClientStatus defines the observed state of ESTAuthorizedClient.
func (*ESTAuthorizedClientStatus) DeepCopy ¶
func (in *ESTAuthorizedClientStatus) DeepCopy() *ESTAuthorizedClientStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ESTAuthorizedClientStatus.
func (*ESTAuthorizedClientStatus) DeepCopyInto ¶
func (in *ESTAuthorizedClientStatus) DeepCopyInto(out *ESTAuthorizedClientStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRef ¶ added in v0.2.0
type SecretRef struct {
// SecretName is the name of the secret.
// +kubebuilder:validation:Required
SecretName string `json:"secretName"`
}
func (*SecretRef) DeepCopy ¶ added in v0.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRef.
func (*SecretRef) DeepCopyInto ¶ added in v0.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files