v1alpha1

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the crl-operator v1alpha1 API group. +kubebuilder:object:generate=true +groupName=crl-operator.scality.com

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "crl-operator.scality.com", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type CRLExposeSpec 

type CRLExposeSpec struct {
	// Enabled indicates whether the CRL should be exposed.
	Enabled bool `json:"enabled"`

	// Image specifies the container image to use for exposing the CRL.
	// +optional
	Image ImageSpec `json:"image,omitempty"`
	// Node Selector to deploy the CRL server
	// +optional
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Tolerations to deploy the CRL server
	// +optional
	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`

	// Internal indicates whether the issuer should be configured to reach the
	// CRL internally within the cluster.
	// (default: true)
	// +optional
	Internal *bool `json:"internal"`

	// Ingress indicates whether the CRL should be exposed externally outside the cluster
	// using an Ingress resource.
	// (default: Disabled)
	// +optional
	Ingress *IngressSpec `json:"ingress"`
}

CRLExposeSpec defines how the CRL should be exposed.

func (*CRLExposeSpec) DeepCopy 

func (in *CRLExposeSpec) DeepCopy() *CRLExposeSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRLExposeSpec.

func (*CRLExposeSpec) DeepCopyInto 

func (in *CRLExposeSpec) DeepCopyInto(out *CRLExposeSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPAddress 

type IPAddress string

+kubebuilder:validation:Format=ipv4

type ImageSpec 

type ImageSpec struct {
	// Repository is the container image repository.
	// +kubebuilder:validation:MinLength=1
	// +optional
	Repository *string `json:"repository"`

	// Name is the container image name.
	// (default: "nginx")
	// +kubebuilder:validation:MinLength=1
	// +optional
	Name *string `json:"name"`

	// Tag is the container image tag.
	// (default: "1.29.3-alpine3.22")
	// +kubebuilder:validation:MinLength=1
	// +optional
	Tag *string `json:"tag"`

	// PullSecretRef is a reference to a Secret containing the image pull
	// credentials.
	// +optional
	PullSecrets []corev1.LocalObjectReference `json:"pullSecrets,omitempty"`
}

ImageSpec defines information about the image to expose the CRL.

func (*ImageSpec) DeepCopy 

func (in *ImageSpec) DeepCopy() *ImageSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec.

func (*ImageSpec) DeepCopyInto 

func (in *ImageSpec) DeepCopyInto(out *ImageSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ImageSpec) GetImage 

func (is *ImageSpec) GetImage() string

GetImage returns the full image string in the format "repository/name:tag".

type IngressSpec 

type IngressSpec struct {
	// Enabled indicates whether to create an Ingress resource to expose the CRL.
	// (default: true)
	// +optional
	Enabled *bool `json:"enabled"`

	// Managed indicates whether the operator should manage the Ingress resource.
	// If false, the Ingress resource will not be created or updated by the operator.
	// (default: true)
	// +optional
	Managed *bool `json:"managed"`

	// Hostname is the hostname to use for the ingress.
	// (One of Hostname or IPAddresses must be specified)
	// +kubebuilder:validation:MinLength=1
	// +optional
	Hostname *string `json:"hostname,omitempty"`

	// ClassName is the ingress class name to use for the ingress.
	// +optional
	ClassName *string `json:"className,omitempty"`

	// IPAddresses is a list of IP addresses to use for the ingress.
	// (One of Hostname or IPAddresses must be specified)
	// +optional
	IPAddresses []IPAddress `json:"ipAddresses,omitempty"`
}

IngressSpec defines the ingress configuration for exposing the CRL.

func (*IngressSpec) DeepCopy 

func (in *IngressSpec) DeepCopy() *IngressSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec.

func (*IngressSpec) DeepCopyInto 

func (in *IngressSpec) DeepCopyInto(out *IngressSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedCRL 

type ManagedCRL struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ManagedCRLSpec   `json:"spec,omitempty"`
	Status ManagedCRLStatus `json:"status,omitempty"`
}

ManagedCRL is the Schema for the managedcrls API.

func (*ManagedCRL) DeepCopy 

func (in *ManagedCRL) DeepCopy() *ManagedCRL

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCRL.

func (*ManagedCRL) DeepCopyInto 

func (in *ManagedCRL) DeepCopyInto(out *ManagedCRL)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagedCRL) DeepCopyObject 

func (in *ManagedCRL) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagedCRL) GetCRLDistributionPoint 

func (mcrl *ManagedCRL) GetCRLDistributionPoint() []string

GetCRLDistributionPoint returns the CRL distribution point URL based on the Ingress configuration.

func (*ManagedCRL) GetConfigMap 

func (mcrl *ManagedCRL) GetConfigMap() *corev1.ConfigMap

GetConfigMap returns the name of the ConfigMap used to configure the CRL expose Pod.

func (*ManagedCRL) GetDeployment 

func (mcrl *ManagedCRL) GetDeployment() *appsv1.Deployment

GetDeployment returns the name of the Deployment used to expose the CRL.

func (*ManagedCRL) GetIngress 

func (mcrl *ManagedCRL) GetIngress() *networkingv1.Ingress

GetIngress returns the name of the Ingress used to expose the CRL.

func (*ManagedCRL) GetSecret 

func (mcrl *ManagedCRL) GetSecret() *corev1.Secret

GetSecret returns the name of the Secret used to store the CRL.

func (*ManagedCRL) GetService 

func (mcrl *ManagedCRL) GetService() *corev1.Service

GetService returns the name of the Service used to expose the CRL.

func (*ManagedCRL) IsExposed 

func (mcrl *ManagedCRL) IsExposed() bool

IsExposed returns true if the CRL is configured to be exposed.

func (*ManagedCRL) IsIngressEnabled 

func (mcrl *ManagedCRL) IsIngressEnabled() bool

IsIngressEnabled returns true if the CRL is configured to be exposed via Ingress.

func (*ManagedCRL) IsIngressManaged 

func (mcrl *ManagedCRL) IsIngressManaged() bool

IsIngressManaged returns true if the Ingress is managed by the operator.

func (*ManagedCRL) IsInternalEnabled 

func (mcrl *ManagedCRL) IsInternalEnabled() bool

IsInternalEnabled returns true if the CRL is configured to be exposed internally.

func (*ManagedCRL) NeedsIssuerConfiguration 

func (mcrl *ManagedCRL) NeedsIssuerConfiguration() bool

NeedsIssuerConfiguration returns true if the Issuer needs to be configured.

func (*ManagedCRL) SetIngressExposed 

func (mcrl *ManagedCRL) SetIngressExposed()

SetIngressExposed sets the ManagedCRL status to IngressExposed.

func (*ManagedCRL) SetIngressNotExposed 

func (mcrl *ManagedCRL) SetIngressNotExposed(reason, message string)

SetIngressNotExposed sets the ManagedCRL status to IngressNotExposed with the given reason and message.

func (*ManagedCRL) SetIssuerConfigured 

func (mcrl *ManagedCRL) SetIssuerConfigured()

SetIssuerConfigured sets the ManagedCRL status to IssuerConfigured.

func (*ManagedCRL) SetIssuerNotConfigured 

func (mcrl *ManagedCRL) SetIssuerNotConfigured(reason, message string)

SetIssuerNotConfigured sets the ManagedCRL status to IssuerNotConfigured with the given reason and message.

func (*ManagedCRL) SetPodExposed 

func (mcrl *ManagedCRL) SetPodExposed()

SetPodExposed sets the ManagedCRL status to PodExposed.

func (*ManagedCRL) SetPodNotExposed 

func (mcrl *ManagedCRL) SetPodNotExposed(reason, message string)

SetPodNotExposed sets the ManagedCRL status to PodNotExposed with the given reason and message.

func (*ManagedCRL) SetSecretNotReady 

func (mcrl *ManagedCRL) SetSecretNotReady(reason, message string)

SetSecretNotReady sets the ManagedCRL status to NotReady with the given reason and message.

func (*ManagedCRL) SetSecretReady 

func (mcrl *ManagedCRL) SetSecretReady()

SetSecretReady sets the ManagedCRL status to SecretReady.

func (*ManagedCRL) Validate 

func (mcrl *ManagedCRL) Validate() error

Validate validates the ManagedCRL resource.

func (*ManagedCRL) WithDefaults 

func (mcrl *ManagedCRL) WithDefaults()

WithDefaults sets default values on the ManagedCRL resource.

type ManagedCRLList 

type ManagedCRLList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ManagedCRL `json:"items"`
}

ManagedCRLList contains a list of ManagedCRL.

func (*ManagedCRLList) DeepCopy 

func (in *ManagedCRLList) DeepCopy() *ManagedCRLList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCRLList.

func (*ManagedCRLList) DeepCopyInto 

func (in *ManagedCRLList) DeepCopyInto(out *ManagedCRLList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagedCRLList) DeepCopyObject 

func (in *ManagedCRLList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagedCRLSpec 

type ManagedCRLSpec struct {
	// IssuerRef is a reference to the cert-manager Issuer or ClusterIssuer
	// that will sign the CRL.
	IssuerRef cmmetav1.ObjectReference `json:"issuerRef"`

	// Duration is the duration for which the CRL is valid.
	// (default: 168h = 7 days)
	// +optional
	Duration *metav1.Duration `json:"duration,omitempty"`

	// Revocations is a list of certificates to be revoked.
	// +optional
	Revocations []RevocationSpec `json:"revocations,omitempty"`

	// Expose specifies how the CRL should be exposed.
	// +optional
	Expose *CRLExposeSpec `json:"expose,omitempty"`
}

ManagedCRLSpec defines the desired state of ManagedCRL.

func (*ManagedCRLSpec) DeepCopy 

func (in *ManagedCRLSpec) DeepCopy() *ManagedCRLSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCRLSpec.

func (*ManagedCRLSpec) DeepCopyInto 

func (in *ManagedCRLSpec) DeepCopyInto(out *ManagedCRLSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagedCRLSpec) GetRevokedListEntries 

func (mcrls *ManagedCRLSpec) GetRevokedListEntries() ([]x509.RevocationListEntry, error)

GetRevokedListEntries converts the Revocations in ManagedCRLSpec to a slice of x509.RevocationListEntry.

type ManagedCRLStatus 

type ManagedCRLStatus struct {
	// SecretReady indicates whether the CRL is built and available in the Secret.
	SecretReady *bool `json:"secretReady,omitempty"`
	// PodExposed indicates whether the CRL expose Pod is running.
	PodExposed *bool `json:"podExposed,omitempty"`
	// IngressExposed indicates whether the CRL Ingress is available.
	IngressExposed *bool `json:"ingressExposed,omitempty"`
	// IssuerConfigured indicates whether the Issuer is properly configured.
	IssuerConfigured *bool              `json:"issuerConfigured,omitempty"`
	Conditions       []metav1.Condition `json:"conditions,omitempty"`

	// CRLValidUntil is the time until which the CRL is valid.
	CRLValidUntil metav1.Time `json:"crlValidUntil,omitempty"`

	// CRLNumber is the number of the CRL.
	CRLNumber int64 `json:"crlNumber,omitempty"`

	// ObservedCASecretRef is a reference to the Secret containing the last
	// CA certificate and private key used to sign the CRL.
	ObservedCASecretRef *corev1.SecretReference `json:"observedCASecretRef,omitempty"`
	// ObservedCASecretVersion is the resource version of the Secret
	// containing the last CA certificate and private key used to sign the CRL.
	ObservedCASecretVersion string `json:"observedCASecretVersion,omitempty"`
}

ManagedCRLStatus defines the observed state of ManagedCRL.

func (*ManagedCRLStatus) DeepCopy 

func (in *ManagedCRLStatus) DeepCopy() *ManagedCRLStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCRLStatus.

func (*ManagedCRLStatus) DeepCopyInto 

func (in *ManagedCRLStatus) DeepCopyInto(out *ManagedCRLStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RevocationSpec 

type RevocationSpec struct {
	// SerialNumber is the serial number of the certificate to be revoked.
	// +kubebuilder:validation:MinLength=1
	SerialNumber string `json:"serialNumber"`

	// RevocationTime is the time at which the certificate was revoked.
	// If not specified, the current time will be used.
	// +optional
	RevocationTime *metav1.Time `json:"revocationTime,omitempty"`

	// Reason is the reason for revocation (refer to RFC 5280 Section 5.3.1.).
	ReasonCode int `json:"reasonCode,omitempty"`
}

RevocationSpec defines a certificate to be revoked.

func (*RevocationSpec) DeepCopy 

func (in *RevocationSpec) DeepCopy() *RevocationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RevocationSpec.

func (*RevocationSpec) DeepCopyInto 

func (in *RevocationSpec) DeepCopyInto(out *RevocationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (RevocationSpec) ToRevocationListEntry 

func (rs RevocationSpec) ToRevocationListEntry() (x509.RevocationListEntry, error)

ToRevocationListEntry converts a RevocationSpec to an x509.RevocationListEntry.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.