Last generated February 8, 2022

CertConfig

CertConfig specifies details for an X.509 certificate to be issued, handled by cert-operator.

Full name:
certconfigs.core.giantswarm.io
Group:
core.giantswarm.io
Singular name:
certconfig
Plural name:
certconfigs
Scope:
Namespaced
Versions:
v1alpha1

Version v1alpha1

Example CR

apiVersion: core.giantswarm.io/v1alpha1
kind: CertConfig
metadata:
  annotations:
    giantswarm.io/docs: https://docs.giantswarm.io/ui-api/management-api/crd/certconfigs.core.giantswarm.io/
  creationTimestamp: null
  name: c68pn-prometheus
spec:
  cert:
    allowBareDomains: false
    altNames:
    - api.c68pn.gollum.westeurope.azure.gigantic.io
    clusterComponent: prometheus
    clusterID: c68pn
    commonName: api.c68pn.k8s.gollum.westeurope.azure.gigantic.io
    disableRegeneration: false
    organizations:
    - giantswarm
    ttl: 4320h
  versionBundle:
    version: 0.1.0

Properties

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

.metadata

object Required

.spec

object Required

.spec.cert

object Required

Specifies the configurable certificate details.

.spec.cert.allowBareDomains

boolean Required

.spec.cert.altNames

array

Subject Alternative Names to be set in the certificate.

.spec.cert.altNames[*]

string

.spec.cert.clusterComponent

string Required

Host name of the service to create the certificate for.

.spec.cert.clusterID

string Required

Workload cluster ID to issue the certificate for.

.spec.cert.commonName

string Required

Full common name (CN).

.spec.cert.disableRegeneration

boolean Required

If set, cert-operator will forbid updating this certificate.

.spec.cert.ipSans

array

List of IP addresses to be set as SANs (Subject Alternative Names) in the certificate.

.spec.cert.ipSans[*]

string

.spec.cert.organizations

array

List of organizations to set in the certificate.

.spec.cert.organizations[*]

string

.spec.cert.ttl

string Required

Expiry time as a Golang duration string, e. g. “1d” for one day.

.spec.versionBundle

object Required

Specifies the cert-operator version to use.

.spec.versionBundle.version

string Required

This documentation page shows information based on apiextensions v5.0.0.