| configMap | object |
- ConfigMap is a reference to a ConfigMap's `data` key, in the trust Namespace. + ConfigMap is a reference (by name) to a ConfigMap's `data` key, or to a +list of ConfigMap's `data` key using label selector, in the trust Namespace. |
false | |||
| secret | object |
- Secret is a reference to a Secrets's `data` key, in the trust Namespace. + Secret is a reference (by name) to a Secret's `data` key, or to a +list of Secret's `data` key using label selector, in the trust Namespace. |
false | |||
| useDefaultCAs | boolean |
- UseDefaultCAs, when true, requests the default CA bundle to be used as a source. Default CAs are available if trust-manager was installed via Helm or was otherwise set up to include a package-injecting init container by using the "--default-package-location" flag when starting the trust-manager controller. If default CAs were not configured at start-up, any request to use the default CAs will fail. The version of the default CA package which is used for a Bundle is stored in the defaultCAPackageVersion field of the Bundle's status field. + UseDefaultCAs, when true, requests the default CA bundle to be used as a source. +Default CAs are available if trust-manager was installed via Helm +or was otherwise set up to include a package-injecting init container by using the +"--default-package-location" flag when starting the trust-manager controller. +If default CAs were not configured at start-up, any request to use the default +CAs will fail. +The version of the default CA package which is used for a Bundle is stored in the +defaultCAPackageVersion field of the Bundle's status field. |
false |
| name | string |
- Name is the name of the source object in the trust Namespace. If not set, `selector` must be set. + Name is the name of the source object in the trust Namespace. +This field must be left empty when `selector` is set |
false | ||
| selector | -LabelSelector | +selector | +object |
- A LabelSelector object to reference, by labels, a list of source objects in the trust Namespace. If not set, `name` must be set. + Selector is the label selector to use to fetch a list of objects. Must not be set +when `Name` is set. |
false |
| key | -string | -
- Key is the key of the entry in the object's `data` field to be used. - |
- true | -||
| name | -string | +matchExpressions | +[]object |
- Name is the name of the source object in the trust Namespace. If not set, `selector` must be set. + matchExpressions is a list of label selector requirements. The requirements are ANDed. |
false |
| selector | -LabelSelector | +matchLabels | +map[string]string |
- A LabelSelector object to reference, by labels, a list of source objects in the trust Namespace. If not set, `name` must be set. + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |
false |
| additionalFormats | -object | -
- AdditionalFormats specifies any additional formats to write to the target - |
- false | -|||
| configMap | -object | +key | +string |
- ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to. + key is the label key that the selector applies to. |
- false | +true |
| namespaceSelector | -object | +operator | +string |
- NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector. + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. |
- false | +true |
| secret | -object | +values | +[]string |
- Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace. + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |
false |
| jks | -object | +key | +string | +
+ Key is the key of the entry in the object's `data` field to be used. + |
+ true | +
| name | +string |
- JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit". + Name is the name of the source object in the trust Namespace. +This field must be left empty when `selector` is set |
false | ||
| pkcs12 | +selector | object |
- PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password. + Selector is the label selector to use to fetch a list of objects. Must not be set +when `Name` is set. |
false |
| key | -string | +matchExpressions | +[]object |
- Key is the key of the entry in the object's `data` field to be used. + matchExpressions is a list of label selector requirements. The requirements are ANDed. |
- true | +false | +
| matchLabels | +map[string]string | +
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed. + |
+ false |
| key | string |
- Key is the key of the entry in the object's `data` field to be used. + key is the label key that the selector applies to. |
true | - -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| key | +|||
| operator | string |
- Key is the key of the entry in the object's `data` field to be used. + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. |
true | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| matchLabels | -map[string]string | +||
| values | +[]string |
- MatchLabels matches on the set of labels that must be present on a Namespace for the Bundle target to be synced there. + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |
false |
| key | -string | +additionalFormats | +object |
- Key is the key of the entry in the object's `data` field to be used. + AdditionalFormats specifies any additional formats to write to the target |
- true | -
| Name | -Type | -Description | -Required | -||
|---|---|---|---|---|---|
| conditions | -[]object | +false | +|||
| configMap | +object |
- List of status conditions to indicate the status of the Bundle. Known condition types are `Bundle`. + ConfigMap is the target ConfigMap in Namespaces that all Bundle source +data will be synced to. |
false | ||
| defaultCAVersion | -string | +namespaceSelector | +object |
- DefaultCAPackageVersion, if set and non-empty, indicates the version information which was retrieved when the set of default CAs was requested in the bundle source. This should only be set if useDefaultCAs was set to "true" on a source, and will be the same for the same version of a bundle with identical certificates. + NamespaceSelector will, if set, only sync the target resource in +Namespaces which match the selector. |
false |
| target | +secret | object |
- Target is the current Target that the Bundle is attempting or has completed syncing the source data to. + Secret is the target Secret that all Bundle source data will be synced to. +Using Secrets as targets is only supported if enabled at trust-manager startup. +By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace. |
false |
| status | -string | -
- Status of the condition, one of ('True', 'False', 'Unknown'). - |
- true | -||
| type | -string | -
- Type of the condition, known values are (`Synced`). - |
- true | -||
| lastTransitionTime | -string | -
- LastTransitionTime is the timestamp corresponding to the last status change of this condition. - - Format: date-time - |
- false | -||
| message | -string | -
- Message is a human readable description of the details of the last transition, complementing reason. - |
- false | -||
| observedGeneration | -integer | +jks | +object |
- If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Bundle. - - Format: int64 + JKS requests a JKS-formatted binary trust bundle to be written to the target. +The bundle has "changeit" as the default password. +For more information refer to this link https://cert-manager.io/docs/faq/#keystore-passwords |
false |
| reason | -string | +pkcs12 | +object |
- Reason is a brief machine readable explanation for the condition's last transition. + PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. +The bundle is by default created without a password. |
false |
| additionalFormats | -object | -
- AdditionalFormats specifies any additional formats to write to the target - |
- false | -|||
| configMap | -object | -
- ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to. - |
- false | -|||
| namespaceSelector | -object | +key | +string |
- NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector. + Key is the key of the entry in the object's `data` field to be used. |
- false | +true |
| secret | -object | +password | +string |
- Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace. + Password for JKS trust store + + Default: changeit |
false |
| jks | -object | +key | +string |
- JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit". + Key is the key of the entry in the object's `data` field to be used. |
- false | +true |
| pkcs12 | -object | +password | +string |
- PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password. + Password for PKCS12 trust store + + Default: |
false |
| key | -string | +matchLabels | +map[string]string |
- Key is the key of the entry in the object's `data` field to be used. + MatchLabels matches on the set of labels that must be present on a +Namespace for the Bundle target to be synced there. |
- true | +false |
| matchLabels | -map[string]string | +conditions | +[]object |
- MatchLabels matches on the set of labels that must be present on a Namespace for the Bundle target to be synced there. + List of status conditions to indicate the status of the Bundle. +Known condition types are `Bundle`. + |
+ false | +
| defaultCAVersion | +string | +
+ DefaultCAPackageVersion, if set and non-empty, indicates the version information
+which was retrieved when the set of default CAs was requested in the bundle
+source. This should only be set if useDefaultCAs was set to "true" on a source,
+and will be the same for the same version of a bundle with identical certificates. |
false |
| key | +lastTransitionTime | string |
- Key is the key of the entry in the object's `data` field to be used. + LastTransitionTime is the timestamp corresponding to the last status +change of this condition. + + Format: date-time + |
+ true | +
| reason | +string | +
+ Reason is a brief machine-readable explanation for the condition's last
+transition.
+The value should be a CamelCase string.
+This field may not be empty. + |
+ true | +|
| status | +enum | +
+ Status of the condition, one of True, False, Unknown. + + Enum: True, False, Unknown |
true | +|
| type | +string | +
+ Type of the condition, known values are (`Synced`). + |
+ true | +|
| message | +string | +
+ Message is a human-readable description of the details of the last
+transition, complementing reason. + |
+ false | +|
| observedGeneration | +integer | +
+ If set, this represents the .metadata.generation that the condition was
+set based upon.
+For instance, if .metadata.generation is currently 12, but the
+.status.condition[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the Bundle. + + Format: int64 + Minimum: 0 + |
+ false |