cert-manager API documentation, including various Custom Resource Definitions
Packages:
Package v1 is the v1 version of the API.
Resource Types:
parentRefs
When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: - https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways + https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways
PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let’s Encrypt’s DST crosssign you would use: “DST Root CA X3” or “ISRG Root X1” for the newer Let’s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer’s CN
+caBundle
+ Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection.
+skipTLSVerify
@@ -1239,7 +1250,7 @@ Resource Types:
Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.
+INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.
Package v1 is the v1 version of the API.
Resource Types:
Create enables JKS keystore creation for the Certificate. If true, a file named keystore.jks will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will only be updated upon re-issuance. A file named truststore.jks will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
Create enables JKS keystore creation for the Certificate. If true, a file named keystore.jks will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will be updated immediately. A file named truststore.jks will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
Create enables PKCS12 keystore creation for the Certificate. If true, a file named keystore.p12 will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will only be updated upon re-issuance. A file named truststore.p12 will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
Create enables PKCS12 keystore creation for the Certificate. If true, a file named keystore.p12 will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will be updated immediately. A file named truststore.p12 will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection.
+Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection.
CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to ‘ca.crt’.
+Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to ‘ca.crt’.
CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.
+Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain.
Package v1 contains meta types for cert-manager APIs
Resource Types:
string alias) (Appears on: CertificateCondition, CertificateRequestCondition, IssuerCondition)
@@ -5421,7 +5432,7 @@ Resource Types:Package v1alpha1 is the v1alpha1 version of the webhook config API.
Resource Types:
(Appears on: TLSConfig)
@@ -5659,5 +5670,5 @@ Resource Types:
- Generated with gen-crd-api-reference-docs on git commit da3265115.
+ Generated with gen-crd-api-reference-docs on git commit 7ebb5f515.
cert-manager API documentation, including various Custom Resource Definitions
Packages:
Package v1 is the v1 version of the API.
Resource Types:
Package v1 is the v1 version of the API.
Resource Types:
Package v1 contains meta types for cert-manager APIs
Resource Types:
string alias) (Appears on: CertificateCondition, CertificateRequestCondition, IssuerCondition)
@@ -5421,7 +5421,7 @@ Resource Types:Package v1alpha1 is the v1alpha1 version of the webhook config API.
Resource Types:
(Appears on: TLSConfig)
@@ -5659,5 +5659,5 @@ Resource Types:
- Generated with gen-crd-api-reference-docs on git commit da3265115.
+ Generated with gen-crd-api-reference-docs on git commit 83791ee45.
cert-manager API documentation, including various Custom Resource Definitions
Packages:
Package v1 is the v1 version of the API.
Resource Types:
parentRefs
When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: - https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways + https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways
PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let’s Encrypt’s DST crosssign you would use: “DST Root CA X3” or “ISRG Root X1” for the newer Let’s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer’s CN
+caBundle
+ Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection.
+skipTLSVerify
@@ -1239,7 +1250,7 @@ Resource Types:
Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.
+INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.
Package v1 is the v1 version of the API.
Resource Types:
Create enables JKS keystore creation for the Certificate. If true, a file named keystore.jks will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will only be updated upon re-issuance. A file named truststore.jks will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
Create enables JKS keystore creation for the Certificate. If true, a file named keystore.jks will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will be updated immediately. A file named truststore.jks will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
Create enables PKCS12 keystore creation for the Certificate. If true, a file named keystore.p12 will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will only be updated upon re-issuance. A file named truststore.p12 will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
Create enables PKCS12 keystore creation for the Certificate. If true, a file named keystore.p12 will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will be updated immediately. A file named truststore.p12 will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority
PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection.
+Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection.
CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to ‘ca.crt’.
+Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to ‘ca.crt’.
CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.
+Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain.
Package v1 contains meta types for cert-manager APIs
Resource Types:
string alias) (Appears on: CertificateCondition, CertificateRequestCondition, IssuerCondition)
@@ -5421,7 +5432,7 @@ Resource Types:Package v1alpha1 is the v1alpha1 version of the webhook config API.
Resource Types:
(Appears on: TLSConfig)
@@ -5659,5 +5670,5 @@ Resource Types:
- Generated with gen-crd-api-reference-docs on git commit da3265115.
+ Generated with gen-crd-api-reference-docs on git commit 7ebb5f515.
cert-manager API documentation, including various Custom Resource Definitions
Packages:
Package v1 is the v1 version of the API.
Resource Types:
Package v1 is the v1 version of the API.
Resource Types:
Package v1 contains meta types for cert-manager APIs
Resource Types:
string alias) (Appears on: CertificateCondition, CertificateRequestCondition, IssuerCondition)
@@ -5372,7 +5375,7 @@ Resource Types:Package v1alpha1 is the v1alpha1 version of the webhook config API.
Resource Types:
(Appears on: TLSConfig)
@@ -5610,5 +5613,5 @@ Resource Types:
- Generated with gen-crd-api-reference-docs on git commit 57a216e51.
+ Generated with gen-crd-api-reference-docs on git commit 42c5df90f.
cert-manager API documentation, including various Custom Resource Definitions
Packages:
Package v1 is the v1 version of the API.
Resource Types:
Package v1 is the v1 version of the API.
Resource Types:
Package v1 contains meta types for cert-manager APIs
Resource Types:
string alias) (Appears on: CertificateCondition, CertificateRequestCondition, IssuerCondition)
@@ -5407,7 +5407,7 @@ Resource Types:Package v1alpha1 is the v1alpha1 version of the webhook config API.
Resource Types:
(Appears on: TLSConfig)
@@ -5645,5 +5645,5 @@ Resource Types:
- Generated with gen-crd-api-reference-docs on git commit 4486c01f7.
+ Generated with gen-crd-api-reference-docs on git commit 4dd6cee00.
{{ fieldName . }}{{ fieldName . }}
+ cert-manager API documentation, including various Custom Resource Definitions
{{ with .packages}}Packages:
@@ -30,7 +30,8 @@ Learn about the cert-manager API which includes Custom Resources such as Certifi {{ end }} {{ end }} - Resource Types: +Resource Types:
+apiVersionapiVersion
+
{{apiGroup .}}
@@ -67,10 +69,13 @@
kindkind
+ {{.Name.Name}}{{.Name.Name}}
+