NEW: Get project updates onTwitterandMastodon

trust-manager API Reference

Packages:

trust.cert-manager.io/v1alpha1

Resource Types:

Bundle

Name Type Description Required
apiVersion string trust.cert-manager.io/v1alpha1 true
kind string Bundle true
metadata object Refer to the Kubernetes API documentation for the fields of the metadata field. true
spec object

Desired state of the Bundle resource.

true
status object

Status of the Bundle. This is set and managed automatically.

false

Bundle.spec

Desired state of the Bundle resource.

Name Type Description Required
sources []object

Sources is a set of references to data whose data will sync to the target.

true
target object

Target is the target location in all namespaces to sync source data to.

true

Bundle.spec.sources[index]

BundleSource is the set of sources whose data will be appended and synced to the BundleTarget in all Namespaces.

Name Type Description Required
configMap object

ConfigMap is a reference to a ConfigMap's data key, in the trust Namespace.

false
inLine string

InLine is a simple string to append as the source data.

false
secret object

Secret is a reference to a Secrets's data key, in the trust Namespace.

false
useDefaultCAs boolean

UseDefaultCAs, when true, requests the default CA bundle to be used as a source. Default CAs are available if trust-manager was installed via Helm or was otherwise set up to include a package-injecting init container by using the "--default-package-location" flag when starting the trust-manager controller. If default CAs were not configured at start-up, any request to use the default CAs will fail. The version of the default CA package which is used for a Bundle is stored in the defaultCAPackageVersion field of the Bundle's status field.

false

Bundle.spec.sources[index].configMap

ConfigMap is a reference to a ConfigMap's data key, in the trust Namespace.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true
name string

Name is the name of the source object in the trust Namespace. If not set, selector must be set.

false
selector LabelSelector

A LabelSelector object to reference, by labels, a list of source objects in the trust Namespace. If not set, name must be set.

false

Bundle.spec.sources[index].secret

Secret is a reference to a Secrets's data key, in the trust Namespace.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true
name string

Name is the name of the source object in the trust Namespace. If not set, selector must be set.

false
selector LabelSelector

A LabelSelector object to reference, by labels, a list of source objects in the trust Namespace. If not set, name must be set.

false

Bundle.spec.target

Target is the target location in all namespaces to sync source data to.

Name Type Description Required
additionalFormats object

AdditionalFormats specifies any additional formats to write to the target

false
configMap object

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

false
namespaceSelector object

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

false
secret object

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

false

Bundle.spec.target.additionalFormats

AdditionalFormats specifies any additional formats to write to the target

Name Type Description Required
jks object

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

false
pkcs12 object

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

false

Bundle.spec.target.additionalFormats.jks

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true

Bundle.spec.target.additionalFormats.pkcs12

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true

Bundle.spec.target.configMap

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true

Bundle.spec.target.namespaceSelector

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

Name Type Description Required
matchLabels map[string]string

MatchLabels matches on the set of labels that must be present on a Namespace for the Bundle target to be synced there.

false

Bundle.spec.target.secret

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true

Bundle.status

Status of the Bundle. This is set and managed automatically.

Name Type Description Required
conditions []object

List of status conditions to indicate the status of the Bundle. Known condition types are Bundle.

false
defaultCAVersion string

DefaultCAPackageVersion, if set and non-empty, indicates the version information which was retrieved when the set of default CAs was requested in the bundle source. This should only be set if useDefaultCAs was set to "true" on a source, and will be the same for the same version of a bundle with identical certificates.

false
target object

Target is the current Target that the Bundle is attempting or has completed syncing the source data to.

false

Bundle.status.conditions[index]

BundleCondition contains condition information for a Bundle.

Name Type Description Required
status string

Status of the condition, one of ('True', 'False', 'Unknown').

true
type string

Type of the condition, known values are (Synced).

true
lastTransitionTime string

LastTransitionTime is the timestamp corresponding to the last status change of this condition.


Format: date-time

false
message string

Message is a human readable description of the details of the last transition, complementing reason.

false
observedGeneration integer

If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Bundle.


Format: int64

false
reason string

Reason is a brief machine readable explanation for the condition's last transition.

false

Bundle.status.target

Target is the current Target that the Bundle is attempting or has completed syncing the source data to.

Name Type Description Required
additionalFormats object

AdditionalFormats specifies any additional formats to write to the target

false
configMap object

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

false
namespaceSelector object

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

false
secret object

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

false

Bundle.status.target.additionalFormats

AdditionalFormats specifies any additional formats to write to the target

Name Type Description Required
jks object

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

false
pkcs12 object

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

false

Bundle.status.target.additionalFormats.jks

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true

Bundle.status.target.additionalFormats.pkcs12

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true

Bundle.status.target.configMap

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true

Bundle.status.target.namespaceSelector

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

Name Type Description Required
matchLabels map[string]string

MatchLabels matches on the set of labels that must be present on a Namespace for the Bundle target to be synced there.

false

Bundle.status.target.secret

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

Name Type Description Required
key string

Key is the key of the entry in the object's data field to be used.

true