DefaultKeyUsages contains the default list of key usages.

AllowsInjectionFromSecretAnnotation is an annotation that must be added to Secret resource that want to denote that they can be directly injected into injectables that have a `inject-ca-from-secret` annotation.

CertificateConditionReady indicates that a certificate is ready for use.

CertificateRequestConditionReady indicates that a certificate is ready for use.

ConditionFalse represents the fact that a given condition is false.

ConditionTrue represents the fact that a given condition is true.

ConditionUnknown represents the fact that a given condition is unknown.

Annotation names for CertificateRequests.

default certificate duration if Issuer.spec.duration is not set.

Default duration before certificate expiration if Issuer.spec.renewBefore is not set.

Default mount path location for Kubernetes ServiceAccount authentication (/v1/auth/kubernetes).

Default index key for the Secret reference for Token authentication.

Deprecated annotation names for Secrets.

Deprecated annotation names for Secrets.

acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass if the challenge type is set to http01.

IngressClassAnnotationKey picks a specific "class" for the Ingress.

clusterIssuerNameAnnotation can be used to override the issuer specified on the created Certificate resource.

issuerNameAnnotation can be used to override the issuer specified on the created Certificate resource.

IssuerConditionReady represents the fact that a given Issuer condition is in ready state.

IssueTemporaryCertificateAnnotation is an annotation that can be added to Certificate resources.

minimum permitted certificate duration by cert-manager.

minimum certificate duration before certificate expiration.

VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer This will only work with Venafi TPP v19.3 and higher The value is an array with objects containing the name and value keys for example: `[{"name": "custom-field", "value": "custom-value"}]`.

WantInjectAnnotation is the annotation that specifies that a particular object wants injection of CAs.

WantInjectAPIServerCAAnnotation, if set to "true", will make the cainjector inject the CA certificate for the Kubernetes apiserver into the resource.

WantInjectFromSecretAnnotation is the annotation that specifies that a particular object wants injection of CAs.

Certificate is a type to represent a Certificate from ACME +k8s:openapi-gen=true +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +kubebuilder:printcolumn:name="Secret",type="string",JSONPath=".spec.secretName",description="" +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=".spec.issuerRef.name",description="",priority=1 +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",priority=1 +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created.

CertificateCondition contains condition information for an Certificate.

CertificateList is a list of Certificates.

CertificateRequest is a type to represent a Certificate Signing Request +k8s:openapi-gen=true +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=".spec.issuerRef.name",description="",priority=1 +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",priority=1 +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created.

CertificateRequestCondition contains condition information for a CertificateRequest.

CertificateRequestList is a list of Certificates.

CertificateRequestSpec defines the desired state of CertificateRequest.

CertificateStatus defines the observed state of CertificateRequest and resulting signed certificate.

CertificateSpec defines the desired state of Certificate.

CertificateStatus defines the observed state of Certificate.

+kubebuilder:subresource:status +kubebuilder:resource:path=clusterissuers,scope=Cluster.

ClusterIssuerList is a list of Issuers.

+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created.

IssuerCondition contains condition information for an Issuer.

IssuerList is a list of Issuers.

IssuerSpec is the specification of an Issuer.

IssuerStatus contains status information about an Issuer.

ObjectReference is a reference to an object with a given name, kind and group.

Vault authentication can be configured: - With a secret containing a token.

Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

VenafiCloud defines connection configuration details for Venafi Cloud.

VenafiIssuer describes issuer configuration details for Venafi Cloud.

VenafiTPP defines connection configuration details for a Venafi TPP instance.

X509Subject Full X509 name specification.

CertificateConditionType represents an Certificate condition value.

CertificateRequestConditionType represents an Certificate condition value.

ConditionStatus represents a condition's status.

IssuerConditionType represents an Issuer condition value.

+kubebuilder:validation:Enum=rsa;ecdsa.

+kubebuilder:validation:Enum=pkcs1;pkcs8.

KeyUsage specifies valid usage contexts for keys.