ValidateCACertSecret - validates the content of the cert secret to make sure "tls-ca-bundle.pem" key exists.

ValidateEndpointCerts - validates all services from an endpointCfgs and returns the hash of hashes for all the certificates.

AdditionalSubjectNamesKey - Comma separated list of additionalSubjectNames that should be passed to the CertificateRequest.

CABundleKey - key in CaBundleSecret holding a full CA bundle.

CABundleLabel added to the CA bundle secret for the namespace.

CABundleSecret -.

CAKey - key of the secret entry holding the CA.

CertKey - key of the secret entry holding the cert.

DefaultCAPrefix -.

DefaultCertMountDir - updated default path to mount cert files inside container.

DefaultClusterInternalDomain - cluster internal dns domain.

DefaultKeyMountDir - updated default path to mount cert keys inside container.

DownstreamTLSCABundlePath -.

InternalCABundleKey - key in CABundleSecret only holding the internal CA.

PrivateKey - key of the secret entry holding the cert private key.

TLSHashName - Name of the hash of hashes of all cert resources used to identify a change.

UpstreamTLSCABundlePath -.

API defines the observed state of TLS with API only.

APIService - API tls type which encapsulates for API services.

Ca contains CA-specific settings, which could be used both by services (to define their own CA certificates) and by clients (to verify the server's certificate).

GenericService contains server-specific TLS secret or issuer.

Service contains server-specific TLS secret +kubebuilder:object:generate:=false.

SimpleService defines the observed state of TLS for a single service.