NEW: Get project updates onTwitterandMastodon

trust-manager API Reference

Packages:

trust.cert-manager.io/v1alpha1

Resource Types:

Bundle

NameTypeDescriptionRequired
apiVersionstringtrust.cert-manager.io/v1alpha1true
kindstringBundletrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Desired state of the Bundle resource.

true
statusobject

Status of the Bundle. This is set and managed automatically.

false

Bundle.spec

Desired state of the Bundle resource.

NameTypeDescriptionRequired
sources[]object

Sources is a set of references to data whose data will sync to the target.

true
targetobject

Target is the target location in all namespaces to sync source data to.

true

Bundle.spec.sources[index]

BundleSource is the set of sources whose data will be appended and synced to the BundleTarget in all Namespaces.

NameTypeDescriptionRequired
configMapobject

ConfigMap is a reference to a ConfigMap's data key, in the trust Namespace.

false
inLinestring

InLine is a simple string to append as the source data.

false
secretobject

Secret is a reference to a Secrets's data key, in the trust Namespace.

false
useDefaultCAsboolean

UseDefaultCAs, when true, requests the default CA bundle to be used as a source. Default CAs are available if trust-manager was installed via Helm or was otherwise set up to include a package-injecting init container by using the "--default-package-location" flag when starting the trust-manager controller. If default CAs were not configured at start-up, any request to use the default CAs will fail. The version of the default CA package which is used for a Bundle is stored in the defaultCAPackageVersion field of the Bundle's status field.

false

Bundle.spec.sources[index].configMap

ConfigMap is a reference to a ConfigMap's data key, in the trust Namespace.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true
namestring

Name is the name of the source object in the trust Namespace. If not set, selector must be set.

false
selectorLabelSelector

A LabelSelector object to reference, by labels, a list of source objects in the trust Namespace. If not set, name must be set.

false

Bundle.spec.sources[index].secret

Secret is a reference to a Secrets's data key, in the trust Namespace.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true
namestring

Name is the name of the source object in the trust Namespace. If not set, selector must be set.

false
selectorLabelSelector

A LabelSelector object to reference, by labels, a list of source objects in the trust Namespace. If not set, name must be set.

false

Bundle.spec.target

Target is the target location in all namespaces to sync source data to.

NameTypeDescriptionRequired
additionalFormatsobject

AdditionalFormats specifies any additional formats to write to the target

false
configMapobject

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

false
namespaceSelectorobject

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

false
secretobject

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

false

Bundle.spec.target.additionalFormats

AdditionalFormats specifies any additional formats to write to the target

NameTypeDescriptionRequired
jksobject

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

false
pkcs12object

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

false

Bundle.spec.target.additionalFormats.jks

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true

Bundle.spec.target.additionalFormats.pkcs12

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true

Bundle.spec.target.configMap

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true

Bundle.spec.target.namespaceSelector

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

NameTypeDescriptionRequired
matchLabelsmap[string]string

MatchLabels matches on the set of labels that must be present on a Namespace for the Bundle target to be synced there.

false

Bundle.spec.target.secret

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true

Bundle.status

Status of the Bundle. This is set and managed automatically.

NameTypeDescriptionRequired
conditions[]object

List of status conditions to indicate the status of the Bundle. Known condition types are Bundle.

false
defaultCAVersionstring

DefaultCAPackageVersion, if set and non-empty, indicates the version information which was retrieved when the set of default CAs was requested in the bundle source. This should only be set if useDefaultCAs was set to "true" on a source, and will be the same for the same version of a bundle with identical certificates.

false
targetobject

Target is the current Target that the Bundle is attempting or has completed syncing the source data to.

false

Bundle.status.conditions[index]

BundleCondition contains condition information for a Bundle.

NameTypeDescriptionRequired
statusstring

Status of the condition, one of ('True', 'False', 'Unknown').

true
typestring

Type of the condition, known values are (Synced).

true
lastTransitionTimestring

LastTransitionTime is the timestamp corresponding to the last status change of this condition.


Format: date-time

false
messagestring

Message is a human readable description of the details of the last transition, complementing reason.

false
observedGenerationinteger

If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Bundle.


Format: int64

false
reasonstring

Reason is a brief machine readable explanation for the condition's last transition.

false

Bundle.status.target

Target is the current Target that the Bundle is attempting or has completed syncing the source data to.

NameTypeDescriptionRequired
additionalFormatsobject

AdditionalFormats specifies any additional formats to write to the target

false
configMapobject

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

false
namespaceSelectorobject

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

false
secretobject

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

false

Bundle.status.target.additionalFormats

AdditionalFormats specifies any additional formats to write to the target

NameTypeDescriptionRequired
jksobject

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

false
pkcs12object

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

false

Bundle.status.target.additionalFormats.jks

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true

Bundle.status.target.additionalFormats.pkcs12

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is created without a password.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true

Bundle.status.target.configMap

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true

Bundle.status.target.namespaceSelector

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

NameTypeDescriptionRequired
matchLabelsmap[string]string

MatchLabels matches on the set of labels that must be present on a Namespace for the Bundle target to be synced there.

false

Bundle.status.target.secret

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

NameTypeDescriptionRequired
keystring

Key is the key of the entry in the object's data field to be used.

true