--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: app: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager app.kubernetes.io/version: v1.14.5 name: certificates.cert-manager.io spec: group: cert-manager.io names: categories: - cert-manager kind: Certificate listKind: CertificateList plural: certificates shortNames: - cert - certs singular: certificate scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .spec.secretName name: Secret type: string - jsonPath: .spec.issuerRef.name name: Issuer priority: 1 type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status priority: 1 type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: properties: apiVersion: type: string kind: type: string metadata: type: object spec: properties: additionalOutputFormats: items: properties: type: enum: - DER - CombinedPEM type: string required: - type type: object type: array commonName: type: string dnsNames: items: type: string type: array duration: type: string emailAddresses: items: type: string type: array encodeUsagesInRequest: type: boolean ipAddresses: items: type: string type: array isCA: type: boolean issuerRef: properties: group: type: string kind: type: string name: type: string required: - name type: object keystores: properties: jks: properties: create: type: boolean passwordSecretRef: properties: key: type: string name: type: string required: - name type: object required: - create - passwordSecretRef type: object pkcs12: properties: create: type: boolean passwordSecretRef: properties: key: type: string name: type: string required: - name type: object profile: enum: - LegacyRC2 - LegacyDES - Modern2023 type: string required: - create - passwordSecretRef type: object type: object literalSubject: type: string nameConstraints: properties: critical: type: boolean excluded: properties: dnsDomains: items: type: string type: array emailAddresses: items: type: string type: array ipRanges: items: type: string type: array uriDomains: items: type: string type: array type: object permitted: properties: dnsDomains: items: type: string type: array emailAddresses: items: type: string type: array ipRanges: items: type: string type: array uriDomains: items: type: string type: array type: object type: object otherNames: items: properties: oid: type: string utf8Value: type: string type: object type: array privateKey: properties: algorithm: enum: - RSA - ECDSA - Ed25519 type: string encoding: enum: - PKCS1 - PKCS8 type: string rotationPolicy: enum: - Never - Always type: string size: type: integer type: object renewBefore: type: string revisionHistoryLimit: format: int32 type: integer secretName: type: string secretTemplate: properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object subject: properties: countries: items: type: string type: array localities: items: type: string type: array organizationalUnits: items: type: string type: array organizations: items: type: string type: array postalCodes: items: type: string type: array provinces: items: type: string type: array serialNumber: type: string streetAddresses: items: type: string type: array type: object uris: items: type: string type: array usages: items: enum: - signing - digital signature - content commitment - key encipherment - key agreement - data encipherment - cert sign - crl sign - encipher only - decipher only - any - server auth - client auth - code signing - email protection - s/mime - ipsec end system - ipsec tunnel - ipsec user - timestamping - ocsp signing - microsoft sgc - netscape sgc type: string type: array required: - issuerRef - secretName type: object status: properties: conditions: items: properties: lastTransitionTime: format: date-time type: string message: type: string observedGeneration: format: int64 type: integer reason: type: string status: enum: - "True" - "False" - Unknown type: string type: type: string required: - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map failedIssuanceAttempts: type: integer lastFailureTime: format: date-time type: string nextPrivateKeySecretName: type: string notAfter: format: date-time type: string notBefore: format: date-time type: string renewalTime: format: date-time type: string revision: type: integer type: object type: object served: true storage: true subresources: status: {}