--- a/10-cert-manager/cert-manager.yaml Wed Jun 16 03:20:37 2021 -0500
+++ b/10-cert-manager/cert-manager.yaml Wed Jun 16 03:24:23 2021 -0500
@@ -1,4 +1,4 @@
-# Copyright The Jetstack cert-manager contributors.
+# Copyright The cert-manager Authors. # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -36,6 +36,8 @@
listKind: CertificateRequestList
plural: certificaterequests
@@ -71,7 +73,7 @@
from one of the configured issuers. \n All fields within the CertificateRequest's
`spec` are immutable after creation. A CertificateRequest will either succeed
or fail, as denoted by its `status.state` field. \n A CertificateRequest
- is a 'one-shot' resource, meaning it represents a single point in time request
+ is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used."
@@ -105,12 +107,12 @@
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
- the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest
- will be used. If the 'kind' field is set to 'ClusterIssuer', a
- ClusterIssuer with the provided name will be used. The 'name' field
+ will be used. If the `kind` field is set to `ClusterIssuer`, a + ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers
- to the API group of the issuer which defaults to 'cert-manager.io'
+ to the API group of the issuer which defaults to `cert-manager.io` @@ -208,16 +210,16 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -261,7 +263,7 @@
from one of the configured issuers. \n All fields within the CertificateRequest's
`spec` are immutable after creation. A CertificateRequest will either succeed
or fail, as denoted by its `status.state` field. \n A CertificateRequest
- is a 'one-shot' resource, meaning it represents a single point in time request
+ is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used."
@@ -295,12 +297,12 @@
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
- the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest
- will be used. If the 'kind' field is set to 'ClusterIssuer', a
- ClusterIssuer with the provided name will be used. The 'name' field
+ will be used. If the `kind` field is set to `ClusterIssuer`, a + ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers
- to the API group of the issuer which defaults to 'cert-manager.io'
+ to the API group of the issuer which defaults to `cert-manager.io` @@ -398,16 +400,16 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -451,7 +453,7 @@
from one of the configured issuers. \n All fields within the CertificateRequest's
`spec` are immutable after creation. A CertificateRequest will either succeed
or fail, as denoted by its `status.state` field. \n A CertificateRequest
- is a 'one-shot' resource, meaning it represents a single point in time request
+ is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used."
@@ -480,12 +482,12 @@
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
- the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest
- will be used. If the 'kind' field is set to 'ClusterIssuer', a
- ClusterIssuer with the provided name will be used. The 'name' field
+ will be used. If the `kind` field is set to `ClusterIssuer`, a + ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers
- to the API group of the issuer which defaults to 'cert-manager.io'
+ to the API group of the issuer which defaults to `cert-manager.io` @@ -588,16 +590,16 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -643,7 +645,7 @@
from one of the configured issuers. \n All fields within the CertificateRequest's
`spec` are immutable after creation. A CertificateRequest will either succeed
or fail, as denoted by its `status.state` field. \n A CertificateRequest
- is a 'one-shot' resource, meaning it represents a single point in time request
+ is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used."
@@ -672,12 +674,12 @@
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
- the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest
- will be used. If the 'kind' field is set to 'ClusterIssuer', a
- ClusterIssuer with the provided name will be used. The 'name' field
+ will be used. If the `kind` field is set to `ClusterIssuer`, a + ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers
- to the API group of the issuer which defaults to 'cert-manager.io'
+ to the API group of the issuer which defaults to `cert-manager.io` @@ -781,16 +783,16 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -841,6 +843,8 @@
listKind: CertificateList
@@ -937,10 +941,10 @@
description: IssuerRef is a reference to the issuer for this certificate.
- If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will
- be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
- with the provided name will be used. The 'name' field in this stanza
+ be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer + with the provided name will be used. The `name` field in this stanza is required at all times.
@@ -958,9 +962,9 @@
description: KeyAlgorithm is the private key algorithm of the corresponding
private key for this certificate. If provided, allowed values are
- either "rsa" or "ecdsa" If `keyAlgorithm` is specified and `keySize`
- is not provided, key size of 256 will be used for "ecdsa" key algorithm
- and key size of 2048 will be used for "rsa" key algorithm.
+ either `rsa` or `ecdsa` If `keyAlgorithm` is specified and `keySize` + is not provided, key size of 256 will be used for `ecdsa` key algorithm + and key size of 2048 will be used for `rsa` key algorithm. @@ -968,8 +972,8 @@
description: KeyEncoding is the private key cryptography standards
(PKCS) for this certificate's private key to be encoded in. If provided,
- allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8,
- respectively. If KeyEncoding is not specified, then PKCS#1 will
+ allowed values are `pkcs1` and `pkcs8` standing for PKCS#1 and PKCS#8, + respectively. If KeyEncoding is not specified, then `pkcs1` will @@ -977,9 +981,9 @@
description: KeySize is the key bit size of the corresponding private
- key for this certificate. If `keyAlgorithm` is set to `RSA`, valid
+ key for this certificate. If `keyAlgorithm` is set to `rsa`, valid values are `2048`, `4096` or `8192`, and will default to `2048`
- if not specified. If `keyAlgorithm` is set to `ECDSA`, valid values
+ if not specified. If `keyAlgorithm` is set to `ecdsa`, valid values are `256`, `384` or `521`, and will default to `256` if not specified.
No other values are allowed.
@@ -1197,15 +1201,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -1347,10 +1351,10 @@
description: IssuerRef is a reference to the issuer for this certificate.
- If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will
- be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
- with the provided name will be used. The 'name' field in this stanza
+ be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer + with the provided name will be used. The `name` field in this stanza is required at all times.
@@ -1368,9 +1372,9 @@
description: KeyAlgorithm is the private key algorithm of the corresponding
private key for this certificate. If provided, allowed values are
- either "rsa" or "ecdsa" If `keyAlgorithm` is specified and `keySize`
- is not provided, key size of 256 will be used for "ecdsa" key algorithm
- and key size of 2048 will be used for "rsa" key algorithm.
+ either `rsa` or `ecdsa` If `keyAlgorithm` is specified and `keySize` + is not provided, key size of 256 will be used for `ecdsa` key algorithm + and key size of 2048 will be used for `rsa` key algorithm. @@ -1378,8 +1382,8 @@
description: KeyEncoding is the private key cryptography standards
(PKCS) for this certificate's private key to be encoded in. If provided,
- allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8,
- respectively. If KeyEncoding is not specified, then PKCS#1 will
+ allowed values are `pkcs1` and `pkcs8` standing for PKCS#1 and PKCS#8, + respectively. If KeyEncoding is not specified, then `pkcs1` will @@ -1387,9 +1391,9 @@
description: KeySize is the key bit size of the corresponding private
- key for this certificate. If `keyAlgorithm` is set to `RSA`, valid
+ key for this certificate. If `keyAlgorithm` is set to `rsa`, valid values are `2048`, `4096` or `8192`, and will default to `2048`
- if not specified. If `keyAlgorithm` is set to `ECDSA`, valid values
+ if not specified. If `keyAlgorithm` is set to `ecdsa`, valid values are `256`, `384` or `521`, and will default to `256` if not specified.
No other values are allowed.
@@ -1406,7 +1410,10 @@
Certificate. If true, a file named `keystore.jks` will be
created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef`. The keystore file
- will only be updated upon re-issuance.
+ will only be updated upon re-issuance. A file named `truststore.jks` + will also be created in the target Secret resource, encrypted + using the password stored in `passwordSecretRef` containing + the issuing Certificate Authority. description: PasswordSecretRef is a reference to a key in
@@ -1438,7 +1445,10 @@
Certificate. If true, a file named `keystore.p12` will be
created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef`. The keystore file
- will only be updated upon re-issuance.
+ will only be updated upon re-issuance. A file named `truststore.p12` + will also be created in the target Secret resource, encrypted + using the password stored in `passwordSecretRef` containing + the issuing Certificate Authority. description: PasswordSecretRef is a reference to a key in
@@ -1606,15 +1616,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -1756,10 +1766,10 @@
description: IssuerRef is a reference to the issuer for this certificate.
- If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will
- be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
- with the provided name will be used. The 'name' field in this stanza
+ be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer + with the provided name will be used. The `name` field in this stanza is required at all times.
@@ -1849,9 +1859,9 @@
description: Algorithm is the private key algorithm of the corresponding
private key for this certificate. If provided, allowed values
- are either "rsa" or "ecdsa" If `algorithm` is specified and
- `size` is not provided, key size of 256 will be used for "ecdsa"
- key algorithm and key size of 2048 will be used for "rsa" key
+ are either `RSA` or `ECDSA` If `algorithm` is specified and + `size` is not provided, key size of 256 will be used for `ECDSA` + key algorithm and key size of 2048 will be used for `RSA` key @@ -1860,8 +1870,8 @@
description: The private key cryptography standards (PKCS) encoding
for this certificate's private key to be encoded in. If provided,
- allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and
- PKCS#8, respectively. Defaults to PKCS#1 if not specified.
+ allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and + PKCS#8, respectively. Defaults to `PKCS1` if not specified. @@ -2015,15 +2025,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -2167,10 +2177,10 @@
description: IssuerRef is a reference to the issuer for this certificate.
- If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+ If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will
- be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
- with the provided name will be used. The 'name' field in this stanza
+ be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer + with the provided name will be used. The `name` field in this stanza is required at all times.
@@ -2198,7 +2208,10 @@
Certificate. If true, a file named `keystore.jks` will be
created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef`. The keystore file
- will only be updated upon re-issuance.
+ will only be updated upon re-issuance. A file named `truststore.jks` + will also be created in the target Secret resource, encrypted + using the password stored in `passwordSecretRef` containing + the issuing Certificate Authority description: PasswordSecretRef is a reference to a key in
@@ -2230,7 +2243,10 @@
Certificate. If true, a file named `keystore.p12` will be
created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef`. The keystore file
- will only be updated upon re-issuance.
+ will only be updated upon re-issuance. A file named `truststore.p12` + will also be created in the target Secret resource, encrypted + using the password stored in `passwordSecretRef` containing + the issuing Certificate Authority description: PasswordSecretRef is a reference to a key in
@@ -2260,9 +2276,9 @@
description: Algorithm is the private key algorithm of the corresponding
private key for this certificate. If provided, allowed values
- are either "rsa" or "ecdsa" If `algorithm` is specified and
- `size` is not provided, key size of 256 will be used for "ecdsa"
- key algorithm and key size of 2048 will be used for "rsa" key
+ are either `RSA` or `ECDSA` If `algorithm` is specified and + `size` is not provided, key size of 256 will be used for `ECDSA` + key algorithm and key size of 2048 will be used for `RSA` key @@ -2271,8 +2287,8 @@
description: The private key cryptography standards (PKCS) encoding
for this certificate's private key to be encoded in. If provided,
- allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and
- PKCS#8, respectively. Defaults to PKCS#1 if not specified.
+ allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and + PKCS#8, respectively. Defaults to `PKCS1` if not specified. @@ -2426,15 +2442,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready',
+ description: Type of the condition, known values are (`Ready`, @@ -2522,6 +2538,9 @@
group: acme.cert-manager.io
@@ -8547,6 +8566,8 @@
listKind: ClusterIssuerList
@@ -10250,6 +10271,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -10511,15 +10541,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -12229,6 +12259,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -12490,15 +12529,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -14208,6 +14247,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -14469,15 +14517,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -16189,6 +16237,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -16450,15 +16507,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -16504,6 +16561,8 @@
@@ -18206,6 +18265,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -18467,15 +18535,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -20184,6 +20252,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -20445,15 +20522,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -22162,6 +22239,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -22423,15 +22509,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -24142,6 +24228,15 @@
+ description: The OCSP server list is an X.509 v3 extension that + defines a list of URLs of OCSP responders. The OCSP responders + can be queried for the revocation status of an issued certificate. + If not set, the certificate wil be issued with no OCSP servers + set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". description: SecretName is the name of the secret used to sign
Certificates issued by this Issuer.
@@ -24403,15 +24498,15 @@
for the condition's last transition.
- description: Status of the condition, one of ('True', 'False',
+ description: Status of the condition, one of (`True`, `False`, - description: Type of the condition, known values are ('Ready').
+ description: Type of the condition, known values are (`Ready`). @@ -24457,6 +24552,9 @@
group: acme.cert-manager.io
@@ -25738,7 +25836,7 @@
@@ -25800,7 +25898,7 @@
@@ -25808,7 +25906,7 @@
@@ -26235,7 +26333,7 @@
fieldPath: metadata.namespace
- image: quay.io/jetstack/cert-manager-cainjector:v1.1.1
+ image: quay.io/jetstack/cert-manager-cainjector:v1.2.0 imagePullPolicy: IfNotPresent
@@ -26280,7 +26378,7 @@
fieldPath: metadata.namespace
- image: quay.io/jetstack/cert-manager-controller:v1.1.1
+ image: quay.io/jetstack/cert-manager-controller:v1.2.0 imagePullPolicy: IfNotPresent
@@ -26326,7 +26424,7 @@
fieldPath: metadata.namespace
- image: quay.io/jetstack/cert-manager-webhook:v1.1.1
+ image: quay.io/jetstack/cert-manager-webhook:v1.2.0 imagePullPolicy: IfNotPresent