k8ts

import { ApiObject, ApiObjectMetadata, GroupVersionKind } from "cdk8s"; import { Construct } from "constructs"; /** * Challenge is a type to represent a Challenge request with an ACME server * * @schema Challenge */ export declare class Challenge extends ApiObject { /** Returns the apiVersion and kind for "Challenge" */ static readonly GVK: GroupVersionKind; /** * Renders a Kubernetes manifest for "Challenge". * * This can be used to inline resource manifests inside other objects (e.g. as templates). * * @param props Initialization props */ static manifest(props: ChallengeProps): any; /** * Defines a "Challenge" API object * * @param scope The scope in which to define this object * @param id A scope-local name for the object * @param props Initialization props */ constructor(scope: Construct, id: string, props: ChallengeProps); /** Renders the object to Kubernetes JSON. */ toJson(): any; } /** * Challenge is a type to represent a Challenge request with an ACME server * * @schema Challenge */ export interface ChallengeProps { /** @schema Challenge#metadata */ readonly metadata: ApiObjectMetadata; /** @schema Challenge#spec */ readonly spec: ChallengeSpec; } /** Converts an object of type 'ChallengeProps' to JSON representation. */ export declare function toJson_ChallengeProps(obj: ChallengeProps | undefined): Record<string, any> | undefined; /** @schema ChallengeSpec */ export interface ChallengeSpec { /** * The URL to the ACME Authorization resource that this challenge is a part of. * * @schema ChallengeSpec#authorizationURL */ readonly authorizationUrl: string; /** * DnsName is the identifier that this challenge is for, e.g. example.com. If the requested * DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for * `*.example.com`, it must be `example.com`. * * @schema ChallengeSpec#dnsName */ readonly dnsName: string; /** * References a properly configured ACME-type Issuer which should be used to create this * Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an * 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. * * @schema ChallengeSpec#issuerRef */ readonly issuerRef: ChallengeSpecIssuerRef; /** * The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must * be responded with to complete the HTTP01 challenge in the format: `<private key JWK * thumbprint>.<key from acme server for challenge>`. For DNS01 challenges, this is the base64 * encoded SHA256 sum of the `<private key JWK thumbprint>.<key from acme server for challenge>` * text that must be set as the TXT record content. * * @schema ChallengeSpec#key */ readonly key: string; /** * Contains the domain solving configuration that should be used to solve this challenge * resource. * * @schema ChallengeSpec#solver */ readonly solver: ChallengeSpecSolver; /** * The ACME challenge token for this challenge. This is the raw value returned from the ACME * server. * * @schema ChallengeSpec#token */ readonly token: string; /** * The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". * * @schema ChallengeSpec#type */ readonly type: ChallengeSpecType; /** * The URL of the ACME Challenge resource for this challenge. This can be used to lookup details * about the status of this challenge. * * @schema ChallengeSpec#url */ readonly url: string; /** * Wildcard will be true if this challenge is for a wildcard identifier, for example * '*.example.com'. * * @schema ChallengeSpec#wildcard */ readonly wildcard?: boolean; } /** Converts an object of type 'ChallengeSpec' to JSON representation. */ export declare function toJson_ChallengeSpec(obj: ChallengeSpec | undefined): Record<string, any> | undefined; /** * References a properly configured ACME-type Issuer which should be used to create this Challenge. * If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, * an error will be returned and the Challenge will be marked as failed. * * @schema ChallengeSpecIssuerRef */ export interface ChallengeSpecIssuerRef { /** * Group of the resource being referred to. * * @schema ChallengeSpecIssuerRef#group */ readonly group?: string; /** * Kind of the resource being referred to. * * @schema ChallengeSpecIssuerRef#kind */ readonly kind?: string; /** * Name of the resource being referred to. * * @schema ChallengeSpecIssuerRef#name */ readonly name: string; } /** Converts an object of type 'ChallengeSpecIssuerRef' to JSON representation. */ export declare function toJson_ChallengeSpecIssuerRef(obj: ChallengeSpecIssuerRef | undefined): Record<string, any> | undefined; /** * Contains the domain solving configuration that should be used to solve this challenge resource. * * @schema ChallengeSpecSolver */ export interface ChallengeSpecSolver { /** * Configures cert-manager to attempt to complete authorizations by performing the DNS01 * challenge flow. * * @schema ChallengeSpecSolver#dns01 */ readonly dns01?: ChallengeSpecSolverDns01; /** * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 * challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. * `*.example.com`) using the HTTP01 challenge mechanism. * * @schema ChallengeSpecSolver#http01 */ readonly http01?: ChallengeSpecSolverHttp01; /** * Selector selects a set of DNSNames on the Certificate resource that should be solved using * this challenge solver. If not specified, the solver will be treated as the 'default' solver * with the lowest priority, i.e. if any other solver has a more specific match, it will be used * instead. * * @schema ChallengeSpecSolver#selector */ readonly selector?: ChallengeSpecSolverSelector; } /** Converts an object of type 'ChallengeSpecSolver' to JSON representation. */ export declare function toJson_ChallengeSpecSolver(obj: ChallengeSpecSolver | undefined): Record<string, any> | undefined; /** * The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". * * @schema ChallengeSpecType */ export declare enum ChallengeSpecType { /** HTTP-01 */ HTTP_HYPHEN_01 = "HTTP-01", /** DNS-01 */ DNS_HYPHEN_01 = "DNS-01" } /** * Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge * flow. * * @schema ChallengeSpecSolverDns01 */ export interface ChallengeSpecSolverDns01 { /** * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge * records. * * @schema ChallengeSpecSolverDns01#acmeDNS */ readonly acmeDns?: ChallengeSpecSolverDns01AcmeDns; /** * Use the Akamai DNS zone management API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#akamai */ readonly akamai?: ChallengeSpecSolverDns01Akamai; /** * Use the Microsoft Azure DNS API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#azureDNS */ readonly azureDns?: ChallengeSpecSolverDns01AzureDns; /** * Use the Google Cloud DNS API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#cloudDNS */ readonly cloudDns?: ChallengeSpecSolverDns01CloudDns; /** * Use the Cloudflare API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#cloudflare */ readonly cloudflare?: ChallengeSpecSolverDns01Cloudflare; /** * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS * zones. * * @schema ChallengeSpecSolverDns01#cnameStrategy */ readonly cnameStrategy?: ChallengeSpecSolverDns01CnameStrategy; /** * Use the DigitalOcean DNS API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#digitalocean */ readonly digitalocean?: ChallengeSpecSolverDns01Digitalocean; /** * Use RFC2136 ("Dynamic Updates in the Domain Name System") * (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#rfc2136 */ readonly rfc2136?: ChallengeSpecSolverDns01Rfc2136; /** * Use the AWS Route53 API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#route53 */ readonly route53?: ChallengeSpecSolverDns01Route53; /** * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01#webhook */ readonly webhook?: ChallengeSpecSolverDns01Webhook; } /** Converts an object of type 'ChallengeSpecSolverDns01' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01(obj: ChallengeSpecSolverDns01 | undefined): Record<string, any> | undefined; /** * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge * flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) * using the HTTP01 challenge mechanism. * * @schema ChallengeSpecSolverHttp01 */ export interface ChallengeSpecSolverHttp01 { /** * The Gateway API is a sig-network community API that models service networking in Kubernetes * (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the * specified labels in the same namespace as the challenge. This solver is experimental, and * fields / behaviour may change in the future. * * @schema ChallengeSpecSolverHttp01#gatewayHTTPRoute */ readonly gatewayHttpRoute?: ChallengeSpecSolverHttp01GatewayHttpRoute; /** * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying * Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to * 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be * completed. * * @schema ChallengeSpecSolverHttp01#ingress */ readonly ingress?: ChallengeSpecSolverHttp01Ingress; } /** Converts an object of type 'ChallengeSpecSolverHttp01' to JSON representation. */ export declare function toJson_ChallengeSpecSolverHttp01(obj: ChallengeSpecSolverHttp01 | undefined): Record<string, any> | undefined; /** * Selector selects a set of DNSNames on the Certificate resource that should be solved using this * challenge solver. If not specified, the solver will be treated as the 'default' solver with the * lowest priority, i.e. if any other solver has a more specific match, it will be used instead. * * @schema ChallengeSpecSolverSelector */ export interface ChallengeSpecSolverSelector { /** * List of DNSNames that this solver will be used to solve. If specified and a match is found, a * dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match * with the same dnsNames value, the solver with the most matching labels in matchLabels will be * selected. If neither has more matches, the solver defined earlier in the list will be * selected. * * @schema ChallengeSpecSolverSelector#dnsNames */ readonly dnsNames?: string[]; /** * List of DNSZones that this solver will be used to solve. The most specific DNS zone match * specified here will take precedence over other DNS zone matches, so a solver specifying * sys.example.com will be selected over one specifying example.com for the domain * www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with * the most matching labels in matchLabels will be selected. If neither has more matches, the * solver defined earlier in the list will be selected. * * @schema ChallengeSpecSolverSelector#dnsZones */ readonly dnsZones?: string[]; /** * A label selector that is used to refine the set of certificate's that this challenge solver * will apply to. * * @schema ChallengeSpecSolverSelector#matchLabels */ readonly matchLabels?: { [key: string]: string; }; } /** Converts an object of type 'ChallengeSpecSolverSelector' to JSON representation. */ export declare function toJson_ChallengeSpecSolverSelector(obj: ChallengeSpecSolverSelector | undefined): Record<string, any> | undefined; /** * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01AcmeDns */ export interface ChallengeSpecSolverDns01AcmeDns { /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a * required field. * * @schema ChallengeSpecSolverDns01AcmeDns#accountSecretRef */ readonly accountSecretRef: ChallengeSpecSolverDns01AcmeDnsAccountSecretRef; /** @schema ChallengeSpecSolverDns01AcmeDns#host */ readonly host: string; } /** Converts an object of type 'ChallengeSpecSolverDns01AcmeDns' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01AcmeDns(obj: ChallengeSpecSolverDns01AcmeDns | undefined): Record<string, any> | undefined; /** * Use the Akamai DNS zone management API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01Akamai */ export interface ChallengeSpecSolverDns01Akamai { /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a * required field. * * @schema ChallengeSpecSolverDns01Akamai#accessTokenSecretRef */ readonly accessTokenSecretRef: ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a * required field. * * @schema ChallengeSpecSolverDns01Akamai#clientSecretSecretRef */ readonly clientSecretSecretRef: ChallengeSpecSolverDns01AkamaiClientSecretSecretRef; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a * required field. * * @schema ChallengeSpecSolverDns01Akamai#clientTokenSecretRef */ readonly clientTokenSecretRef: ChallengeSpecSolverDns01AkamaiClientTokenSecretRef; /** @schema ChallengeSpecSolverDns01Akamai#serviceConsumerDomain */ readonly serviceConsumerDomain: string; } /** Converts an object of type 'ChallengeSpecSolverDns01Akamai' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01Akamai(obj: ChallengeSpecSolverDns01Akamai | undefined): Record<string, any> | undefined; /** * Use the Microsoft Azure DNS API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01AzureDns */ export interface ChallengeSpecSolverDns01AzureDns { /** * Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to * authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. * * @schema ChallengeSpecSolverDns01AzureDns#clientID */ readonly clientId?: string; /** * Auth: Azure Service Principal: A reference to a Secret containing the password associated * with the Service Principal. If set, ClientID and TenantID must also be set. * * @schema ChallengeSpecSolverDns01AzureDns#clientSecretSecretRef */ readonly clientSecretSecretRef?: ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef; /** * Name of the Azure environment (default AzurePublicCloud) * * @schema ChallengeSpecSolverDns01AzureDns#environment */ readonly environment?: ChallengeSpecSolverDns01AzureDnsEnvironment; /** * Name of the DNS zone that should be used * * @schema ChallengeSpecSolverDns01AzureDns#hostedZoneName */ readonly hostedZoneName?: string; /** * Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure * Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and * TenantID must not be set. * * @schema ChallengeSpecSolverDns01AzureDns#managedIdentity */ readonly managedIdentity?: ChallengeSpecSolverDns01AzureDnsManagedIdentity; /** * Resource group the DNS zone is located in * * @schema ChallengeSpecSolverDns01AzureDns#resourceGroupName */ readonly resourceGroupName: string; /** * ID of the Azure subscription * * @schema ChallengeSpecSolverDns01AzureDns#subscriptionID */ readonly subscriptionId: string; /** * Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to * authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. * * @schema ChallengeSpecSolverDns01AzureDns#tenantID */ readonly tenantId?: string; } /** Converts an object of type 'ChallengeSpecSolverDns01AzureDns' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01AzureDns(obj: ChallengeSpecSolverDns01AzureDns | undefined): Record<string, any> | undefined; /** * Use the Google Cloud DNS API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01CloudDns */ export interface ChallengeSpecSolverDns01CloudDns { /** * HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the * challenge record has to be created. If left empty cert-manager will automatically choose a * zone. * * @schema ChallengeSpecSolverDns01CloudDns#hostedZoneName */ readonly hostedZoneName?: string; /** @schema ChallengeSpecSolverDns01CloudDns#project */ readonly project: string; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a * required field. * * @schema ChallengeSpecSolverDns01CloudDns#serviceAccountSecretRef */ readonly serviceAccountSecretRef?: ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef; } /** Converts an object of type 'ChallengeSpecSolverDns01CloudDns' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01CloudDns(obj: ChallengeSpecSolverDns01CloudDns | undefined): Record<string, any> | undefined; /** * Use the Cloudflare API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01Cloudflare */ export interface ChallengeSpecSolverDns01Cloudflare { /** * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is * now the recommended method as it allows greater control of permissions. * * @schema ChallengeSpecSolverDns01Cloudflare#apiKeySecretRef */ readonly apiKeySecretRef?: ChallengeSpecSolverDns01CloudflareApiKeySecretRef; /** * API token used to authenticate with Cloudflare. * * @schema ChallengeSpecSolverDns01Cloudflare#apiTokenSecretRef */ readonly apiTokenSecretRef?: ChallengeSpecSolverDns01CloudflareApiTokenSecretRef; /** * Email of the account, only required when using API key based authentication. * * @schema ChallengeSpecSolverDns01Cloudflare#email */ readonly email?: string; } /** Converts an object of type 'ChallengeSpecSolverDns01Cloudflare' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01Cloudflare(obj: ChallengeSpecSolverDns01Cloudflare | undefined): Record<string, any> | undefined; /** * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS * zones. * * @schema ChallengeSpecSolverDns01CnameStrategy */ export declare enum ChallengeSpecSolverDns01CnameStrategy { /** None */ NONE = "None", /** Follow */ FOLLOW = "Follow" } /** * Use the DigitalOcean DNS API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01Digitalocean */ export interface ChallengeSpecSolverDns01Digitalocean { /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a * required field. * * @schema ChallengeSpecSolverDns01Digitalocean#tokenSecretRef */ readonly tokenSecretRef: ChallengeSpecSolverDns01DigitaloceanTokenSecretRef; } /** Converts an object of type 'ChallengeSpecSolverDns01Digitalocean' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01Digitalocean(obj: ChallengeSpecSolverDns01Digitalocean | undefined): Record<string, any> | undefined; /** * Use RFC2136 ("Dynamic Updates in the Domain Name System") * (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01Rfc2136 */ export interface ChallengeSpecSolverDns01Rfc2136 { /** * The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form * host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g * [2001:db8::1]) ; port is optional. This field is required. * * @schema ChallengeSpecSolverDns01Rfc2136#nameserver */ readonly nameserver: string; /** * The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when * `tsigSecretSecretRef` and `tsigKeyName` are defined. Supported values are (case-insensitive): * `HMACMD5` (default), `HMACSHA1`, `HMACSHA256` or `HMACSHA512`. * * @schema ChallengeSpecSolverDns01Rfc2136#tsigAlgorithm */ readonly tsigAlgorithm?: string; /** * The TSIG Key name configured in the DNS. If `tsigSecretSecretRef` is defined, this field is * required. * * @schema ChallengeSpecSolverDns01Rfc2136#tsigKeyName */ readonly tsigKeyName?: string; /** * The name of the secret containing the TSIG value. If `tsigKeyName` is defined, this field is * required. * * @schema ChallengeSpecSolverDns01Rfc2136#tsigSecretSecretRef */ readonly tsigSecretSecretRef?: ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef; } /** Converts an object of type 'ChallengeSpecSolverDns01Rfc2136' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01Rfc2136(obj: ChallengeSpecSolverDns01Rfc2136 | undefined): Record<string, any> | undefined; /** * Use the AWS Route53 API to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01Route53 */ export interface ChallengeSpecSolverDns01Route53 { /** * The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If * neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials * file or AWS Instance metadata, see: * https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials * * @schema ChallengeSpecSolverDns01Route53#accessKeyID */ readonly accessKeyId?: string; /** * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key * within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key * nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance * metadata, see: * https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials * * @schema ChallengeSpecSolverDns01Route53#accessKeyIDSecretRef */ readonly accessKeyIdSecretRef?: ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef; /** * Auth configures how cert-manager authenticates. * * @schema ChallengeSpecSolverDns01Route53#auth */ readonly auth?: ChallengeSpecSolverDns01Route53Auth; /** * If set, the provider will manage only this zone in Route53 and will not do a lookup using the * route53:ListHostedZonesByName api call. * * @schema ChallengeSpecSolverDns01Route53#hostedZoneID */ readonly hostedZoneId?: string; /** * Override the AWS region. * * Route53 is a global service and does not have regional endpoints but the region specified * here (or via environment variables) is used as a hint to help compute the correct AWS * credential scope and partition when it connects to Route53. See: * * - [Amazon Route 53 endpoints and * quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html) * - [Global * services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html) * * If you omit this region field, cert-manager will use the region from AWS_REGION and * AWS_DEFAULT_REGION environment variables, if they are set in the cert-manager controller * Pod. * * The `region` field is not needed if you use [IAM Roles for Service Accounts * (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). * Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: * [Amazon EKS Pod Identity Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook). In * this case this `region` field value is ignored. * * The `region` field is not needed if you use [EKS Pod * Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). Instead an * AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS * Pod Identity Agent](https://github.com/aws/eks-pod-identity-agent), In this case this * `region` field value is ignored. * * @schema ChallengeSpecSolverDns01Route53#region */ readonly region?: string; /** * Role is a Role ARN which the Route53 provider will assume using either the explicit * credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment * variables, shared credentials file or AWS Instance metadata * * @schema ChallengeSpecSolverDns01Route53#role */ readonly role?: string; /** * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, * we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: * https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials * * @schema ChallengeSpecSolverDns01Route53#secretAccessKeySecretRef */ readonly secretAccessKeySecretRef?: ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef; } /** Converts an object of type 'ChallengeSpecSolverDns01Route53' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01Route53(obj: ChallengeSpecSolverDns01Route53 | undefined): Record<string, any> | undefined; /** * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. * * @schema ChallengeSpecSolverDns01Webhook */ export interface ChallengeSpecSolverDns01Webhook { /** * Additional configuration that should be passed to the webhook apiserver when challenges are * processed. This can contain arbitrary JSON data. Secret values should not be specified in * this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use * a SecretKeySelector to reference a Secret resource. For details on the schema of this field, * consult the webhook provider implementation's documentation. * * @schema ChallengeSpecSolverDns01Webhook#config */ readonly config?: any; /** * The API group name that should be used when POSTing ChallengePayload resources to the webhook * apiserver. This should be the same as the GroupName specified in the webhook provider * implementation. * * @schema ChallengeSpecSolverDns01Webhook#groupName */ readonly groupName: string; /** * The name of the solver to use, as defined in the webhook provider implementation. This will * typically be the name of the provider, e.g. 'cloudflare'. * * @schema ChallengeSpecSolverDns01Webhook#solverName */ readonly solverName: string; } /** Converts an object of type 'ChallengeSpecSolverDns01Webhook' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01Webhook(obj: ChallengeSpecSolverDns01Webhook | undefined): Record<string, any> | undefined; /** * The Gateway API is a sig-network community API that models service networking in Kubernetes * (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified * labels in the same namespace as the challenge. This solver is experimental, and fields / * behaviour may change in the future. * * @schema ChallengeSpecSolverHttp01GatewayHttpRoute */ export interface ChallengeSpecSolverHttp01GatewayHttpRoute { /** * Custom labels that will be applied to HTTPRoutes created by cert-manager while solving * HTTP-01 challenges. * * @schema ChallengeSpecSolverHttp01GatewayHttpRoute#labels */ readonly labels?: { [key: string]: string; }; /** * When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to * know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef * references a Gateway. See: * https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways * * @schema ChallengeSpecSolverHttp01GatewayHttpRoute#parentRefs */ readonly parentRefs?: ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs[]; /** * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 * challenges. * * @schema ChallengeSpecSolverHttp01GatewayHttpRoute#podTemplate */ readonly podTemplate?: ChallengeSpecSolverHttp01GatewayHttpRoutePodTemplate; /** * Optional service type for Kubernetes solver service. Supported values are NodePort or * ClusterIP. If unset, defaults to NodePort. * * @schema ChallengeSpecSolverHttp01GatewayHttpRoute#serviceType */ readonly serviceType?: string; } /** Converts an object of type 'ChallengeSpecSolverHttp01GatewayHttpRoute' to JSON representation. */ export declare function toJson_ChallengeSpecSolverHttp01GatewayHttpRoute(obj: ChallengeSpecSolverHttp01GatewayHttpRoute | undefined): Record<string, any> | undefined; /** * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress * resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' * pods that are provisioned by cert-manager for each Challenge to be completed. * * @schema ChallengeSpecSolverHttp01Ingress */ export interface ChallengeSpecSolverHttp01Ingress { /** * This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress * resources to solve ACME challenges that use this challenge solver. Only one of `class`, * `name` or `ingressClassName` may be specified. * * @schema ChallengeSpecSolverHttp01Ingress#class */ readonly class?: string; /** * This field configures the field `ingressClassName` on the created Ingress resources used to * solve ACME challenges that use this challenge solver. This is the recommended way of * configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be * specified. * * @schema ChallengeSpecSolverHttp01Ingress#ingressClassName */ readonly ingressClassName?: string; /** * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 * challenges. * * @schema ChallengeSpecSolverHttp01Ingress#ingressTemplate */ readonly ingressTemplate?: ChallengeSpecSolverHttp01IngressIngressTemplate; /** * The name of the ingress resource that should have ACME challenge solving routes inserted into * it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress * controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress * resources. Only one of `class`, `name` or `ingressClassName` may be specified. * * @schema ChallengeSpecSolverHttp01Ingress#name */ readonly name?: string; /** * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 * challenges. * * @schema ChallengeSpecSolverHttp01Ingress#podTemplate */ readonly podTemplate?: ChallengeSpecSolverHttp01IngressPodTemplate; /** * Optional service type for Kubernetes solver service. Supported values are NodePort or * ClusterIP. If unset, defaults to NodePort. * * @schema ChallengeSpecSolverHttp01Ingress#serviceType */ readonly serviceType?: string; } /** Converts an object of type 'ChallengeSpecSolverHttp01Ingress' to JSON representation. */ export declare function toJson_ChallengeSpecSolverHttp01Ingress(obj: ChallengeSpecSolverHttp01Ingress | undefined): Record<string, any> | undefined; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required * field. * * @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef */ export interface ChallengeSpecSolverDns01AcmeDnsAccountSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01AcmeDnsAccountSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01AcmeDnsAccountSecretRef(obj: ChallengeSpecSolverDns01AcmeDnsAccountSecretRef | undefined): Record<string, any> | undefined; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required * field. * * @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef */ export interface ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef(obj: ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef | undefined): Record<string, any> | undefined; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required * field. * * @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef */ export interface ChallengeSpecSolverDns01AkamaiClientSecretSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01AkamaiClientSecretSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01AkamaiClientSecretSecretRef(obj: ChallengeSpecSolverDns01AkamaiClientSecretSecretRef | undefined): Record<string, any> | undefined; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required * field. * * @schema ChallengeSpecSolverDns01AkamaiClientTokenSecretRef */ export interface ChallengeSpecSolverDns01AkamaiClientTokenSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01AkamaiClientTokenSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01AkamaiClientTokenSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01AkamaiClientTokenSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01AkamaiClientTokenSecretRef(obj: ChallengeSpecSolverDns01AkamaiClientTokenSecretRef | undefined): Record<string, any> | undefined; /** * Auth: Azure Service Principal: A reference to a Secret containing the password associated with * the Service Principal. If set, ClientID and TenantID must also be set. * * @schema ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef */ export interface ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef(obj: ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef | undefined): Record<string, any> | undefined; /** * Name of the Azure environment (default AzurePublicCloud) * * @schema ChallengeSpecSolverDns01AzureDnsEnvironment */ export declare enum ChallengeSpecSolverDns01AzureDnsEnvironment { /** AzurePublicCloud */ AZURE_PUBLIC_CLOUD = "AzurePublicCloud", /** AzureChinaCloud */ AZURE_CHINA_CLOUD = "AzureChinaCloud", /** AzureGermanCloud */ AZURE_GERMAN_CLOUD = "AzureGermanCloud", /** AzureUSGovernmentCloud */ AZURE_US_GOVERNMENT_CLOUD = "AzureUSGovernmentCloud" } /** * Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure * Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID * must not be set. * * @schema ChallengeSpecSolverDns01AzureDnsManagedIdentity */ export interface ChallengeSpecSolverDns01AzureDnsManagedIdentity { /** * Client ID of the managed identity, can not be used at the same time as resourceID * * @schema ChallengeSpecSolverDns01AzureDnsManagedIdentity#clientID */ readonly clientId?: string; /** * Resource ID of the managed identity, can not be used at the same time as clientID Cannot be * used for Azure Managed Service Identity * * @schema ChallengeSpecSolverDns01AzureDnsManagedIdentity#resourceID */ readonly resourceId?: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01AzureDnsManagedIdentity' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01AzureDnsManagedIdentity(obj: ChallengeSpecSolverDns01AzureDnsManagedIdentity | undefined): Record<string, any> | undefined; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required * field. * * @schema ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef */ export interface ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef(obj: ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef | undefined): Record<string, any> | undefined; /** * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now * the recommended method as it allows greater control of permissions. * * @schema ChallengeSpecSolverDns01CloudflareApiKeySecretRef */ export interface ChallengeSpecSolverDns01CloudflareApiKeySecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01CloudflareApiKeySecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01CloudflareApiKeySecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01CloudflareApiKeySecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01CloudflareApiKeySecretRef(obj: ChallengeSpecSolverDns01CloudflareApiKeySecretRef | undefined): Record<string, any> | undefined; /** * API token used to authenticate with Cloudflare. * * @schema ChallengeSpecSolverDns01CloudflareApiTokenSecretRef */ export interface ChallengeSpecSolverDns01CloudflareApiTokenSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01CloudflareApiTokenSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01CloudflareApiTokenSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01CloudflareApiTokenSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01CloudflareApiTokenSecretRef(obj: ChallengeSpecSolverDns01CloudflareApiTokenSecretRef | undefined): Record<string, any> | undefined; /** * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required * field. * * @schema ChallengeSpecSolverDns01DigitaloceanTokenSecretRef */ export interface ChallengeSpecSolverDns01DigitaloceanTokenSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01DigitaloceanTokenSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01DigitaloceanTokenSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01DigitaloceanTokenSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01DigitaloceanTokenSecretRef(obj: ChallengeSpecSolverDns01DigitaloceanTokenSecretRef | undefined): Record<string, any> | undefined; /** * The name of the secret containing the TSIG value. If `tsigKeyName` is defined, this field is * required. * * @schema ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef */ export interface ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef(obj: ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef | undefined): Record<string, any> | undefined; /** * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key * within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor * Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, * see: * https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials * * @schema ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef */ export interface ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef(obj: ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef | undefined): Record<string, any> | undefined; /** * Auth configures how cert-manager authenticates. * * @schema ChallengeSpecSolverDns01Route53Auth */ export interface ChallengeSpecSolverDns01Route53Auth { /** * Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity by passing a bound * ServiceAccount token. * * @schema ChallengeSpecSolverDns01Route53Auth#kubernetes */ readonly kubernetes: ChallengeSpecSolverDns01Route53AuthKubernetes; } /** Converts an object of type 'ChallengeSpecSolverDns01Route53Auth' to JSON representation. */ export declare function toJson_ChallengeSpecSolverDns01Route53Auth(obj: ChallengeSpecSolverDns01Route53Auth | undefined): Record<string, any> | undefined; /** * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we * fall-back to using env vars, shared credentials file or AWS Instance metadata, see: * https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials * * @schema ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef */ export interface ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef { /** * The key of the entry in the Secret resource's `data` field to be used. Some instances of this * field may be defaulted, in others it may be required. * * @schema ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef#key */ readonly key?: string; /** * Name of the resource being referred to. More info: * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef#name */ readonly name: string; } /** * Converts an object of type 'ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef' to JSON * representation. */ export declare function toJson_ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef(obj: ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef | undefined): Record<string, any> | unde