k8ts
Version:
Powerful framework for building Kubernetes manifests in TypeScript.
1,438 lines (1,326 loc) • 355 kB
text/typescript
// generated by cdk8s
import { ApiObject, ApiObjectMetadata, GroupVersionKind } from "cdk8s"
import { Construct } from "constructs"
/**
* Challenge is a type to represent a Challenge request with an ACME server
*
* @schema Challenge
*/
export class Challenge extends ApiObject {
/** Returns the apiVersion and kind for "Challenge" */
public static readonly GVK: GroupVersionKind = {
apiVersion: "acme.cert-manager.io/v1",
kind: "Challenge"
}
/**
* Renders a Kubernetes manifest for "Challenge".
*
* This can be used to inline resource manifests inside other objects (e.g. as templates).
*
* @param props Initialization props
*/
public static manifest(props: ChallengeProps): any {
return {
...Challenge.GVK,
...toJson_ChallengeProps(props)
}
}
/**
* Defines a "Challenge" API object
*
* @param scope The scope in which to define this object
* @param id A scope-local name for the object
* @param props Initialization props
*/
public constructor(scope: Construct, id: string, props: ChallengeProps) {
super(scope, id, {
...Challenge.GVK,
...props
})
}
/** Renders the object to Kubernetes JSON. */
public toJson(): any {
const resolved = super.toJson()
return {
...Challenge.GVK,
...toJson_ChallengeProps(resolved)
}
}
}
/**
* Challenge is a type to represent a Challenge request with an ACME server
*
* @schema Challenge
*/
export interface ChallengeProps {
/** @schema Challenge#metadata */
readonly metadata: ApiObjectMetadata
/** @schema Challenge#spec */
readonly spec: ChallengeSpec
}
/** Converts an object of type 'ChallengeProps' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeProps(
obj: ChallengeProps | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
metadata: obj.metadata,
spec: toJson_ChallengeSpec(obj.spec)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/** @schema ChallengeSpec */
export interface ChallengeSpec {
/**
* The URL to the ACME Authorization resource that this challenge is a part of.
*
* @schema ChallengeSpec#authorizationURL
*/
readonly authorizationUrl: string
/**
* DnsName is the identifier that this challenge is for, e.g. example.com. If the requested
* DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for
* `*.example.com`, it must be `example.com`.
*
* @schema ChallengeSpec#dnsName
*/
readonly dnsName: string
/**
* References a properly configured ACME-type Issuer which should be used to create this
* Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an
* 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed.
*
* @schema ChallengeSpec#issuerRef
*/
readonly issuerRef: ChallengeSpecIssuerRef
/**
* The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must
* be responded with to complete the HTTP01 challenge in the format: `<private key JWK
* thumbprint>.<key from acme server for challenge>`. For DNS01 challenges, this is the base64
* encoded SHA256 sum of the `<private key JWK thumbprint>.<key from acme server for challenge>`
* text that must be set as the TXT record content.
*
* @schema ChallengeSpec#key
*/
readonly key: string
/**
* Contains the domain solving configuration that should be used to solve this challenge
* resource.
*
* @schema ChallengeSpec#solver
*/
readonly solver: ChallengeSpecSolver
/**
* The ACME challenge token for this challenge. This is the raw value returned from the ACME
* server.
*
* @schema ChallengeSpec#token
*/
readonly token: string
/**
* The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01".
*
* @schema ChallengeSpec#type
*/
readonly type: ChallengeSpecType
/**
* The URL of the ACME Challenge resource for this challenge. This can be used to lookup details
* about the status of this challenge.
*
* @schema ChallengeSpec#url
*/
readonly url: string
/**
* Wildcard will be true if this challenge is for a wildcard identifier, for example
* '*.example.com'.
*
* @schema ChallengeSpec#wildcard
*/
readonly wildcard?: boolean
}
/** Converts an object of type 'ChallengeSpec' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpec(
obj: ChallengeSpec | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
authorizationURL: obj.authorizationUrl,
dnsName: obj.dnsName,
issuerRef: toJson_ChallengeSpecIssuerRef(obj.issuerRef),
key: obj.key,
solver: toJson_ChallengeSpecSolver(obj.solver),
token: obj.token,
type: obj.type,
url: obj.url,
wildcard: obj.wildcard
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* References a properly configured ACME-type Issuer which should be used to create this Challenge.
* If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer,
* an error will be returned and the Challenge will be marked as failed.
*
* @schema ChallengeSpecIssuerRef
*/
export interface ChallengeSpecIssuerRef {
/**
* Group of the resource being referred to.
*
* @schema ChallengeSpecIssuerRef#group
*/
readonly group?: string
/**
* Kind of the resource being referred to.
*
* @schema ChallengeSpecIssuerRef#kind
*/
readonly kind?: string
/**
* Name of the resource being referred to.
*
* @schema ChallengeSpecIssuerRef#name
*/
readonly name: string
}
/** Converts an object of type 'ChallengeSpecIssuerRef' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecIssuerRef(
obj: ChallengeSpecIssuerRef | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
group: obj.group,
kind: obj.kind,
name: obj.name
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Contains the domain solving configuration that should be used to solve this challenge resource.
*
* @schema ChallengeSpecSolver
*/
export interface ChallengeSpecSolver {
/**
* Configures cert-manager to attempt to complete authorizations by performing the DNS01
* challenge flow.
*
* @schema ChallengeSpecSolver#dns01
*/
readonly dns01?: ChallengeSpecSolverDns01
/**
* Configures cert-manager to attempt to complete authorizations by performing the HTTP01
* challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g.
* `*.example.com`) using the HTTP01 challenge mechanism.
*
* @schema ChallengeSpecSolver#http01
*/
readonly http01?: ChallengeSpecSolverHttp01
/**
* Selector selects a set of DNSNames on the Certificate resource that should be solved using
* this challenge solver. If not specified, the solver will be treated as the 'default' solver
* with the lowest priority, i.e. if any other solver has a more specific match, it will be used
* instead.
*
* @schema ChallengeSpecSolver#selector
*/
readonly selector?: ChallengeSpecSolverSelector
}
/** Converts an object of type 'ChallengeSpecSolver' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolver(
obj: ChallengeSpecSolver | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
dns01: toJson_ChallengeSpecSolverDns01(obj.dns01),
http01: toJson_ChallengeSpecSolverHttp01(obj.http01),
selector: toJson_ChallengeSpecSolverSelector(obj.selector)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01".
*
* @schema ChallengeSpecType
*/
export enum ChallengeSpecType {
/** HTTP-01 */
HTTP_HYPHEN_01 = "HTTP-01",
/** DNS-01 */
DNS_HYPHEN_01 = "DNS-01"
}
/**
* Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge
* flow.
*
* @schema ChallengeSpecSolverDns01
*/
export interface ChallengeSpecSolverDns01 {
/**
* Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge
* records.
*
* @schema ChallengeSpecSolverDns01#acmeDNS
*/
readonly acmeDns?: ChallengeSpecSolverDns01AcmeDns
/**
* Use the Akamai DNS zone management API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#akamai
*/
readonly akamai?: ChallengeSpecSolverDns01Akamai
/**
* Use the Microsoft Azure DNS API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#azureDNS
*/
readonly azureDns?: ChallengeSpecSolverDns01AzureDns
/**
* Use the Google Cloud DNS API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#cloudDNS
*/
readonly cloudDns?: ChallengeSpecSolverDns01CloudDns
/**
* Use the Cloudflare API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#cloudflare
*/
readonly cloudflare?: ChallengeSpecSolverDns01Cloudflare
/**
* CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS
* zones.
*
* @schema ChallengeSpecSolverDns01#cnameStrategy
*/
readonly cnameStrategy?: ChallengeSpecSolverDns01CnameStrategy
/**
* Use the DigitalOcean DNS API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#digitalocean
*/
readonly digitalocean?: ChallengeSpecSolverDns01Digitalocean
/**
* Use RFC2136 ("Dynamic Updates in the Domain Name System")
* (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#rfc2136
*/
readonly rfc2136?: ChallengeSpecSolverDns01Rfc2136
/**
* Use the AWS Route53 API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#route53
*/
readonly route53?: ChallengeSpecSolverDns01Route53
/**
* Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01#webhook
*/
readonly webhook?: ChallengeSpecSolverDns01Webhook
}
/** Converts an object of type 'ChallengeSpecSolverDns01' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01(
obj: ChallengeSpecSolverDns01 | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
acmeDNS: toJson_ChallengeSpecSolverDns01AcmeDns(obj.acmeDns),
akamai: toJson_ChallengeSpecSolverDns01Akamai(obj.akamai),
azureDNS: toJson_ChallengeSpecSolverDns01AzureDns(obj.azureDns),
cloudDNS: toJson_ChallengeSpecSolverDns01CloudDns(obj.cloudDns),
cloudflare: toJson_ChallengeSpecSolverDns01Cloudflare(obj.cloudflare),
cnameStrategy: obj.cnameStrategy,
digitalocean: toJson_ChallengeSpecSolverDns01Digitalocean(obj.digitalocean),
rfc2136: toJson_ChallengeSpecSolverDns01Rfc2136(obj.rfc2136),
route53: toJson_ChallengeSpecSolverDns01Route53(obj.route53),
webhook: toJson_ChallengeSpecSolverDns01Webhook(obj.webhook)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge
* flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`)
* using the HTTP01 challenge mechanism.
*
* @schema ChallengeSpecSolverHttp01
*/
export interface ChallengeSpecSolverHttp01 {
/**
* The Gateway API is a sig-network community API that models service networking in Kubernetes
* (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the
* specified labels in the same namespace as the challenge. This solver is experimental, and
* fields / behaviour may change in the future.
*
* @schema ChallengeSpecSolverHttp01#gatewayHTTPRoute
*/
readonly gatewayHttpRoute?: ChallengeSpecSolverHttp01GatewayHttpRoute
/**
* The ingress based HTTP01 challenge solver will solve challenges by creating or modifying
* Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to
* 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be
* completed.
*
* @schema ChallengeSpecSolverHttp01#ingress
*/
readonly ingress?: ChallengeSpecSolverHttp01Ingress
}
/** Converts an object of type 'ChallengeSpecSolverHttp01' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverHttp01(
obj: ChallengeSpecSolverHttp01 | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
gatewayHTTPRoute: toJson_ChallengeSpecSolverHttp01GatewayHttpRoute(obj.gatewayHttpRoute),
ingress: toJson_ChallengeSpecSolverHttp01Ingress(obj.ingress)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Selector selects a set of DNSNames on the Certificate resource that should be solved using this
* challenge solver. If not specified, the solver will be treated as the 'default' solver with the
* lowest priority, i.e. if any other solver has a more specific match, it will be used instead.
*
* @schema ChallengeSpecSolverSelector
*/
export interface ChallengeSpecSolverSelector {
/**
* List of DNSNames that this solver will be used to solve. If specified and a match is found, a
* dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match
* with the same dnsNames value, the solver with the most matching labels in matchLabels will be
* selected. If neither has more matches, the solver defined earlier in the list will be
* selected.
*
* @schema ChallengeSpecSolverSelector#dnsNames
*/
readonly dnsNames?: string[]
/**
* List of DNSZones that this solver will be used to solve. The most specific DNS zone match
* specified here will take precedence over other DNS zone matches, so a solver specifying
* sys.example.com will be selected over one specifying example.com for the domain
* www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with
* the most matching labels in matchLabels will be selected. If neither has more matches, the
* solver defined earlier in the list will be selected.
*
* @schema ChallengeSpecSolverSelector#dnsZones
*/
readonly dnsZones?: string[]
/**
* A label selector that is used to refine the set of certificate's that this challenge solver
* will apply to.
*
* @schema ChallengeSpecSolverSelector#matchLabels
*/
readonly matchLabels?: { [key: string]: string }
}
/** Converts an object of type 'ChallengeSpecSolverSelector' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverSelector(
obj: ChallengeSpecSolverSelector | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
dnsNames: obj.dnsNames?.map(y => y),
dnsZones: obj.dnsZones?.map(y => y),
matchLabels:
obj.matchLabels === undefined
? undefined
: Object.entries(obj.matchLabels).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01AcmeDns
*/
export interface ChallengeSpecSolverDns01AcmeDns {
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a
* required field.
*
* @schema ChallengeSpecSolverDns01AcmeDns#accountSecretRef
*/
readonly accountSecretRef: ChallengeSpecSolverDns01AcmeDnsAccountSecretRef
/** @schema ChallengeSpecSolverDns01AcmeDns#host */
readonly host: string
}
/** Converts an object of type 'ChallengeSpecSolverDns01AcmeDns' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01AcmeDns(
obj: ChallengeSpecSolverDns01AcmeDns | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
accountSecretRef: toJson_ChallengeSpecSolverDns01AcmeDnsAccountSecretRef(
obj.accountSecretRef
),
host: obj.host
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Use the Akamai DNS zone management API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01Akamai
*/
export interface ChallengeSpecSolverDns01Akamai {
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a
* required field.
*
* @schema ChallengeSpecSolverDns01Akamai#accessTokenSecretRef
*/
readonly accessTokenSecretRef: ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a
* required field.
*
* @schema ChallengeSpecSolverDns01Akamai#clientSecretSecretRef
*/
readonly clientSecretSecretRef: ChallengeSpecSolverDns01AkamaiClientSecretSecretRef
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a
* required field.
*
* @schema ChallengeSpecSolverDns01Akamai#clientTokenSecretRef
*/
readonly clientTokenSecretRef: ChallengeSpecSolverDns01AkamaiClientTokenSecretRef
/** @schema ChallengeSpecSolverDns01Akamai#serviceConsumerDomain */
readonly serviceConsumerDomain: string
}
/** Converts an object of type 'ChallengeSpecSolverDns01Akamai' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01Akamai(
obj: ChallengeSpecSolverDns01Akamai | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
accessTokenSecretRef: toJson_ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef(
obj.accessTokenSecretRef
),
clientSecretSecretRef: toJson_ChallengeSpecSolverDns01AkamaiClientSecretSecretRef(
obj.clientSecretSecretRef
),
clientTokenSecretRef: toJson_ChallengeSpecSolverDns01AkamaiClientTokenSecretRef(
obj.clientTokenSecretRef
),
serviceConsumerDomain: obj.serviceConsumerDomain
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Use the Microsoft Azure DNS API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01AzureDns
*/
export interface ChallengeSpecSolverDns01AzureDns {
/**
* Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to
* authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set.
*
* @schema ChallengeSpecSolverDns01AzureDns#clientID
*/
readonly clientId?: string
/**
* Auth: Azure Service Principal: A reference to a Secret containing the password associated
* with the Service Principal. If set, ClientID and TenantID must also be set.
*
* @schema ChallengeSpecSolverDns01AzureDns#clientSecretSecretRef
*/
readonly clientSecretSecretRef?: ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef
/**
* Name of the Azure environment (default AzurePublicCloud)
*
* @schema ChallengeSpecSolverDns01AzureDns#environment
*/
readonly environment?: ChallengeSpecSolverDns01AzureDnsEnvironment
/**
* Name of the DNS zone that should be used
*
* @schema ChallengeSpecSolverDns01AzureDns#hostedZoneName
*/
readonly hostedZoneName?: string
/**
* Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure
* Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and
* TenantID must not be set.
*
* @schema ChallengeSpecSolverDns01AzureDns#managedIdentity
*/
readonly managedIdentity?: ChallengeSpecSolverDns01AzureDnsManagedIdentity
/**
* Resource group the DNS zone is located in
*
* @schema ChallengeSpecSolverDns01AzureDns#resourceGroupName
*/
readonly resourceGroupName: string
/**
* ID of the Azure subscription
*
* @schema ChallengeSpecSolverDns01AzureDns#subscriptionID
*/
readonly subscriptionId: string
/**
* Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to
* authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set.
*
* @schema ChallengeSpecSolverDns01AzureDns#tenantID
*/
readonly tenantId?: string
}
/** Converts an object of type 'ChallengeSpecSolverDns01AzureDns' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01AzureDns(
obj: ChallengeSpecSolverDns01AzureDns | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
clientID: obj.clientId,
clientSecretSecretRef: toJson_ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef(
obj.clientSecretSecretRef
),
environment: obj.environment,
hostedZoneName: obj.hostedZoneName,
managedIdentity: toJson_ChallengeSpecSolverDns01AzureDnsManagedIdentity(
obj.managedIdentity
),
resourceGroupName: obj.resourceGroupName,
subscriptionID: obj.subscriptionId,
tenantID: obj.tenantId
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Use the Google Cloud DNS API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01CloudDns
*/
export interface ChallengeSpecSolverDns01CloudDns {
/**
* HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the
* challenge record has to be created. If left empty cert-manager will automatically choose a
* zone.
*
* @schema ChallengeSpecSolverDns01CloudDns#hostedZoneName
*/
readonly hostedZoneName?: string
/** @schema ChallengeSpecSolverDns01CloudDns#project */
readonly project: string
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a
* required field.
*
* @schema ChallengeSpecSolverDns01CloudDns#serviceAccountSecretRef
*/
readonly serviceAccountSecretRef?: ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef
}
/** Converts an object of type 'ChallengeSpecSolverDns01CloudDns' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01CloudDns(
obj: ChallengeSpecSolverDns01CloudDns | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
hostedZoneName: obj.hostedZoneName,
project: obj.project,
serviceAccountSecretRef: toJson_ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef(
obj.serviceAccountSecretRef
)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Use the Cloudflare API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01Cloudflare
*/
export interface ChallengeSpecSolverDns01Cloudflare {
/**
* API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is
* now the recommended method as it allows greater control of permissions.
*
* @schema ChallengeSpecSolverDns01Cloudflare#apiKeySecretRef
*/
readonly apiKeySecretRef?: ChallengeSpecSolverDns01CloudflareApiKeySecretRef
/**
* API token used to authenticate with Cloudflare.
*
* @schema ChallengeSpecSolverDns01Cloudflare#apiTokenSecretRef
*/
readonly apiTokenSecretRef?: ChallengeSpecSolverDns01CloudflareApiTokenSecretRef
/**
* Email of the account, only required when using API key based authentication.
*
* @schema ChallengeSpecSolverDns01Cloudflare#email
*/
readonly email?: string
}
/** Converts an object of type 'ChallengeSpecSolverDns01Cloudflare' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01Cloudflare(
obj: ChallengeSpecSolverDns01Cloudflare | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
apiKeySecretRef: toJson_ChallengeSpecSolverDns01CloudflareApiKeySecretRef(
obj.apiKeySecretRef
),
apiTokenSecretRef: toJson_ChallengeSpecSolverDns01CloudflareApiTokenSecretRef(
obj.apiTokenSecretRef
),
email: obj.email
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS
* zones.
*
* @schema ChallengeSpecSolverDns01CnameStrategy
*/
export enum ChallengeSpecSolverDns01CnameStrategy {
/** None */
NONE = "None",
/** Follow */
FOLLOW = "Follow"
}
/**
* Use the DigitalOcean DNS API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01Digitalocean
*/
export interface ChallengeSpecSolverDns01Digitalocean {
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a
* required field.
*
* @schema ChallengeSpecSolverDns01Digitalocean#tokenSecretRef
*/
readonly tokenSecretRef: ChallengeSpecSolverDns01DigitaloceanTokenSecretRef
}
/** Converts an object of type 'ChallengeSpecSolverDns01Digitalocean' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01Digitalocean(
obj: ChallengeSpecSolverDns01Digitalocean | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
tokenSecretRef: toJson_ChallengeSpecSolverDns01DigitaloceanTokenSecretRef(
obj.tokenSecretRef
)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Use RFC2136 ("Dynamic Updates in the Domain Name System")
* (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01Rfc2136
*/
export interface ChallengeSpecSolverDns01Rfc2136 {
/**
* The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form
* host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g
* [2001:db8::1]) ; port is optional. This field is required.
*
* @schema ChallengeSpecSolverDns01Rfc2136#nameserver
*/
readonly nameserver: string
/**
* The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when
* `tsigSecretSecretRef` and `tsigKeyName` are defined. Supported values are (case-insensitive):
* `HMACMD5` (default), `HMACSHA1`, `HMACSHA256` or `HMACSHA512`.
*
* @schema ChallengeSpecSolverDns01Rfc2136#tsigAlgorithm
*/
readonly tsigAlgorithm?: string
/**
* The TSIG Key name configured in the DNS. If `tsigSecretSecretRef` is defined, this field is
* required.
*
* @schema ChallengeSpecSolverDns01Rfc2136#tsigKeyName
*/
readonly tsigKeyName?: string
/**
* The name of the secret containing the TSIG value. If `tsigKeyName` is defined, this field is
* required.
*
* @schema ChallengeSpecSolverDns01Rfc2136#tsigSecretSecretRef
*/
readonly tsigSecretSecretRef?: ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef
}
/** Converts an object of type 'ChallengeSpecSolverDns01Rfc2136' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01Rfc2136(
obj: ChallengeSpecSolverDns01Rfc2136 | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
nameserver: obj.nameserver,
tsigAlgorithm: obj.tsigAlgorithm,
tsigKeyName: obj.tsigKeyName,
tsigSecretSecretRef: toJson_ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef(
obj.tsigSecretSecretRef
)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Use the AWS Route53 API to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01Route53
*/
export interface ChallengeSpecSolverDns01Route53 {
/**
* The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If
* neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials
* file or AWS Instance metadata, see:
* https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
*
* @schema ChallengeSpecSolverDns01Route53#accessKeyID
*/
readonly accessKeyId?: string
/**
* The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key
* within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key
* nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance
* metadata, see:
* https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
*
* @schema ChallengeSpecSolverDns01Route53#accessKeyIDSecretRef
*/
readonly accessKeyIdSecretRef?: ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef
/**
* Auth configures how cert-manager authenticates.
*
* @schema ChallengeSpecSolverDns01Route53#auth
*/
readonly auth?: ChallengeSpecSolverDns01Route53Auth
/**
* If set, the provider will manage only this zone in Route53 and will not do a lookup using the
* route53:ListHostedZonesByName api call.
*
* @schema ChallengeSpecSolverDns01Route53#hostedZoneID
*/
readonly hostedZoneId?: string
/**
* Override the AWS region.
*
* Route53 is a global service and does not have regional endpoints but the region specified
* here (or via environment variables) is used as a hint to help compute the correct AWS
* credential scope and partition when it connects to Route53. See:
*
* - [Amazon Route 53 endpoints and
* quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html)
* - [Global
* services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html)
*
* If you omit this region field, cert-manager will use the region from AWS_REGION and
* AWS_DEFAULT_REGION environment variables, if they are set in the cert-manager controller
* Pod.
*
* The `region` field is not needed if you use [IAM Roles for Service Accounts
* (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
* Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by:
* [Amazon EKS Pod Identity Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook). In
* this case this `region` field value is ignored.
*
* The `region` field is not needed if you use [EKS Pod
* Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). Instead an
* AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS
* Pod Identity Agent](https://github.com/aws/eks-pod-identity-agent), In this case this
* `region` field value is ignored.
*
* @schema ChallengeSpecSolverDns01Route53#region
*/
readonly region?: string
/**
* Role is a Role ARN which the Route53 provider will assume using either the explicit
* credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment
* variables, shared credentials file or AWS Instance metadata
*
* @schema ChallengeSpecSolverDns01Route53#role
*/
readonly role?: string
/**
* The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set,
* we fall-back to using env vars, shared credentials file or AWS Instance metadata, see:
* https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
*
* @schema ChallengeSpecSolverDns01Route53#secretAccessKeySecretRef
*/
readonly secretAccessKeySecretRef?: ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef
}
/** Converts an object of type 'ChallengeSpecSolverDns01Route53' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01Route53(
obj: ChallengeSpecSolverDns01Route53 | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
accessKeyID: obj.accessKeyId,
accessKeyIDSecretRef: toJson_ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef(
obj.accessKeyIdSecretRef
),
auth: toJson_ChallengeSpecSolverDns01Route53Auth(obj.auth),
hostedZoneID: obj.hostedZoneId,
region: obj.region,
role: obj.role,
secretAccessKeySecretRef: toJson_ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef(
obj.secretAccessKeySecretRef
)
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
*
* @schema ChallengeSpecSolverDns01Webhook
*/
export interface ChallengeSpecSolverDns01Webhook {
/**
* Additional configuration that should be passed to the webhook apiserver when challenges are
* processed. This can contain arbitrary JSON data. Secret values should not be specified in
* this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use
* a SecretKeySelector to reference a Secret resource. For details on the schema of this field,
* consult the webhook provider implementation's documentation.
*
* @schema ChallengeSpecSolverDns01Webhook#config
*/
readonly config?: any
/**
* The API group name that should be used when POSTing ChallengePayload resources to the webhook
* apiserver. This should be the same as the GroupName specified in the webhook provider
* implementation.
*
* @schema ChallengeSpecSolverDns01Webhook#groupName
*/
readonly groupName: string
/**
* The name of the solver to use, as defined in the webhook provider implementation. This will
* typically be the name of the provider, e.g. 'cloudflare'.
*
* @schema ChallengeSpecSolverDns01Webhook#solverName
*/
readonly solverName: string
}
/** Converts an object of type 'ChallengeSpecSolverDns01Webhook' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01Webhook(
obj: ChallengeSpecSolverDns01Webhook | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
config: obj.config,
groupName: obj.groupName,
solverName: obj.solverName
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* The Gateway API is a sig-network community API that models service networking in Kubernetes
* (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified
* labels in the same namespace as the challenge. This solver is experimental, and fields /
* behaviour may change in the future.
*
* @schema ChallengeSpecSolverHttp01GatewayHttpRoute
*/
export interface ChallengeSpecSolverHttp01GatewayHttpRoute {
/**
* Custom labels that will be applied to HTTPRoutes created by cert-manager while solving
* HTTP-01 challenges.
*
* @schema ChallengeSpecSolverHttp01GatewayHttpRoute#labels
*/
readonly labels?: { [key: string]: string }
/**
* When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to
* know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef
* references a Gateway. See:
* https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways
*
* @schema ChallengeSpecSolverHttp01GatewayHttpRoute#parentRefs
*/
readonly parentRefs?: ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs[]
/**
* Optional pod template used to configure the ACME challenge solver pods used for HTTP01
* challenges.
*
* @schema ChallengeSpecSolverHttp01GatewayHttpRoute#podTemplate
*/
readonly podTemplate?: ChallengeSpecSolverHttp01GatewayHttpRoutePodTemplate
/**
* Optional service type for Kubernetes solver service. Supported values are NodePort or
* ClusterIP. If unset, defaults to NodePort.
*
* @schema ChallengeSpecSolverHttp01GatewayHttpRoute#serviceType
*/
readonly serviceType?: string
}
/** Converts an object of type 'ChallengeSpecSolverHttp01GatewayHttpRoute' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverHttp01GatewayHttpRoute(
obj: ChallengeSpecSolverHttp01GatewayHttpRoute | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
labels:
obj.labels === undefined
? undefined
: Object.entries(obj.labels).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
),
parentRefs: obj.parentRefs?.map(y =>
toJson_ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs(y)
),
podTemplate: toJson_ChallengeSpecSolverHttp01GatewayHttpRoutePodTemplate(obj.podTemplate),
serviceType: obj.serviceType
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress
* resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver'
* pods that are provisioned by cert-manager for each Challenge to be completed.
*
* @schema ChallengeSpecSolverHttp01Ingress
*/
export interface ChallengeSpecSolverHttp01Ingress {
/**
* This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress
* resources to solve ACME challenges that use this challenge solver. Only one of `class`,
* `name` or `ingressClassName` may be specified.
*
* @schema ChallengeSpecSolverHttp01Ingress#class
*/
readonly class?: string
/**
* This field configures the field `ingressClassName` on the created Ingress resources used to
* solve ACME challenges that use this challenge solver. This is the recommended way of
* configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be
* specified.
*
* @schema ChallengeSpecSolverHttp01Ingress#ingressClassName
*/
readonly ingressClassName?: string
/**
* Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01
* challenges.
*
* @schema ChallengeSpecSolverHttp01Ingress#ingressTemplate
*/
readonly ingressTemplate?: ChallengeSpecSolverHttp01IngressIngressTemplate
/**
* The name of the ingress resource that should have ACME challenge solving routes inserted into
* it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress
* controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress
* resources. Only one of `class`, `name` or `ingressClassName` may be specified.
*
* @schema ChallengeSpecSolverHttp01Ingress#name
*/
readonly name?: string
/**
* Optional pod template used to configure the ACME challenge solver pods used for HTTP01
* challenges.
*
* @schema ChallengeSpecSolverHttp01Ingress#podTemplate
*/
readonly podTemplate?: ChallengeSpecSolverHttp01IngressPodTemplate
/**
* Optional service type for Kubernetes solver service. Supported values are NodePort or
* ClusterIP. If unset, defaults to NodePort.
*
* @schema ChallengeSpecSolverHttp01Ingress#serviceType
*/
readonly serviceType?: string
}
/** Converts an object of type 'ChallengeSpecSolverHttp01Ingress' to JSON representation. */
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverHttp01Ingress(
obj: ChallengeSpecSolverHttp01Ingress | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
class: obj.class,
ingressClassName: obj.ingressClassName,
ingressTemplate: toJson_ChallengeSpecSolverHttp01IngressIngressTemplate(
obj.ingressTemplate
),
name: obj.name,
podTemplate: toJson_ChallengeSpecSolverHttp01IngressPodTemplate(obj.podTemplate),
serviceType: obj.serviceType
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required
* field.
*
* @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef
*/
export interface ChallengeSpecSolverDns01AcmeDnsAccountSecretRef {
/**
* The key of the entry in the Secret resource's `data` field to be used. Some instances of this
* field may be defaulted, in others it may be required.
*
* @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef#key
*/
readonly key?: string
/**
* Name of the resource being referred to. More info:
* https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
*
* @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef#name
*/
readonly name: string
}
/**
* Converts an object of type 'ChallengeSpecSolverDns01AcmeDnsAccountSecretRef' to JSON
* representation.
*/
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01AcmeDnsAccountSecretRef(
obj: ChallengeSpecSolverDns01AcmeDnsAccountSecretRef | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
key: obj.key,
name: obj.name
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required
* field.
*
* @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef
*/
export interface ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef {
/**
* The key of the entry in the Secret resource's `data` field to be used. Some instances of this
* field may be defaulted, in others it may be required.
*
* @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef#key
*/
readonly key?: string
/**
* Name of the resource being referred to. More info:
* https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
*
* @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef#name
*/
readonly name: string
}
/**
* Converts an object of type 'ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef' to JSON
* representation.
*/
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef(
obj: ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
key: obj.key,
name: obj.name
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required
* field.
*
* @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef
*/
export interface ChallengeSpecSolverDns01AkamaiClientSecretSecretRef {
/**
* The key of the entry in the Secret resource's `data` field to be used. Some instances of this
* field may be defaulted, in others it may be required.
*
* @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef#key
*/
readonly key?: string
/**
* Name of the resource being referred to. More info:
* https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
*
* @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef#name
*/
readonly name: string
}
/**
* Converts an object of type 'ChallengeSpecSolverDns01AkamaiClientSecretSecretRef' to JSON
* representation.
*/
/* eslint-disable max-len, quote-props */
export function toJson_ChallengeSpecSolverDns01AkamaiClientSecretSecretRef(
obj: ChallengeSpecSolverDns01AkamaiClientSecretSecretRef | undefined
): Record<string, any> | undefined {
if (obj === undefined) {
return undefined
}
const result = {
key: obj.key,
name: obj.name
}
// filter undefined values
return Object.entries(result).reduce(
(r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }),
{}
)
}
/* eslint-enable max-len, quote-props */
/**
* A reference to a specific