{ "properties": { "apiVersion": { "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "kind": { "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "description": { "description": "A human-readable description of the resource.", "type": "string" }, "location": { "description": "Immutable. The Certificate Manager location. If not specified, \"global\" is used.", "type": "string" }, "managed": { "description": "Immutable. Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.", "properties": { "authorizationAttemptInfo": { "description": "Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.", "items": { "properties": { "details": { "description": "Human readable explanation for reaching the state. Provided to help\naddress the configuration issues.\nNot guaranteed to be stable. For programmatic access use 'failure_reason' field.", "type": "string" }, "domain": { "description": "Domain name of the authorization attempt.", "type": "string" }, "failureReason": { "description": "Reason for failure of the authorization attempt for the domain.", "type": "string" }, "state": { "description": "State of the domain for managed certificate issuance.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "dnsAuthorizationsRefs": { "items": { "description": "Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specified, but not both.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "Allowed value: string of the format `projects/{{project}}/locations/global/dnsAuthorizations/{{value}}`, where {{value}} is the `name` field of a `CertificateManagerDNSAuthorization` resource.", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "domains": { "description": "Immutable. The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution.", "items": { "type": "string" }, "type": "array" }, "issuanceConfigRef": { "description": "Only the `external` field is supported to configure the reference.\n\nImmutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specified, but not both.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`, where {{value}} is the `name` field of a `CertificateManagerCertificateIssuanceConfig` resource.", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" } }, "type": "object", "additionalProperties": false }, "provisioningIssue": { "description": "Information about issues with provisioning this Managed Certificate.", "items": { "properties": { "details": { "description": "Human readable explanation about the issue. Provided to help address\nthe configuration issues.\nNot guaranteed to be stable. For programmatic access use 'reason' field.", "type": "string" }, "reason": { "description": "Reason for provisioning failures.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "state": { "description": "A state of this Managed Certificate.", "type": "string" } }, "type": "object", "additionalProperties": false }, "projectRef": { "description": "The project that this resource belongs to.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "Allowed value: The `name` field of a `Project` resource.", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" } }, "type": "object", "additionalProperties": false }, "resourceID": { "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", "type": "string" }, "scope": { "description": "Immutable. The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,\nserved from non-core Google data centers.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nsee https://cloud.google.com/compute/docs/regions-zones.", "type": "string" }, "selfManaged": { "description": "Immutable. Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.", "properties": { "certificatePem": { "description": "DEPRECATED. `certificate_pem` is deprecated. Use `pem_certificate` instead. Immutable. The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.", "oneOf": [ { "not": { "required": [ "valueFrom" ] }, "required": [ "value" ] }, { "not": { "required": [ "value" ] }, "required": [ "valueFrom" ] } ], "properties": { "value": { "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", "type": "string" }, "valueFrom": { "description": "Source for the field's value. Cannot be used if 'value' is specified.", "properties": { "secretKeyRef": { "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", "properties": { "key": { "description": "Key that identifies the value to be extracted.", "type": "string" }, "name": { "description": "Name of the Secret to extract a value from.", "type": "string" } }, "required": [ "name", "key" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "pemCertificate": { "description": "Immutable. The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.", "type": "string" }, "pemPrivateKey": { "description": "Immutable. The private key of the leaf certificate in PEM-encoded form.", "oneOf": [ { "not": { "required": [ "valueFrom" ] }, "required": [ "value" ] }, { "not": { "required": [ "value" ] }, "required": [ "valueFrom" ] } ], "properties": { "value": { "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", "type": "string" }, "valueFrom": { "description": "Source for the field's value. Cannot be used if 'value' is specified.", "properties": { "secretKeyRef": { "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", "properties": { "key": { "description": "Key that identifies the value to be extracted.", "type": "string" }, "name": { "description": "Name of the Secret to extract a value from.", "type": "string" } }, "required": [ "name", "key" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "privateKeyPem": { "description": "DEPRECATED. `private_key_pem` is deprecated. Use `pem_private_key` instead. Immutable. The private key of the leaf certificate in PEM-encoded form.", "oneOf": [ { "not": { "required": [ "valueFrom" ] }, "required": [ "value" ] }, { "not": { "required": [ "value" ] }, "required": [ "valueFrom" ] } ], "properties": { "value": { "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", "type": "string" }, "valueFrom": { "description": "Source for the field's value. Cannot be used if 'value' is specified.", "properties": { "secretKeyRef": { "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", "properties": { "key": { "description": "Key that identifies the value to be extracted.", "type": "string" }, "name": { "description": "Name of the Secret to extract a value from.", "type": "string" } }, "required": [ "name", "key" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "location", "projectRef" ], "type": "object", "additionalProperties": false }, "status": { "properties": { "conditions": { "description": "Conditions represent the latest available observation of the resource's current state.", "items": { "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "type": "string" }, "message": { "description": "Human-readable message indicating details about last transition.", "type": "string" }, "reason": { "description": "Unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status is the status of the condition. Can be True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the condition.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "observedGeneration": { "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }