{ "$schema": "http://json-schema.org/draft-07/schema#", "properties": { "apiVersion": { "type": "string" }, "kind": { "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "additionalOutputFormats": { "items": { "properties": { "type": { "enum": [ "DER", "CombinedPEM" ], "type": "string" } }, "required": [ "type" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "commonName": { "type": "string" }, "dnsNames": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "duration": { "type": "string" }, "emailAddresses": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "encodeUsagesInRequest": { "type": "boolean" }, "ipAddresses": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "isCA": { "type": "boolean" }, "issuerRef": { "properties": { "group": { "type": "string" }, "kind": { "type": "string" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object" }, "keystores": { "properties": { "jks": { "properties": { "alias": { "type": "string" }, "create": { "type": "boolean" }, "password": { "type": "string" }, "passwordSecretRef": { "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object" } }, "required": [ "create" ], "type": "object" }, "pkcs12": { "properties": { "create": { "type": "boolean" }, "password": { "type": "string" }, "passwordSecretRef": { "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object" }, "profile": { "enum": [ "LegacyRC2", "LegacyDES", "Modern2023" ], "type": "string" } }, "required": [ "create" ], "type": "object" } }, "type": "object" }, "literalSubject": { "type": "string" }, "nameConstraints": { "properties": { "critical": { "type": "boolean" }, "excluded": { "properties": { "dnsDomains": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "emailAddresses": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "ipRanges": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "uriDomains": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "permitted": { "properties": { "dnsDomains": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "emailAddresses": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "ipRanges": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "uriDomains": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" } }, "type": "object" }, "otherNames": { "items": { "properties": { "oid": { "type": "string" }, "utf8Value": { "type": "string" } }, "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "privateKey": { "properties": { "algorithm": { "enum": [ "RSA", "ECDSA", "Ed25519" ], "type": "string" }, "encoding": { "enum": [ "PKCS1", "PKCS8" ], "type": "string" }, "rotationPolicy": { "enum": [ "Never", "Always" ], "type": "string" }, "size": { "type": "integer" } }, "type": "object" }, "renewBefore": { "type": "string" }, "renewBeforePercentage": { "format": "int32", "type": "integer" }, "revisionHistoryLimit": { "format": "int32", "type": "integer" }, "secretName": { "type": "string" }, "secretTemplate": { "properties": { "annotations": { "additionalProperties": { "type": "string" }, "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object" }, "signatureAlgorithm": { "enum": [ "SHA256WithRSA", "SHA384WithRSA", "SHA512WithRSA", "ECDSAWithSHA256", "ECDSAWithSHA384", "ECDSAWithSHA512", "PureEd25519" ], "type": "string" }, "subject": { "properties": { "countries": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "localities": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "organizationalUnits": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "organizations": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "postalCodes": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "provinces": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "serialNumber": { "type": "string" }, "streetAddresses": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "uris": { "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "usages": { "items": { "enum": [ "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" ], "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "issuerRef", "secretName" ], "type": "object" }, "status": { "properties": { "conditions": { "items": { "properties": { "lastTransitionTime": { "format": "date-time", "type": "string" }, "message": { "type": "string" }, "observedGeneration": { "format": "int64", "type": "integer" }, "reason": { "type": "string" }, "status": { "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "type": "string" } }, "required": [ "status", "type" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "failedIssuanceAttempts": { "type": "integer" }, "lastFailureTime": { "format": "date-time", "type": "string" }, "nextPrivateKeySecretName": { "type": "string" }, "notAfter": { "format": "date-time", "type": "string" }, "notBefore": { "format": "date-time", "type": "string" }, "renewalTime": { "format": "date-time", "type": "string" }, "revision": { "type": "integer" } }, "type": "object" } }, "type": "object" }