-
Notifications
You must be signed in to change notification settings - Fork 344
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update Certificate example and add literalSubject field
Signed-off-by: Tim Ramlot <[email protected]>
- Loading branch information
Showing
1 changed file
with
32 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -58,35 +58,58 @@ spec: | |
| labels: | ||
| my-secret-label: foo | ||
|
|
||
| privateKey: | ||
| algorithm: RSA | ||
| encoding: PKCS1 | ||
| size: 2048 | ||
|
|
||
| # keystores allows adding additional output formats. This is an example for reference only. | ||
| keystores: | ||
| pkcs12: | ||
| create: true | ||
| passwordSecretRef: | ||
| name: example-com-tls-keystore | ||
| key: password | ||
| profile: Modern2023 | ||
|
|
||
| duration: 2160h # 90d | ||
| renewBefore: 360h # 15d | ||
|
|
||
| isCA: false | ||
| usages: | ||
| - server auth | ||
| - client auth | ||
|
|
||
| subject: | ||
| organizations: | ||
| - jetstack | ||
| # The use of the common name field has been deprecated since 2000 and is | ||
| # discouraged from being used. | ||
| commonName: example.com | ||
| isCA: false | ||
| privateKey: | ||
| algorithm: RSA | ||
| encoding: PKCS1 | ||
| size: 2048 | ||
| usages: | ||
| - server auth | ||
| - client auth | ||
| # At least one of a DNS Name, URI, IP address or otherName is required. | ||
|
|
||
| # The literalSubject field is exclusive with subject and commonName. It allows | ||
| # specifying the subject directly as a string. This is useful for when the order | ||
| # of the subject fields is important or when the subject contains special types | ||
| # which can be specified by their OID. | ||
| # | ||
| # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe" | ||
|
|
||
| # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required. | ||
| dnsNames: | ||
| - example.com | ||
| - www.example.com | ||
| uris: | ||
| - spiffe://cluster.local/ns/sandbox/sa/example | ||
| emailAddresses: | ||
| - [email protected] | ||
| ipAddresses: | ||
| - 192.168.0.5 | ||
| # Needs cert-manager 1.14+ and "OtherNames" feature flag | ||
| otherNames: | ||
| # Should only supply oid of ut8 valued types | ||
| - oid: 1.3.6.1.4.1.311.20.2.3 # User Principal Name "OID" | ||
| utf8Value: [email protected] | ||
|
|
||
| # Issuer references are always required. | ||
| issuerRef: | ||
| name: ca-issuer | ||
|
|
@@ -96,15 +119,6 @@ spec: | |
| # This is optional since cert-manager will default to this value however | ||
| # if you are using an external issuer, change this to that issuer group. | ||
| group: cert-manager.io | ||
|
|
||
| # keystores allows adding additional output formats. This is an example for reference only. | ||
| keystores: | ||
| pkcs12: | ||
| create: true | ||
| passwordSecretRef: | ||
| name: example-com-tls-keystore | ||
| key: password | ||
| profile: Modern2023 | ||
| ``` | ||
| The signed certificate will be stored in a `Secret` resource named | ||
|
|
||