Desired state of the Bundle resource.

Status of the Bundle. This is set and managed automatically.

Sources is a set of references to data whose data will sync to the target.

Target is the target location in all namespaces to sync source data to.

ConfigMap is a reference (by name) to a ConfigMap's data key, or to a list of ConfigMap's data key using label selector, in the trust Namespace.

InLine is a simple string to append as the source data.

Secret is a reference (by name) to a Secret's data key, or to a list of Secret's data key using label selector, in the trust Namespace.

UseDefaultCAs, when true, requests the default CA bundle to be used as a source. Default CAs are available if trust-manager was installed via Helm or was otherwise set up to include a package-injecting init container by using the "--default-package-location" flag when starting the trust-manager controller. If default CAs were not configured at start-up, any request to use the default CAs will fail. The version of the default CA package which is used for a Bundle is stored in the defaultCAPackageVersion field of the Bundle's status field.

Key is the key of the entry in the object's data field to be used.

Name is the name of the source object in the trust Namespace. This field must be left empty when selector is set

Selector is the label selector to use to fetch a list of objects. Must not be set when Name is set.

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels is a map of key-value pairs. A single key-value in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

key is the label key that the selector applies to.

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Key is the key of the entry in the object's data field to be used.

Name is the name of the source object in the trust Namespace. This field must be left empty when selector is set

Selector is the label selector to use to fetch a list of objects. Must not be set when Name is set.

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels is a map of key-value pairs. A single key-value in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

key is the label key that the selector applies to.

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

AdditionalFormats specifies any additional formats to write to the target

ConfigMap is the target ConfigMap in Namespaces that all Bundle source data will be synced to.

NamespaceSelector will, if set, only sync the target resource in Namespaces which match the selector.

Secret is the target Secret that all Bundle source data will be synced to. Using Secrets as targets is only supported if enabled at trust-manager startup. By default, trust-manager has no permissions for writing to secrets and can only read secrets in the trust namespace.

JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle has "changeit" as the default password. For more information refer to this link https://cert-manager.io/docs/faq/#keystore-passwords

PKCS12 requests a PKCS12-formatted binary trust bundle to be written to the target. The bundle is by default created without a password.

Key is the key of the entry in the object's data field to be used.

Password for JKS trust store

Default: changeit

Key is the key of the entry in the object's data field to be used.

Password for PKCS12 trust store

Default:

Key is the key of the entry in the object's data field to be used.

MatchLabels matches on the set of labels that must be present on a Namespace for the Bundle target to be synced there.

Key is the key of the entry in the object's data field to be used.

List of status conditions to indicate the status of the Bundle. Known condition types are Bundle.

DefaultCAPackageVersion, if set and non-empty, indicates the version information which was retrieved when the set of default CAs was requested in the bundle source. This should only be set if useDefaultCAs was set to "true" on a source, and will be the same for the same version of a bundle with identical certificates.

LastTransitionTime is the timestamp corresponding to the last status change of this condition.

Format: date-time

Reason is a brief machine-readable explanation for the condition's last transition. The value should be a CamelCase string. This field may not be empty.

Status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

Type of the condition, known values are (Synced).

Message is a human-readable description of the details of the last transition, complementing reason.

If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Bundle.

Format: int64
Minimum: 0