CertificateRequest is a namespaced resource in cert-manager that is used
to request x509 certificates from an
Issuer. The resource
contains a base64 encoded string of a PEM encoded certificate request which is
sent to the referenced issuer. A successful issuance will return a signed
certificate, based on the certificate signing request.
typically consumed and managed by controllers or other systems and should not be
used by humans - unless specifically needed.
CertificateRequest looks like the following:
CertificateRequest will make cert-manager attempt to request the
ca-issuer in the default issuer group
cert-manager.io, return a
certificate based upon the certificate signing request. Other groups can be
specified inside the
issuerRef which will change the targeted issuer to other
external, third party issuers you may have installed.
The resource also exposes the option for stating the certificate as CA, Key Usages, and requested validity duration.
A successful issuance of the certificate signing request will cause an update to
the resource, setting the status with the signed certificate, the CA of the
certificate (if available), and setting the
Ready condition to
Whether issuance of the certificate signing request was successful or not, a retry of the
issuance will not happen. It is the responsibility of some other controller to
manage the logic and life cycle of
CertificateRequests have a set of strongly defined conditions that should be
used and relied upon by controllers or services to make decisions on what
actions to take next on the resource. Each condition consists of the pair
Ready - a boolean value, and
Reason - a string. The set of values and
meanings are as follows:
|False||Failed||The certificate has failed to be issued - either the returned certificate failed to be decoded or an instance of the referenced issuer used for signing failed. No further action will be taken on the |
|True||Issued||A signed certificate has been successfully issued by the referenced |