76eef68730
Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev> |
||
|---|---|---|
| .. | ||
| crd-certificaterequests.yaml | ||
| crd-certificates.yaml | ||
| crd-challenges.yaml | ||
| crd-clusterissuers.yaml | ||
| crd-issuers.yaml | ||
| crd-orders.yaml | ||
| README.md | ||
CRDs source directory
Warning
: if you are an end-user, you do NOT need to use the files in this directory. These files are for development purposes only.
This directory contains 'source code' used to build our CustomResourceDefinition resources in a way that can be consumed by all our different deployment methods.
This package exposes a number of different Bazel targets:
templates: the Helm templates for the CRD manifestscrds: the templated CRD manifests (after runninghelm template)crd.templated: for each CRD type, the one CRD after runninghelm templatetemplated_files: a filegroup containing all of the individual templated CRD files
Most users should never utilise the files in this directory directly. Instead, Bazel
build targets in other packages (i.e. //deploy/manifests, //deploy/charts etc)
will be configured to automatically consume the appropriate artifact listed above.