c5924f54a1
Previously it wasn't possible to set a custom CA bundle for an ACME server, leading users to either patch the cert-manager system CA bundle manually or else use SkipTLSVerify which is a security issue. This adds CABundle for ACME, similar to what we have for Vault and Venafi TPP issuers. Longer term we'd like to have a more fully featured approach. It would for example make sense to support loading CA bundles from ConfigMaps or Secrets (similar to what we do for Vault issuers today), but for now this change is the simplest change. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io> |
||
|---|---|---|
| .. | ||
| crd-certificaterequests.yaml | ||
| crd-certificates.yaml | ||
| crd-challenges.yaml | ||
| crd-clusterissuers.yaml | ||
| crd-issuers.yaml | ||
| crd-orders.yaml | ||
| README.md | ||
CRDs source directory
Warning
: if you are an end-user, you do NOT need to use the files in this directory. These files are for development purposes only.
This directory contains 'source code' used to build our CustomResourceDefinition resources in a way that can be consumed by all our different deployment methods.
This package exposes a number of different Bazel targets:
templates: the Helm templates for the CRD manifestscrds: the templated CRD manifests (after runninghelm template)crd.templated: for each CRD type, the one CRD after runninghelm templatetemplated_files: a filegroup containing all of the individual templated CRD files
Most users should never utilise the files in this directory directly. Instead, Bazel
build targets in other packages (i.e. //deploy/manifests, //deploy/charts etc)
will be configured to automatically consume the appropriate artifact listed above.