Configuration property fixed at build time - All other configuration properties are overridable at runtime
Type |
Default |
|
|---|---|---|
If enable/disable the Cert-Manager extension. Environment variable: |
boolean |
|
The name of the certificate resource to be generated. If not provided, it will use the default name for the application resources. Environment variable: |
string |
|
SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. Environment variable: |
string |
required |
CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. Environment variable: |
string |
|
The lifetime of the Certificate. Environment variable: |
string |
|
How long before the currently issued certificate’s expiry cert-manager should renew the certificate. The default is 2⁄3 of the issued certificate’s duration. Environment variable: |
string |
|
The list of Subject Alternative Names. Environment variable: |
list of string |
|
The list of IP address subjectAltNames to be set on the Certificate. Environment variable: |
list of string |
|
The list of URI subjectAltNames to be set on the Certificate. Environment variable: |
list of string |
|
The list of email subjectAltNames to be set on the Certificate. Environment variable: |
list of string |
|
If true, it will mark this Certificate as valid for certificate signing. Environment variable: |
boolean |
|
The set of x509 usages that are requested for the certificate. Environment variable: |
list of string |
|
Environment variable: |
boolean |
|
Environment variable: |
string |
|
Environment variable: |
|
|
The reference to the issuer for this certificate This configuration section is optional |
Type |
Default |
The name of the resource being referred to. Environment variable: |
string |
required |
The kind of the resource being referred to. Environment variable: |
string |
|
The group of the resource being referred to. Environment variable: |
string |
|
The CA issuer configuration This configuration section is optional |
Type |
Default |
The name of the secret used to sign Certificates issued by this Issuer. Environment variable: |
string |
required |
The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. Environment variable: |
list of string |
|
The Vault issuer configuration This configuration section is optional |
Type |
Default |
The connection address for the Vault server, e.g: “https://vault.example.com:8200”. Environment variable: |
string |
required |
The mount path of the Vault PKI backend’s sign endpoint, e.g: “my_pki_mount/sign/my-role-name”. Environment variable: |
string |
required |
Environment variable: |
string |
|
The PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Environment variable: |
string |
required |
The reference where to retrieve the Vault token This configuration section is optional |
Type |
Default |
The name of the resource being referred to. Environment variable: |
string |
required |
The key of the entry in the Secret resource’s data field to be used. Environment variable: |
string |
required |
The Vault authentication using App Role auth mechanism This configuration section is optional |
Type |
Default |
The App Role authentication backend is mounted in Vault, e.g: “approle” Environment variable: |
string |
required |
The App Role authentication backend when setting up the authentication backend in Vault. Environment variable: |
string |
required |
The reference to a key in a Secret that contains the App Role secret used to authenticate with Vault This configuration section is optional |
Type |
Default |
The name of the resource being referred to. Environment variable: |
string |
required |
The key of the entry in the Secret resource’s data field to be used. Environment variable: |
string |
required |
The Vault authentication using Kubernetes service account This configuration section is optional |
Type |
Default |
The mount path to use when authenticating with Vault. Environment variable: |
string |
required |
The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Environment variable: |
string |
required |
The reference to a key in a Secret that contains the App Role secret used to authenticate with Vault This configuration section is optional |
Type |
Default |
The name of the resource being referred to. Environment variable: |
string |
required |
The key of the entry in the Secret resource’s data field to be used. Environment variable: |
string |
required |
The self-signed issuer configuration This configuration section is optional |
Type |
Default |
If the self-signed issuer should be generated. Environment variable: |
boolean |
|
The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. Environment variable: |
list of string |
|
Full X509 name specification (https://golang This configuration section is optional |
Type |
Default |
The organizations to be used on the Certificate. Environment variable: |
list of string |
|
The countries to be used on the Certificate. Environment variable: |
list of string |
|
The organizational Units to be used on the Certificate. Environment variable: |
list of string |
|
The cities to be used on the Certificate. Environment variable: |
list of string |
|
The State/Provinces to be used on the Certificate. Environment variable: |
list of string |
|
The street addresses to be used on the Certificate. Environment variable: |
list of string |
|
The postal codes to be used on the Certificate. Environment variable: |
list of string |
|
The serial number to be used on the Certificate. Environment variable: |
string |
|
The Keystores generation configuration This configuration section is optional |
Type |
Default |
JKS configures options for storing a JKS keystore in the spec This configuration section is optional |
Type |
Default |
Create enables keystore creation for the Certificate. Environment variable: |
boolean |
|
The name of the resource being referred to. Environment variable: |
string |
required |
The key of the entry in the Secret resource’s data field to be used. Environment variable: |
string |
required |
PKCS12 configures options for storing a PKCS12 keystore in the spec This configuration section is optional |
Type |
Default |
Create enables keystore creation for the Certificate. Environment variable: |
boolean |
|
The name of the resource being referred to. Environment variable: |
string |
required |
The key of the entry in the Secret resource’s data field to be used. Environment variable: |
string |
required |
#quarkus-certificate_quarkus.certificate.private-key This configuration section is optional |
Type |
Default |
RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. Environment variable: |
|
|
Environment variable: |
|
|
Environment variable: |
|
|
Environment variable: |
int |
|