Common Configuration Objects
Common configuration objects shared by the different install APIs.
CertManagerSettings
CertManagerSettings represents the settings used for the cert-manager installation. TSB supports installing and managing the lifecycle of the cert-manager installation.
Field | Description | Validation Rule |
---|---|---|
managed | tetrateio.api.install.common.CertManagerSettings.Managed | – |
certManagerSpec | tetrateio.api.install.common.CertManagerSettings.CertManagerSpec | – |
certManagerWebhookSpec | tetrateio.api.install.common.CertManagerSettings.CertManagerWebhookSpec | – |
certManagerCaInjector | tetrateio.api.install.common.CertManagerSettings.CertManagerCAInjector | – |
certManagerStartupapicheck | tetrateio.api.install.common.CertManagerSettings.CertManagerStartupAPICheck | – |
CertManagerCAInjector
CertManagerCAInjector represents the settings used for cert-manager CAInjector installation in the clusters.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
CertManagerSpec
CertManagerSpec represents the settings used for cert-manager controller installation in the clusters.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
CertManagerStartupAPICheck
CertManagerStartupAPICheck represents the settings used for cert-manager startup API check job installation in the clusters.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesJobComponentSpec | – |
CertManagerWebhookSpec
CertManagerWebhookSpec represents the settings used for cert-manager Webhook installation in the clusters.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
ConfigProtection
ConfigProtection contains settings for enabling/disabling config protection over XCP created resources. Config protections are disabled by default. Example:
configProtection:
enableAuthorizedUpdateDeleteOnXcpConfigs: true
enableAuthorizedCreateUpdateDeleteOnXcpConfigs: true
authorizedUsers:
- user1
- system:serviceaccount:ns1:serviceaccount-1
Field | Description | Validation Rule |
---|---|---|
enableAuthorizedUpdateDeleteOnXcpConfigs | bool | – |
enableAuthorizedCreateUpdateDeleteOnXcpConfigs | bool | – |
authorizedUsers | List of string | – |
CustomCertProviderSettings
CustomCertProviderSettings represents the settings used for the custom certificate provider. Users can configure the CSR signer required for certificate signing and point to the CA bundle to be used to validate the certificates.
Field | Description | Validation Rule |
---|---|---|
csrSignerName | string | string = { |
caBundleSecretName | string | string = { |
InternalCertProvider
InternalCertProvider describes the certificate provider configuration for TSB internal purposes like kubernetes webhook certificate. TSB supports cert-manager out of the box.
Field | Description | Validation Rule |
---|---|---|
certManager | tetrateio.api.install.common.CertManagerSettings oneof _internal_cert_provider | – |
custom | tetrateio.api.install.common.CustomCertProviderSettings oneof _internal_cert_provider | – |
Managed
If INTERNAL, TSB will install and manage cert-manager. In case a pre-existing installation is found, the operator will not install cert-manager and fail. If EXTERNAL, TSB would rely on a pre installed cert-manager for use. Pre installed cert-manager should support signing requests raised through Kubernetes CSR
Field | Number | Description |
---|---|---|
INTERNAL | 0 | INTERNAL represents that TSB will install and manager cert-manager in the cluster. In case a pre-existing installation is found, the operator will not install cert-manager and fail. |
EXTERNAL | 1 | EXTERNAL represents that TSB will rely on a pre installed cert-manager for use. Pre installed cert-manager should support signing requests raised through Kubernetes CSR |