Class AcmeIssuer
The Kubernetes spec for a cert-manager ClusterIssuer.
Namespace: Neon.Kube.Resources.CertManager
Assembly: Neon.Kube.Resources.dll
Syntax
public class AcmeIssuerConstructors
AcmeIssuer()
Constructor.
Declaration
public AcmeIssuer()Properties
DisableAccountKeyGeneration
Enables or disables generating a new ACME account key. If true, the Issuer resource will not request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.
Declaration
[JsonProperty(PropertyName = "disableAccountKeyGeneration", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "disableAccountKeyGeneration", ApplyNamingConventions = false)]
public bool? DisableAccountKeyGeneration { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.
Declaration
[JsonProperty(PropertyName = "email", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "email", ApplyNamingConventions = false)]
public string Email { get; set; }Property Value
| Type | Description |
|---|---|
| string |
EnableDurationFeature
Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let’s Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.
Declaration
[JsonProperty(PropertyName = "enableDurationFeature", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "enableDurationFeature", ApplyNamingConventions = false)]
public bool? EnableDurationFeature { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
ExternalAccountBinding
ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.
Declaration
[JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
[JsonProperty(PropertyName = "externalAccountBinding", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "externalAccountBinding", ApplyNamingConventions = false)]
public AcmeExternalAccountBinding ExternalAccountBinding { get; set; }Property Value
| Type | Description |
|---|---|
| AcmeExternalAccountBinding |
PreferredChain
PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let’s Encrypt’s DST crosssign you would use: “DST Root CA X3” or “ISRG Root X1” for the newer Let’s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer’s CN
Declaration
[JsonProperty(PropertyName = "preferredChain", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "preferredChain", ApplyNamingConventions = false)]
public string PreferredChain { get; set; }Property Value
| Type | Description |
|---|---|
| string |
PrivateKey
Specifies the private key.
Declaration
[JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
[JsonProperty(PropertyName = "privateKey", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "privateKey", ApplyNamingConventions = false, ScalarStyle = ScalarStyle.Literal)]
public string PrivateKey { get; set; }Property Value
| Type | Description |
|---|---|
| string |
PrivateKeySecretRef
PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a key may be specified to select a specific entry within the named Secret resource. If key is not specified, a default of tls.key will be used.
Declaration
[JsonProperty(PropertyName = "privateKeySecretRef", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public AcmeSecretKeySelector PrivateKeySecretRef { get; set; }Property Value
| Type | Description |
|---|---|
| AcmeSecretKeySelector |
Server
Server is the URL used to access the ACME server’s ‘directory’ endpoint. For example, for Let’s Encrypt’s staging endpoint, you would use: “https://acme-staging-v02.api.letsencrypt.org/directory”. Only ACME v2 endpoints (i.e. RFC 8555) are supported.
Declaration
[JsonProperty(PropertyName = "server", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "server", ApplyNamingConventions = false)]
public string Server { get; set; }Property Value
| Type | Description |
|---|---|
| string |
SkipTlsVerify
Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.
Declaration
[JsonProperty(PropertyName = "skipTLSVerify", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "skipTLSVerify", ApplyNamingConventions = false)]
public bool? SkipTlsVerify { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
Solvers
Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/
Declaration
[JsonProperty(PropertyName = "solvers", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "solvers", ApplyNamingConventions = false)]
public List<AcmeChallengeSolver> Solvers { get; set; }Property Value
| Type | Description |
|---|---|
| List<AcmeChallengeSolver> |
Methods
Validate()
Validates the peoperties.
Declaration
public void Validate()