add coi crd

core/origin-ca-issuer/overlays/prod/crd-clusteroriginissuer.yaml

@@ -0,0 +1,119 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: clusteroriginissuers.cert-manager.k8s.cloudflare.com
+spec:
+  group: cert-manager.k8s.cloudflare.com
+  names:
+    kind: ClusterOriginIssuer
+    listKind: ClusterOriginIssuerList
+    plural: clusteroriginissuers
+    singular: clusteroriginissuer
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: A ClusterOriginIssuer represents the Cloudflare Origin CA as
+          an external cert-manager issuer. It is scoped to a single namespace, so
+          it can be used only by resources in the same namespace.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec is the desired state of the ClusterOriginIssuer resource.
+            properties:
+              auth:
+                description: Auth configures how to authenticate with the Cloudflare
+                  API.
+                properties:
+                  serviceKeyRef:
+                    description: ServiceKeyRef authenticates with an API Service Key.
+                    properties:
+                      key:
+                        description: Key of the secret to select from. Must be a valid
+                          secret key.
+                        type: string
+                      name:
+                        description: Name of the secret in the issuer's namespace
+                          to select. If a cluster-scoped issuer, the secret is selected
+                          from the "cluster resource namespace" configured on the
+                          controller.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                type: object
+              requestType:
+                description: RequestType is the signature algorithm Cloudflare should
+                  use to sign the certificate.
+                enum:
+                - OriginRSA
+                - OriginECC
+                type: string
+            required:
+            - auth
+            - requestType
+            type: object
+          status:
+            description: Status of the ClusterOriginIssuer. This is set and managed
+              automatically.
+            properties:
+              conditions:
+                description: List of status conditions to indicate the status of an
+                  OriginIssuer Known condition types are `Ready`.
+                items:
+                  description: OriginIssuerCondition contains condition information
+                    for the OriginIssuer.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the timestamp corresponding
+                        to the last status change of this condition.
+                      format: date-time
+                      type: string
+                    message:
+                      description: Message is a human readable description of the
+                        details of the last transition1, complementing reason.
+                      type: string
+                    reason:
+                      description: Reason is a brief machine readable explanation
+                        for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of ('True', 'False',
+                        'Unknown')
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: Type of the condition, known values are ('Ready')
+                      enum:
+                      - Ready
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

core/origin-ca-issuer/overlays/prod/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - 0-namespace.yaml
   - crd.yaml
+  - crd-clusteroriginissuer.yaml
   - deployment.yaml
   - role-approver.yaml
   - role.yaml