update reference docs for release-1.17

Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>
cert-manager · Jan 31, 2025 · 82921b9 · 82921b9
1 parent 62ea937
commit 82921b9
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 25 deletions.
diff --git a/content/docs/cli/cainjector.md b/content/docs/cli/cainjector.md
@@ -25,6 +25,7 @@ Flags:
       --feature-gates mapStringBool                          A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
                                                              AllAlpha=true|false (ALPHA - default=false)
                                                              AllBeta=true|false (BETA - default=false)
+                                                             CAInjectorMerging=true|false (ALPHA - default=false)
                                                              ServerSideApply=true|false (ALPHA - default=false)
   -h, --help                                                 help for cainjector
       --kubeconfig string                                    Paths to a kubeconfig. Only required if out-of-cluster.

diff --git a/content/docs/cli/controller.md b/content/docs/cli/controller.md
@@ -45,13 +45,13 @@ Flags:
                                                              ExperimentalCertificateSigningRequestControllers=true|false (ALPHA - default=false)
                                                              ExperimentalGatewayAPISupport=true|false (BETA - default=true)
                                                              LiteralCertificateSubject=true|false (BETA - default=true)
-                                                             NameConstraints=true|false (ALPHA - default=false)
+                                                             NameConstraints=true|false (BETA - default=true)
                                                              OtherNames=true|false (ALPHA - default=false)
                                                              SecretsFilteredCaching=true|false (BETA - default=true)
                                                              ServerSideApply=true|false (ALPHA - default=false)
                                                              StableCertificateRequestName=true|false (BETA - default=true)
                                                              UseCertificateRequestBasicConstraints=true|false (ALPHA - default=false)
-                                                             UseDomainQualifiedFinalizer=true|false (ALPHA - default=false)
+                                                             UseDomainQualifiedFinalizer=true|false (BETA - default=true)
                                                              ValidateCAA=true|false (ALPHA - default=false)
   -h, --help                                                 help for controller
       --issuer-ambient-credentials                           Whether an issuer may make use of ambient credentials. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the Issuer API object. When this flag is enabled, the following sources for credentials are also used: AWS - All sources the Go SDK defaults to, notably including any EC2 IAM roles available via instance metadata.

diff --git a/content/docs/cli/webhook.md b/content/docs/cli/webhook.md
@@ -26,7 +26,7 @@ Flags:
                                                              AllAlpha=true|false (ALPHA - default=false)
                                                              AllBeta=true|false (BETA - default=false)
                                                              LiteralCertificateSubject=true|false (BETA - default=true)
-                                                             NameConstraints=true|false (ALPHA - default=false)
+                                                             NameConstraints=true|false (BETA - default=true)
                                                              OtherNames=true|false (ALPHA - default=false)
       --healthz-port int32                                   port number to listen on for insecure healthz connections (default 6080)
   -h, --help                                                 help for webhook

diff --git a/content/docs/reference/api-docs.md b/content/docs/reference/api-docs.md
@@ -2167,6 +2167,17 @@ description: >-
         <p>resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity</p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>tenantID</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>tenant ID of the managed identity, can not be used at the same time as resourceID</p>
+      </td>
+    </tr>
   </tbody>
 </table>
 <h3 id="acme.cert-manager.io/v1.CNAMEStrategy"> CNAMEStrategy (<code>string</code> alias) </h3>
@@ -5152,10 +5163,7 @@ description: >-
 <h3 id="cert-manager.io/v1.JKSKeystore">JKSKeystore</h3>
 <p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.CertificateKeystores">CertificateKeystores</a>) </p>
 <div>
-  <p>
-    JKS configures options for storing a JKS keystore in the <code>spec.secretName</code>
-    Secret resource.
-  </p>
+  <p>JKS configures options for storing a JKS keystore in the target secret. Either PasswordSecretRef or Password must be provided.</p>
 </div>
 <table>
   <thead>
@@ -5173,11 +5181,22 @@ description: >-
       </td>
       <td>
         <p>
-          Create enables JKS keystore creation for the Certificate. If true, a file named <code>keystore.jks</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.jks</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>
+          Create enables JKS keystore creation for the Certificate. If true, a file named <code>keystore.jks</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> or <code>password</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.jks</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>
           containing the issuing Certificate Authority
         </p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>alias</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p> Alias specifies the alias of the key in the keystore, required by the JKS format. If not provided, the default alias <code>certificate</code> will be used. </p>
+      </td>
+    </tr>
     <tr>
       <td>
         <code>passwordSecretRef</code>
@@ -5187,18 +5206,19 @@ description: >-
         </em>
       </td>
       <td>
-        <p>PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.</p>
+        <em>(Optional)</em>
+        <p>PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the JKS keystore. Mutually exclusive with password. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
       </td>
     </tr>
     <tr>
       <td>
-        <code>alias</code>
+        <code>password</code>
         <br />
         <em>string</em>
       </td>
       <td>
         <em>(Optional)</em>
-        <p> Alias specifies the alias of the key in the keystore, required by the JKS format. If not provided, the default alias <code>certificate</code> will be used. </p>
+        <p>Password provides a literal password used to encrypt the JKS keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
       </td>
     </tr>
   </tbody>
@@ -5526,36 +5546,48 @@ description: >-
         <em>bool</em>
       </td>
       <td>
-        <p> Create enables PKCS12 keystore creation for the Certificate. If true, a file named <code>keystore.p12</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.p12</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> containing the issuing Certificate Authority </p>
+        <p> Create enables PKCS12 keystore creation for the Certificate. If true, a file named <code>keystore.p12</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> or in <code>password</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.p12</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> containing the issuing Certificate Authority </p>
       </td>
     </tr>
     <tr>
       <td>
-        <code>passwordSecretRef</code>
+        <code>profile</code>
         <br />
         <em>
-          <a href="#meta.cert-manager.io/v1.SecretKeySelector">SecretKeySelector</a>
+          <a href="#cert-manager.io/v1.PKCS12Profile">PKCS12Profile</a>
         </em>
       </td>
       <td>
-        <p>PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.</p>
+        <em>(Optional)</em>
+        <p> Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is <code>LegacyRC2</code> for backward compatibility. </p>
+        <p>
+          If provided, allowed values are:
+          <code>LegacyRC2</code>: Deprecated. Not supported by default in OpenSSL 3 or Java 20. <code>LegacyDES</code>: Less secure algorithm. Use this option for maximal compatibility. <code>Modern2023</code>: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret.
+        </p>
       </td>
     </tr>
     <tr>
       <td>
-        <code>profile</code>
+        <code>passwordSecretRef</code>
         <br />
         <em>
-          <a href="#cert-manager.io/v1.PKCS12Profile">PKCS12Profile</a>
+          <a href="#meta.cert-manager.io/v1.SecretKeySelector">SecretKeySelector</a>
         </em>
       </td>
       <td>
         <em>(Optional)</em>
-        <p> Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is <code>LegacyRC2</code> for backward compatibility. </p>
-        <p>
-          If provided, allowed values are:
-          <code>LegacyRC2</code>: Deprecated. Not supported by default in OpenSSL 3 or Java 20. <code>LegacyDES</code>: Less secure algorithm. Use this option for maximal compatibility. <code>Modern2023</code>: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret.
-        </p>
+        <p>PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the PKCS#12 keystore. Mutually exclusive with password. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>password</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>Password provides a literal password used to encrypt the PKCS#12 keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
       </td>
     </tr>
   </tbody>
@@ -7103,5 +7135,5 @@ description: >-
 </table>
 <hr />
 <p>
-  <em> Generated with <code>gen-crd-api-reference-docs</code> on git commit <code>33df0f2</code>. </em>
+  <em> Generated with <code>gen-crd-api-reference-docs</code> on git commit <code>4562b9a</code>. </em>
 </p>
diff --git a/scripts/gendocs/generate-new-import-path-docs b/scripts/gendocs/generate-new-import-path-docs
@@ -153,8 +153,8 @@ LATEST_VERSION="docs" # to also upgrade a specific version, use v1.13-docs, v1.1
 #genversionwithcli "release-1.13" "v1.13-docs"
 #genversionwithcli "release-1.14" "v1.14-docs"
 #genversionwithcli "release-1.15" "v1.15-docs"
-
-genversionwithcli "release-1.16" "$LATEST_VERSION"
+#genversionwithcli "release-1.16" "v1.16-docs"
+genversionwithcli "release-1.17" "$LATEST_VERSION"
 
 # Rather than generate the same docs again for /docs, copy from the latest version