From 82921b9ed72b99139b9ad17fdcf16b101cc5e788 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Fri, 31 Jan 2025 12:42:38 +0000 Subject: [PATCH] update reference docs for release-1.17 Signed-off-by: Ashley Davis --- content/docs/cli/cainjector.md | 1 + content/docs/cli/controller.md | 4 +- content/docs/cli/webhook.md | 2 +- content/docs/reference/api-docs.md | 72 +++++++++++++------ scripts/gendocs/generate-new-import-path-docs | 4 +- 5 files changed, 58 insertions(+), 25 deletions(-) diff --git a/content/docs/cli/cainjector.md b/content/docs/cli/cainjector.md index dbbb17fd86..042465bcc6 100644 --- a/content/docs/cli/cainjector.md +++ b/content/docs/cli/cainjector.md @@ -25,6 +25,7 @@ Flags: --feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are: AllAlpha=true|false (ALPHA - default=false) AllBeta=true|false (BETA - default=false) + CAInjectorMerging=true|false (ALPHA - default=false) ServerSideApply=true|false (ALPHA - default=false) -h, --help help for cainjector --kubeconfig string Paths to a kubeconfig. Only required if out-of-cluster. diff --git a/content/docs/cli/controller.md b/content/docs/cli/controller.md index a41ad82099..e4e31d0faa 100644 --- a/content/docs/cli/controller.md +++ b/content/docs/cli/controller.md @@ -45,13 +45,13 @@ Flags: ExperimentalCertificateSigningRequestControllers=true|false (ALPHA - default=false) ExperimentalGatewayAPISupport=true|false (BETA - default=true) LiteralCertificateSubject=true|false (BETA - default=true) - NameConstraints=true|false (ALPHA - default=false) + NameConstraints=true|false (BETA - default=true) OtherNames=true|false (ALPHA - default=false) SecretsFilteredCaching=true|false (BETA - default=true) ServerSideApply=true|false (ALPHA - default=false) StableCertificateRequestName=true|false (BETA - default=true) UseCertificateRequestBasicConstraints=true|false (ALPHA - default=false) - UseDomainQualifiedFinalizer=true|false (ALPHA - default=false) + UseDomainQualifiedFinalizer=true|false (BETA - default=true) ValidateCAA=true|false (ALPHA - default=false) -h, --help help for controller --issuer-ambient-credentials Whether an issuer may make use of ambient credentials. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the Issuer API object. When this flag is enabled, the following sources for credentials are also used: AWS - All sources the Go SDK defaults to, notably including any EC2 IAM roles available via instance metadata. diff --git a/content/docs/cli/webhook.md b/content/docs/cli/webhook.md index b4ef77b631..2b253b4418 100644 --- a/content/docs/cli/webhook.md +++ b/content/docs/cli/webhook.md @@ -26,7 +26,7 @@ Flags: AllAlpha=true|false (ALPHA - default=false) AllBeta=true|false (BETA - default=false) LiteralCertificateSubject=true|false (BETA - default=true) - NameConstraints=true|false (ALPHA - default=false) + NameConstraints=true|false (BETA - default=true) OtherNames=true|false (ALPHA - default=false) --healthz-port int32 port number to listen on for insecure healthz connections (default 6080) -h, --help help for webhook diff --git a/content/docs/reference/api-docs.md b/content/docs/reference/api-docs.md index f2efe54fdc..47b9498fb9 100644 --- a/content/docs/reference/api-docs.md +++ b/content/docs/reference/api-docs.md @@ -2167,6 +2167,17 @@ description: >-

resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity

+ + + tenantID +
+ string + + + (Optional) +

tenant ID of the managed identity, can not be used at the same time as resourceID

+ +

CNAMEStrategy (string alias)

@@ -5152,10 +5163,7 @@ description: >-

JKSKeystore

(Appears on: CertificateKeystores)

-

- JKS configures options for storing a JKS keystore in the spec.secretName - Secret resource. -

+

JKS configures options for storing a JKS keystore in the target secret. Either PasswordSecretRef or Password must be provided.

@@ -5173,11 +5181,22 @@ description: >- + + + + @@ -5526,36 +5546,48 @@ description: >- bool + + + + @@ -7103,5 +7135,5 @@ description: >-

- Create enables JKS keystore creation for the Certificate. If true, a file named keystore.jks will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named truststore.jks will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef + Create enables JKS keystore creation for the Certificate. If true, a file named keystore.jks will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef or password. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named truststore.jks will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority

+ alias +
+ string + 		+ (Optional) +

Alias specifies the alias of the key in the keystore, required by the JKS format. If not provided, the default alias certificate will be used.

+
passwordSecretRef @@ -5187,18 +5206,19 @@ description: >- -

PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.

+ (Optional) +

PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the JKS keystore. Mutually exclusive with password. One of password or passwordSecretRef must provide a password with a non-zero length.
- alias + password
string 		(Optional) -

Alias specifies the alias of the key in the keystore, required by the JKS format. If not provided, the default alias certificate will be used.

+

Password provides a literal password used to encrypt the JKS keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.
-

Create enables PKCS12 keystore creation for the Certificate. If true, a file named keystore.p12 will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named truststore.p12 will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority

+

Create enables PKCS12 keystore creation for the Certificate. If true, a file named keystore.p12 will be created in the target Secret resource, encrypted using the password stored in passwordSecretRef or in password. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named truststore.p12 will also be created in the target Secret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority

- passwordSecretRef + profile
- SecretKeySelector + PKCS12Profile 		-

PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.

+ (Optional) +

Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is LegacyRC2 for backward compatibility.

+

+ If provided, allowed values are: + LegacyRC2: Deprecated. Not supported by default in OpenSSL 3 or Java 20. LegacyDES: Less secure algorithm. Use this option for maximal compatibility. Modern2023: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret. +

- profile + passwordSecretRef
- PKCS12Profile + SecretKeySelector 		(Optional) -

Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is LegacyRC2 for backward compatibility.

-

- If provided, allowed values are: - LegacyRC2: Deprecated. Not supported by default in OpenSSL 3 or Java 20. LegacyDES: Less secure algorithm. Use this option for maximal compatibility. Modern2023: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret. -

+

PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the PKCS#12 keystore. Mutually exclusive with password. One of password or passwordSecretRef must provide a password with a non-zero length.

+
+ password +
+ string + 		+ (Optional) +

Password provides a literal password used to encrypt the PKCS#12 keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.

- Generated with gen-crd-api-reference-docs on git commit 33df0f2. + Generated with gen-crd-api-reference-docs on git commit 4562b9a.

diff --git a/scripts/gendocs/generate-new-import-path-docs b/scripts/gendocs/generate-new-import-path-docs index 31592e2b56..1bbd8459df 100755 --- a/scripts/gendocs/generate-new-import-path-docs +++ b/scripts/gendocs/generate-new-import-path-docs @@ -153,8 +153,8 @@ LATEST_VERSION="docs" # to also upgrade a specific version, use v1.13-docs, v1.1 #genversionwithcli "release-1.13" "v1.13-docs" #genversionwithcli "release-1.14" "v1.14-docs" #genversionwithcli "release-1.15" "v1.15-docs" - -genversionwithcli "release-1.16" "$LATEST_VERSION" +#genversionwithcli "release-1.16" "v1.16-docs" +genversionwithcli "release-1.17" "$LATEST_VERSION" # Rather than generate the same docs again for /docs, copy from the latest version