CertificateRequests

    ‘CertificateRequest’ 是 cert-manager 中的一种资源,用于从颁发者那里请求 x509 证书。该资源包含 PEM 编码证书请求的 base64 编码字符串,该字符串发送给引用的issuer。
    成功颁发将根据证书签名请求返回签名证书。“CertificateRequests”通常由控制器或其他系统使用和管理,不应由人类使用 - 除非特别需要。

    一个简单的 CertificateRequest 如下所示:

    1. apiVersion: cert-manager.io/v1alpha2
    2. kind: CertificateRequest
    3. metadata:
    4.   name: my-ca-cr
    5. spec:
    6.   csr: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQzNqQ0NBY1lDQVFBd2daZ3hDekFKQmdOVkJBWVRBbHBhTVE4d0RRWURWUVFJREFaQmNHOXNiRzh4RFRBTApCZ05WQkFjTUJFMXZiMjR4RVRBUEJnTlZCQW9NQ0VwbGRITjBZV05yTVJVd0V3WURWUVFMREF4alpYSjBMVzFoCmJtRm5aWEl4RVRBUEJnTlZCQU1NQ0dwdmMyaDJZVzVzTVN3d0tnWUpLb1pJaHZjTkFRa0JGaDFxYjNOb2RXRXUKZG1GdWJHVmxkWGRsYmtCcVpYUnpkR0ZqYXk1cGJ6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQwpBUW9DZ2dFQkFLd01tTFhuQkNiRStZdTIvMlFtRGsxalRWQ3BvbHU3TlZmQlVFUWl1bDhFMHI2NFBLcDRZQ0c5Cmx2N2kwOHdFMEdJQUgydnJRQmxVd3p6ZW1SUWZ4YmQvYVNybzRHNUFBYTJsY2NMaFpqUlh2NEVMaER0aVg4N3IKaTQ0MWJ2Y01OM0ZPTlRuczJhRkJYcllLWGxpNG4rc0RzTEVuZmpWdXRiV01Zeis3M3ptaGZzclRJUjRzTXo3cQpmSzM2WFM4UkRjNW5oVVcyYU9BZ3lnbFZSOVVXRkxXNjNXYXVhcHg2QUpBR1RoZnJYdVVHZXlZUUVBSENxZmZmCjhyOEt3YTFYK1NwYm9YK1ppSVE0Nk5jQ043OFZnL2dQVHNLZmphZURoNWcyNlk1dEVidHd3MWdRbWlhK0MyRHIKWHpYNU13RzJGNHN0cG5kUnRQckZrU1VnMW1zd0xuc0NBd0VBQWFBQU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQgpBUUFXR0JuRnhaZ0gzd0N3TG5IQ0xjb0l5RHJrMUVvYkRjN3BJK1VVWEJIS2JBWk9IWEFhaGJ5RFFLL2RuTHN3CjJkZ0J3bmlJR3kxNElwQlNxaDBJUE03eHk5WjI4VW9oR3piN0FVakRJWHlNdmkvYTJyTVhjWjI1d1NVQmxGc28Kd005dE1QU2JwcEVvRERsa3NsOUIwT1BPdkFyQ0NKNnZGaU1UbS9wMUJIUWJSOExNQW53U0lUYVVNSFByRzJVMgpjTjEvRGNMWjZ2enEyeENjYVoxemh2bzBpY1VIUm9UWmV1ZEp6MkxmR0VHM1VOb2ppbXpBNUZHd0RhS3BySWp3ClVkd1JmZWZ1T29MT1dNVnFNbGRBcTlyT24wNHJaT3Jnak1HSE9tTWxleVdPS1AySllhaDNrVDdKU01zTHhYcFYKV0ExQjRsLzFFQkhWeGlKQi9Zby9JQWVsCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
    7.   isCA: false
    8.   duraton: 90d
    9.   issuerRef:
    10.     name: ca-issuer
    11.     # We can reference ClusterIssuers by changing the kind here.
    12.     # The default value is Issuer (i.e. a locally namespaced Issuer)
    13.     kind: Issuer
    14.     group: cert-manager.io
    1. <br />此 CertificateRequest 将使 cert-manager 尝试 letsencrypt-prod在默认issuer pool 中cert-manager.io创建颁发者,根据证书签名请求返回证书。可以在issuerRef其中指定其他组,这会将目标issuers更改为您可能已安装的其他外部第三方issuers。

    该资源还公开了将证书声明为 CA 和请求的有效期的选项。

    证书签名请求的成功发布将导致资源更新,设置签名证书的状态、证书的 CA(如果可用),并将就绪条件设置为True。

    无论控制器发行成功与否,将不会重试。其他控制器负责管理 CertificateRequets 的逻辑和生命周期。