diff --git a/.gitignore b/.gitignore index 9600bc3..a4d3741 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ sdk/java/.gradle sdk/java/build/ sdk/java/build.gradle sdk/python/venv +__pycache__ \ No newline at end of file diff --git a/examples/simple-cert-manager-py/__main__.py b/examples/simple-cert-manager-py/__main__.py index c543c16..adb6400 100644 --- a/examples/simple-cert-manager-py/__main__.py +++ b/examples/simple-cert-manager-py/__main__.py @@ -1,7 +1,8 @@ import pulumi -from pulumi_kubernetes.apiextensions import CustomResource from pulumi_kubernetes.core.v1 import Namespace +from pulumi_kubernetes.meta.v1 import ObjectMetaArgs from pulumi_kubernetes_cert_manager import CertManager, ReleaseArgs +from pulumi_cert_manager_resources.certmanager.v1 import Issuer, IssuerSpecArgs # Create a sandbox namespace. ns_name = 'sandbox' @@ -20,16 +21,14 @@ # dependencies, so is simple. Please refer to # https://cert-manager.io/docs/configuration/selfsigned/ # for additional details on other signing providers. -issuer = CustomResource('issuer', - api_version='cert-manager.io/v1', - kind='Issuer', - metadata={ - 'name': 'selfsigned-issuer', - 'namespace': ns_name, - }, - spec={ - 'selfSigned': {}, - }, +issuer = Issuer( + metadata=ObjectMetaArgs( + name='selfsigned-issuer', + namespace=ns_name, + ), + spec=IssuerSpecArgs( + selfSigned={}, + ), opts=pulumi.ResourceOptions(depends_on=[manager]), ) diff --git a/sdk/python/pulumi_cert_manager_resources/__init__.py b/sdk/python/pulumi_cert_manager_resources/__init__.py new file mode 100644 index 0000000..bcfdafa --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/__init__.py @@ -0,0 +1,58 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from . import _utilities +import typing +# Export this package's modules as members: +from .provider import * + +# Make subpackages available: +if typing.TYPE_CHECKING: + import pulumi_cert_manager_resources.acme as __acme + acme = __acme + import pulumi_cert_manager_resources.certmanager as __certmanager + certmanager = __certmanager + import pulumi_cert_manager_resources.meta as __meta + meta = __meta +else: + acme = _utilities.lazy_import('pulumi_cert_manager.acme') + certmanager = _utilities.lazy_import('pulumi_cert_manager.certmanager') + meta = _utilities.lazy_import('pulumi_cert_manager.meta') + +_utilities.register( + resource_modules=""" +[ + { + "pkg": "cert_manager", + "mod": "acme.cert-manager.io/v1", + "fqn": "pulumi_cert_manager.acme.v1", + "classes": { + "kubernetes:acme.cert-manager.io/v1:Challenge": "Challenge", + "kubernetes:acme.cert-manager.io/v1:Order": "Order" + } + }, + { + "pkg": "cert_manager", + "mod": "cert-manager.io/v1", + "fqn": "pulumi_cert_manager.certmanager.v1", + "classes": { + "kubernetes:cert-manager.io/v1:Certificate": "Certificate", + "kubernetes:cert-manager.io/v1:CertificateRequest": "CertificateRequest", + "kubernetes:cert-manager.io/v1:ClusterIssuer": "ClusterIssuer", + "kubernetes:cert-manager.io/v1:Issuer": "Issuer" + } + } +] +""", + resource_packages=""" +[ + { + "pkg": "cert_manager", + "token": "pulumi:providers:crds", + "fqn": "pulumi_cert_manager", + "class": "Provider" + } +] +""" +) diff --git a/sdk/python/pulumi_cert_manager_resources/_utilities.py b/sdk/python/pulumi_cert_manager_resources/_utilities.py new file mode 100644 index 0000000..e8179c1 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/_utilities.py @@ -0,0 +1,291 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + + +import asyncio +import importlib.util +import inspect +import json +import os +import pkg_resources +import sys +import typing + +import pulumi +import pulumi.runtime +from pulumi.runtime.sync_await import _sync_await + +from semver import VersionInfo as SemverVersion +from parver import Version as PEP440Version + + +def get_env(*args): + for v in args: + value = os.getenv(v) + if value is not None: + return value + return None + + +def get_env_bool(*args): + str = get_env(*args) + if str is not None: + # NOTE: these values are taken from https://golang.org/src/strconv/atob.go?s=351:391#L1, which is what + # Terraform uses internally when parsing boolean values. + if str in ["1", "t", "T", "true", "TRUE", "True"]: + return True + if str in ["0", "f", "F", "false", "FALSE", "False"]: + return False + return None + + +def get_env_int(*args): + str = get_env(*args) + if str is not None: + try: + return int(str) + except: + return None + return None + + +def get_env_float(*args): + str = get_env(*args) + if str is not None: + try: + return float(str) + except: + return None + return None + + +def _get_semver_version(): + # __name__ is set to the fully-qualified name of the current module, In our case, it will be + # ._utilities. is the module we want to query the version for. + root_package, *rest = __name__.split('.') + + # pkg_resources uses setuptools to inspect the set of installed packages. We use it here to ask + # for the currently installed version of the root package (i.e. us) and get its version. + + # Unfortunately, PEP440 and semver differ slightly in incompatible ways. The Pulumi engine expects + # to receive a valid semver string when receiving requests from the language host, so it's our + # responsibility as the library to convert our own PEP440 version into a valid semver string. + + pep440_version_string = pkg_resources.require(root_package)[0].version + pep440_version = PEP440Version.parse(pep440_version_string) + (major, minor, patch) = pep440_version.release + prerelease = None + if pep440_version.pre_tag == 'a': + prerelease = f"alpha.{pep440_version.pre}" + elif pep440_version.pre_tag == 'b': + prerelease = f"beta.{pep440_version.pre}" + elif pep440_version.pre_tag == 'rc': + prerelease = f"rc.{pep440_version.pre}" + elif pep440_version.dev is not None: + prerelease = f"dev.{pep440_version.dev}" + + # The only significant difference between PEP440 and semver as it pertains to us is that PEP440 has explicit support + # for dev builds, while semver encodes them as "prerelease" versions. In order to bridge between the two, we convert + # our dev build version into a prerelease tag. This matches what all of our other packages do when constructing + # their own semver string. + return SemverVersion(major=major, minor=minor, patch=patch, prerelease=prerelease) + + +# Determine the version once and cache the value, which measurably improves program performance. +_version = _get_semver_version() +_version_str = str(_version) + + +def get_version(): + return _version_str + +def get_resource_opts_defaults() -> pulumi.ResourceOptions: + return pulumi.ResourceOptions( + version=get_version(), + plugin_download_url=get_plugin_download_url(), + ) + +def get_invoke_opts_defaults() -> pulumi.InvokeOptions: + return pulumi.InvokeOptions( + version=get_version(), + plugin_download_url=get_plugin_download_url(), + ) + +def get_resource_args_opts(resource_args_type, resource_options_type, *args, **kwargs): + """ + Return the resource args and options given the *args and **kwargs of a resource's + __init__ method. + """ + + resource_args, opts = None, None + + # If the first item is the resource args type, save it and remove it from the args list. + if args and isinstance(args[0], resource_args_type): + resource_args, args = args[0], args[1:] + + # Now look at the first item in the args list again. + # If the first item is the resource options class, save it. + if args and isinstance(args[0], resource_options_type): + opts = args[0] + + # If resource_args is None, see if "args" is in kwargs, and, if so, if it's typed as the + # the resource args type. + if resource_args is None: + a = kwargs.get("args") + if isinstance(a, resource_args_type): + resource_args = a + + # If opts is None, look it up in kwargs. + if opts is None: + opts = kwargs.get("opts") + + return resource_args, opts + + +# Temporary: just use pulumi._utils.lazy_import once everyone upgrades. +def lazy_import(fullname): + + import pulumi._utils as u + f = getattr(u, 'lazy_import', None) + if f is None: + f = _lazy_import_temp + + return f(fullname) + + +# Copied from pulumi._utils.lazy_import, see comments there. +def _lazy_import_temp(fullname): + m = sys.modules.get(fullname, None) + if m is not None: + return m + + spec = importlib.util.find_spec(fullname) + + m = sys.modules.get(fullname, None) + if m is not None: + return m + + loader = importlib.util.LazyLoader(spec.loader) + spec.loader = loader + module = importlib.util.module_from_spec(spec) + + m = sys.modules.get(fullname, None) + if m is not None: + return m + + sys.modules[fullname] = module + loader.exec_module(module) + return module + + +class Package(pulumi.runtime.ResourcePackage): + def __init__(self, pkg_info): + super().__init__() + self.pkg_info = pkg_info + + def version(self): + return _version + + def construct_provider(self, name: str, typ: str, urn: str) -> pulumi.ProviderResource: + if typ != self.pkg_info['token']: + raise Exception(f"unknown provider type {typ}") + Provider = getattr(lazy_import(self.pkg_info['fqn']), self.pkg_info['class']) + return Provider(name, pulumi.ResourceOptions(urn=urn)) + + +class Module(pulumi.runtime.ResourceModule): + def __init__(self, mod_info): + super().__init__() + self.mod_info = mod_info + + def version(self): + return _version + + def construct(self, name: str, typ: str, urn: str) -> pulumi.Resource: + class_name = self.mod_info['classes'].get(typ, None) + + if class_name is None: + raise Exception(f"unknown resource type {typ}") + + TheClass = getattr(lazy_import(self.mod_info['fqn']), class_name) + return TheClass(name, pulumi.ResourceOptions(urn=urn)) + + +def register(resource_modules, resource_packages): + resource_modules = json.loads(resource_modules) + resource_packages = json.loads(resource_packages) + + for pkg_info in resource_packages: + pulumi.runtime.register_resource_package(pkg_info['pkg'], Package(pkg_info)) + + for mod_info in resource_modules: + pulumi.runtime.register_resource_module( + mod_info['pkg'], + mod_info['mod'], + Module(mod_info)) + + +_F = typing.TypeVar('_F', bound=typing.Callable[..., typing.Any]) + + +def lift_output_func(func: typing.Any) -> typing.Callable[[_F], _F]: + """Decorator internally used on {fn}_output lifted function versions + to implement them automatically from the un-lifted function.""" + + func_sig = inspect.signature(func) + + def lifted_func(*args, opts=None, **kwargs): + bound_args = func_sig.bind(*args, **kwargs) + # Convert tuple to list, see pulumi/pulumi#8172 + args_list = list(bound_args.args) + return pulumi.Output.from_input({ + 'args': args_list, + 'kwargs': bound_args.kwargs + }).apply(lambda resolved_args: func(*resolved_args['args'], + opts=opts, + **resolved_args['kwargs'])) + + return (lambda _: lifted_func) + + +def call_plain( + tok: str, + props: pulumi.Inputs, + res: typing.Optional[pulumi.Resource] = None, + typ: typing.Optional[type] = None, +) -> typing.Any: + """ + Wraps pulumi.runtime.plain to force the output and return it plainly. + """ + + output = pulumi.runtime.call(tok, props, res, typ) + + # Ingoring deps silently. They are typically non-empty, r.f() calls include r as a dependency. + result, known, secret, _ = _sync_await(asyncio.ensure_future(_await_output(output))) + + problem = None + if not known: + problem = ' an unknown value' + elif secret: + problem = ' a secret value' + + if problem: + raise AssertionError( + f"Plain resource method '{tok}' incorrectly returned {problem}. " + + "This is an error in the provider, please report this to the provider developer." + ) + + return result + + +async def _await_output(o: pulumi.Output[typing.Any]) -> typing.Tuple[object, bool, bool, set]: + return ( + await o._future, + await o._is_known, + await o._is_secret, + await o._resources, + ) + +def get_plugin_download_url(): + return None diff --git a/sdk/python/pulumi_cert_manager_resources/acme/__init__.py b/sdk/python/pulumi_cert_manager_resources/acme/__init__.py new file mode 100644 index 0000000..fa9e36d --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/acme/__init__.py @@ -0,0 +1,14 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from .. import _utilities +import typing + +# Make subpackages available: +if typing.TYPE_CHECKING: + import pulumi_cert_manager_resources.acme.v1 as __v1 + v1 = __v1 +else: + v1 = _utilities.lazy_import('pulumi_cert_manager.acme.v1') + diff --git a/sdk/python/pulumi_cert_manager_resources/acme/v1/Challenge.py b/sdk/python/pulumi_cert_manager_resources/acme/v1/Challenge.py new file mode 100644 index 0000000..100bf96 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/acme/v1/Challenge.py @@ -0,0 +1,198 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs +from ... import meta as _meta +from ._inputs import * + +__all__ = ['ChallengeArgs', 'Challenge'] + +@pulumi.input_type +class ChallengeArgs: + def __init__(__self__, *, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']] = None, + spec: Optional[pulumi.Input['ChallengeSpecArgs']] = None, + status: Optional[pulumi.Input['ChallengeStatusArgs']] = None): + """ + The set of arguments for constructing a Challenge resource. + """ + if api_version is not None: + pulumi.set(__self__, "api_version", 'acme.cert-manager.io/v1') + if kind is not None: + pulumi.set(__self__, "kind", 'Challenge') + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + if status is not None: + pulumi.set(__self__, "status", status) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "api_version") + + @api_version.setter + def api_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "api_version", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]: + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['ChallengeSpecArgs']]: + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['ChallengeSpecArgs']]): + pulumi.set(self, "spec", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input['ChallengeStatusArgs']]: + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input['ChallengeStatusArgs']]): + pulumi.set(self, "status", value) + + +class Challenge(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['ChallengeSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['ChallengeStatusArgs']]] = None, + __props__=None): + """ + Challenge is a type to represent a Challenge request with an ACME server + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[ChallengeArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Challenge is a type to represent a Challenge request with an ACME server + + :param str resource_name: The name of the resource. + :param ChallengeArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(ChallengeArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['ChallengeSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['ChallengeStatusArgs']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = ChallengeArgs.__new__(ChallengeArgs) + + __props__.__dict__["api_version"] = 'acme.cert-manager.io/v1' + __props__.__dict__["kind"] = 'Challenge' + __props__.__dict__["metadata"] = metadata + __props__.__dict__["spec"] = spec + __props__.__dict__["status"] = status + super(Challenge, __self__).__init__( + 'kubernetes:acme.cert-manager.io/v1:Challenge', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'Challenge': + """ + Get an existing Challenge resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = ChallengeArgs.__new__(ChallengeArgs) + + __props__.__dict__["api_version"] = None + __props__.__dict__["kind"] = None + __props__.__dict__["metadata"] = None + __props__.__dict__["spec"] = None + __props__.__dict__["status"] = None + return Challenge(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "api_version") + + @property + @pulumi.getter + def kind(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def metadata(self) -> pulumi.Output['_meta.v1.outputs.ObjectMeta']: + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> pulumi.Output['outputs.ChallengeSpec']: + return pulumi.get(self, "spec") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[Optional['outputs.ChallengeStatus']]: + return pulumi.get(self, "status") + diff --git a/sdk/python/pulumi_cert_manager_resources/acme/v1/Order.py b/sdk/python/pulumi_cert_manager_resources/acme/v1/Order.py new file mode 100644 index 0000000..c612710 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/acme/v1/Order.py @@ -0,0 +1,198 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs +from ... import meta as _meta +from ._inputs import * + +__all__ = ['OrderArgs', 'Order'] + +@pulumi.input_type +class OrderArgs: + def __init__(__self__, *, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']] = None, + spec: Optional[pulumi.Input['OrderSpecArgs']] = None, + status: Optional[pulumi.Input['OrderStatusArgs']] = None): + """ + The set of arguments for constructing a Order resource. + """ + if api_version is not None: + pulumi.set(__self__, "api_version", 'acme.cert-manager.io/v1') + if kind is not None: + pulumi.set(__self__, "kind", 'Order') + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + if status is not None: + pulumi.set(__self__, "status", status) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "api_version") + + @api_version.setter + def api_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "api_version", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]: + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['OrderSpecArgs']]: + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['OrderSpecArgs']]): + pulumi.set(self, "spec", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input['OrderStatusArgs']]: + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input['OrderStatusArgs']]): + pulumi.set(self, "status", value) + + +class Order(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['OrderSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['OrderStatusArgs']]] = None, + __props__=None): + """ + Order is a type to represent an Order with an ACME server + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[OrderArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Order is a type to represent an Order with an ACME server + + :param str resource_name: The name of the resource. + :param OrderArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(OrderArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['OrderSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['OrderStatusArgs']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = OrderArgs.__new__(OrderArgs) + + __props__.__dict__["api_version"] = 'acme.cert-manager.io/v1' + __props__.__dict__["kind"] = 'Order' + __props__.__dict__["metadata"] = metadata + __props__.__dict__["spec"] = spec + __props__.__dict__["status"] = status + super(Order, __self__).__init__( + 'kubernetes:acme.cert-manager.io/v1:Order', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'Order': + """ + Get an existing Order resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = OrderArgs.__new__(OrderArgs) + + __props__.__dict__["api_version"] = None + __props__.__dict__["kind"] = None + __props__.__dict__["metadata"] = None + __props__.__dict__["spec"] = None + __props__.__dict__["status"] = None + return Order(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "api_version") + + @property + @pulumi.getter + def kind(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def metadata(self) -> pulumi.Output['_meta.v1.outputs.ObjectMeta']: + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> pulumi.Output['outputs.OrderSpec']: + return pulumi.get(self, "spec") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[Optional['outputs.OrderStatus']]: + return pulumi.get(self, "status") + diff --git a/sdk/python/pulumi_cert_manager_resources/acme/v1/__init__.py b/sdk/python/pulumi_cert_manager_resources/acme/v1/__init__.py new file mode 100644 index 0000000..7ced3f6 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/acme/v1/__init__.py @@ -0,0 +1,11 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from ... import _utilities +import typing +# Export this package's modules as members: +from .Challenge import * +from .Order import * +from ._inputs import * +from . import outputs diff --git a/sdk/python/pulumi_cert_manager_resources/acme/v1/_inputs.py b/sdk/python/pulumi_cert_manager_resources/acme/v1/_inputs.py new file mode 100644 index 0000000..95c93f0 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/acme/v1/_inputs.py @@ -0,0 +1,4635 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities + +__all__ = [ + 'ChallengeSpecIssuerRefArgs', + 'ChallengeSpecSolverDns01AcmeDnsAccountSecretRefArgs', + 'ChallengeSpecSolverDns01AcmeDnsArgs', + 'ChallengeSpecSolverDns01AkamaiAccessTokenSecretRefArgs', + 'ChallengeSpecSolverDns01AkamaiClientSecretSecretRefArgs', + 'ChallengeSpecSolverDns01AkamaiClientTokenSecretRefArgs', + 'ChallengeSpecSolverDns01AkamaiArgs', + 'ChallengeSpecSolverDns01AzureDnsClientSecretSecretRefArgs', + 'ChallengeSpecSolverDns01AzureDnsManagedIdentityArgs', + 'ChallengeSpecSolverDns01AzureDnsArgs', + 'ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRefArgs', + 'ChallengeSpecSolverDns01CloudDnsArgs', + 'ChallengeSpecSolverDns01CloudflareApiKeySecretRefArgs', + 'ChallengeSpecSolverDns01CloudflareApiTokenSecretRefArgs', + 'ChallengeSpecSolverDns01CloudflareArgs', + 'ChallengeSpecSolverDns01DigitaloceanTokenSecretRefArgs', + 'ChallengeSpecSolverDns01DigitaloceanArgs', + 'ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRefArgs', + 'ChallengeSpecSolverDns01Rfc2136Args', + 'ChallengeSpecSolverDns01Route53AccessKeyIdsecretRefArgs', + 'ChallengeSpecSolverDns01Route53SecretAccessKeySecretRefArgs', + 'ChallengeSpecSolverDns01Route53Args', + 'ChallengeSpecSolverDns01WebhookArgs', + 'ChallengeSpecSolverDns01Args', + 'ChallengeSpecSolverHttp01GatewayHttprouteParentRefsArgs', + 'ChallengeSpecSolverHttp01GatewayHttprouteArgs', + 'ChallengeSpecSolverHttp01IngressIngressTemplateMetadataArgs', + 'ChallengeSpecSolverHttp01IngressIngressTemplateArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateMetadataArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecretsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerationsArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecArgs', + 'ChallengeSpecSolverHttp01IngressPodTemplateArgs', + 'ChallengeSpecSolverHttp01IngressArgs', + 'ChallengeSpecSolverHttp01Args', + 'ChallengeSpecSolverSelectorArgs', + 'ChallengeSpecSolverArgs', + 'ChallengeSpecArgs', + 'ChallengeStatusArgs', + 'OrderSpecIssuerRefArgs', + 'OrderSpecArgs', + 'OrderStatusAuthorizationsChallengesArgs', + 'OrderStatusAuthorizationsArgs', + 'OrderStatusArgs', +] + +@pulumi.input_type +class ChallengeSpecIssuerRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + group: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None): + """ + References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + :param pulumi.Input[str] name: Name of the resource being referred to. + :param pulumi.Input[str] group: Group of the resource being referred to. + :param pulumi.Input[str] kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def group(self) -> Optional[pulumi.Input[str]]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @group.setter + def group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AcmeDnsAccountSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AcmeDnsArgs: + def __init__(__self__, *, + account_secret_ref: pulumi.Input['ChallengeSpecSolverDns01AcmeDnsAccountSecretRefArgs'], + host: pulumi.Input[str]): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01AcmeDnsAccountSecretRefArgs'] account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "account_secret_ref", account_secret_ref) + pulumi.set(__self__, "host", host) + + @property + @pulumi.getter(name="accountSecretRef") + def account_secret_ref(self) -> pulumi.Input['ChallengeSpecSolverDns01AcmeDnsAccountSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "account_secret_ref") + + @account_secret_ref.setter + def account_secret_ref(self, value: pulumi.Input['ChallengeSpecSolverDns01AcmeDnsAccountSecretRefArgs']): + pulumi.set(self, "account_secret_ref", value) + + @property + @pulumi.getter + def host(self) -> pulumi.Input[str]: + return pulumi.get(self, "host") + + @host.setter + def host(self, value: pulumi.Input[str]): + pulumi.set(self, "host", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AkamaiAccessTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AkamaiClientSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AkamaiClientTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AkamaiArgs: + def __init__(__self__, *, + access_token_secret_ref: pulumi.Input['ChallengeSpecSolverDns01AkamaiAccessTokenSecretRefArgs'], + client_secret_secret_ref: pulumi.Input['ChallengeSpecSolverDns01AkamaiClientSecretSecretRefArgs'], + client_token_secret_ref: pulumi.Input['ChallengeSpecSolverDns01AkamaiClientTokenSecretRefArgs'], + service_consumer_domain: pulumi.Input[str]): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01AkamaiAccessTokenSecretRefArgs'] access_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input['ChallengeSpecSolverDns01AkamaiClientSecretSecretRefArgs'] client_secret_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input['ChallengeSpecSolverDns01AkamaiClientTokenSecretRefArgs'] client_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "access_token_secret_ref", access_token_secret_ref) + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + pulumi.set(__self__, "client_token_secret_ref", client_token_secret_ref) + pulumi.set(__self__, "service_consumer_domain", service_consumer_domain) + + @property + @pulumi.getter(name="accessTokenSecretRef") + def access_token_secret_ref(self) -> pulumi.Input['ChallengeSpecSolverDns01AkamaiAccessTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "access_token_secret_ref") + + @access_token_secret_ref.setter + def access_token_secret_ref(self, value: pulumi.Input['ChallengeSpecSolverDns01AkamaiAccessTokenSecretRefArgs']): + pulumi.set(self, "access_token_secret_ref", value) + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> pulumi.Input['ChallengeSpecSolverDns01AkamaiClientSecretSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @client_secret_secret_ref.setter + def client_secret_secret_ref(self, value: pulumi.Input['ChallengeSpecSolverDns01AkamaiClientSecretSecretRefArgs']): + pulumi.set(self, "client_secret_secret_ref", value) + + @property + @pulumi.getter(name="clientTokenSecretRef") + def client_token_secret_ref(self) -> pulumi.Input['ChallengeSpecSolverDns01AkamaiClientTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_token_secret_ref") + + @client_token_secret_ref.setter + def client_token_secret_ref(self, value: pulumi.Input['ChallengeSpecSolverDns01AkamaiClientTokenSecretRefArgs']): + pulumi.set(self, "client_token_secret_ref", value) + + @property + @pulumi.getter(name="serviceConsumerDomain") + def service_consumer_domain(self) -> pulumi.Input[str]: + return pulumi.get(self, "service_consumer_domain") + + @service_consumer_domain.setter + def service_consumer_domain(self, value: pulumi.Input[str]): + pulumi.set(self, "service_consumer_domain", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AzureDnsClientSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AzureDnsManagedIdentityArgs: + def __init__(__self__, *, + client_id: Optional[pulumi.Input[str]] = None, + resource_id: Optional[pulumi.Input[str]] = None): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param pulumi.Input[str] client_id: client ID of the managed identity, can not be used at the same time as resourceID + :param pulumi.Input[str] resource_id: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if resource_id is not None: + pulumi.set(__self__, "resource_id", resource_id) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + client ID of the managed identity, can not be used at the same time as resourceID + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="resourceID") + def resource_id(self) -> Optional[pulumi.Input[str]]: + """ + resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + return pulumi.get(self, "resource_id") + + @resource_id.setter + def resource_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_id", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01AzureDnsArgs: + def __init__(__self__, *, + resource_group_name: pulumi.Input[str], + subscription_id: pulumi.Input[str], + client_id: Optional[pulumi.Input[str]] = None, + client_secret_secret_ref: Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsClientSecretSecretRefArgs']] = None, + environment: Optional[pulumi.Input[str]] = None, + hosted_zone_name: Optional[pulumi.Input[str]] = None, + managed_identity: Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsManagedIdentityArgs']] = None, + tenant_id: Optional[pulumi.Input[str]] = None): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param pulumi.Input[str] resource_group_name: resource group the DNS zone is located in + :param pulumi.Input[str] subscription_id: ID of the Azure subscription + :param pulumi.Input[str] client_id: Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + :param pulumi.Input['ChallengeSpecSolverDns01AzureDnsClientSecretSecretRefArgs'] client_secret_secret_ref: Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param pulumi.Input[str] environment: name of the Azure environment (default AzurePublicCloud) + :param pulumi.Input[str] hosted_zone_name: name of the DNS zone that should be used + :param pulumi.Input['ChallengeSpecSolverDns01AzureDnsManagedIdentityArgs'] managed_identity: Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param pulumi.Input[str] tenant_id: Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + pulumi.set(__self__, "resource_group_name", resource_group_name) + pulumi.set(__self__, "subscription_id", subscription_id) + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret_secret_ref is not None: + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + if environment is not None: + pulumi.set(__self__, "environment", environment) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if managed_identity is not None: + pulumi.set(__self__, "managed_identity", managed_identity) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + + @property + @pulumi.getter(name="resourceGroupName") + def resource_group_name(self) -> pulumi.Input[str]: + """ + resource group the DNS zone is located in + """ + return pulumi.get(self, "resource_group_name") + + @resource_group_name.setter + def resource_group_name(self, value: pulumi.Input[str]): + pulumi.set(self, "resource_group_name", value) + + @property + @pulumi.getter(name="subscriptionID") + def subscription_id(self) -> pulumi.Input[str]: + """ + ID of the Azure subscription + """ + return pulumi.get(self, "subscription_id") + + @subscription_id.setter + def subscription_id(self, value: pulumi.Input[str]): + pulumi.set(self, "subscription_id", value) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsClientSecretSecretRefArgs']]: + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @client_secret_secret_ref.setter + def client_secret_secret_ref(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsClientSecretSecretRefArgs']]): + pulumi.set(self, "client_secret_secret_ref", value) + + @property + @pulumi.getter + def environment(self) -> Optional[pulumi.Input[str]]: + """ + name of the Azure environment (default AzurePublicCloud) + """ + return pulumi.get(self, "environment") + + @environment.setter + def environment(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "environment", value) + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[pulumi.Input[str]]: + """ + name of the DNS zone that should be used + """ + return pulumi.get(self, "hosted_zone_name") + + @hosted_zone_name.setter + def hosted_zone_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_name", value) + + @property + @pulumi.getter(name="managedIdentity") + def managed_identity(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsManagedIdentityArgs']]: + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + return pulumi.get(self, "managed_identity") + + @managed_identity.setter + def managed_identity(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsManagedIdentityArgs']]): + pulumi.set(self, "managed_identity", value) + + @property + @pulumi.getter(name="tenantID") + def tenant_id(self) -> Optional[pulumi.Input[str]]: + """ + Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + return pulumi.get(self, "tenant_id") + + @tenant_id.setter + def tenant_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tenant_id", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01CloudDnsArgs: + def __init__(__self__, *, + project: pulumi.Input[str], + hosted_zone_name: Optional[pulumi.Input[str]] = None, + service_account_secret_ref: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRefArgs']] = None): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + :param pulumi.Input[str] hosted_zone_name: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + :param pulumi.Input['ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRefArgs'] service_account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "project", project) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if service_account_secret_ref is not None: + pulumi.set(__self__, "service_account_secret_ref", service_account_secret_ref) + + @property + @pulumi.getter + def project(self) -> pulumi.Input[str]: + return pulumi.get(self, "project") + + @project.setter + def project(self, value: pulumi.Input[str]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[pulumi.Input[str]]: + """ + HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + """ + return pulumi.get(self, "hosted_zone_name") + + @hosted_zone_name.setter + def hosted_zone_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_name", value) + + @property + @pulumi.getter(name="serviceAccountSecretRef") + def service_account_secret_ref(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRefArgs']]: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "service_account_secret_ref") + + @service_account_secret_ref.setter + def service_account_secret_ref(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRefArgs']]): + pulumi.set(self, "service_account_secret_ref", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01CloudflareApiKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01CloudflareApiTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + API token used to authenticate with Cloudflare. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01CloudflareArgs: + def __init__(__self__, *, + api_key_secret_ref: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareApiKeySecretRefArgs']] = None, + api_token_secret_ref: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareApiTokenSecretRefArgs']] = None, + email: Optional[pulumi.Input[str]] = None): + """ + Use the Cloudflare API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01CloudflareApiKeySecretRefArgs'] api_key_secret_ref: API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param pulumi.Input['ChallengeSpecSolverDns01CloudflareApiTokenSecretRefArgs'] api_token_secret_ref: API token used to authenticate with Cloudflare. + :param pulumi.Input[str] email: Email of the account, only required when using API key based authentication. + """ + if api_key_secret_ref is not None: + pulumi.set(__self__, "api_key_secret_ref", api_key_secret_ref) + if api_token_secret_ref is not None: + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if email is not None: + pulumi.set(__self__, "email", email) + + @property + @pulumi.getter(name="apiKeySecretRef") + def api_key_secret_ref(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareApiKeySecretRefArgs']]: + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + return pulumi.get(self, "api_key_secret_ref") + + @api_key_secret_ref.setter + def api_key_secret_ref(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareApiKeySecretRefArgs']]): + pulumi.set(self, "api_key_secret_ref", value) + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareApiTokenSecretRefArgs']]: + """ + API token used to authenticate with Cloudflare. + """ + return pulumi.get(self, "api_token_secret_ref") + + @api_token_secret_ref.setter + def api_token_secret_ref(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareApiTokenSecretRefArgs']]): + pulumi.set(self, "api_token_secret_ref", value) + + @property + @pulumi.getter + def email(self) -> Optional[pulumi.Input[str]]: + """ + Email of the account, only required when using API key based authentication. + """ + return pulumi.get(self, "email") + + @email.setter + def email(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "email", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01DigitaloceanTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01DigitaloceanArgs: + def __init__(__self__, *, + token_secret_ref: pulumi.Input['ChallengeSpecSolverDns01DigitaloceanTokenSecretRefArgs']): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01DigitaloceanTokenSecretRefArgs'] token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> pulumi.Input['ChallengeSpecSolverDns01DigitaloceanTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "token_secret_ref") + + @token_secret_ref.setter + def token_secret_ref(self, value: pulumi.Input['ChallengeSpecSolverDns01DigitaloceanTokenSecretRefArgs']): + pulumi.set(self, "token_secret_ref", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01Rfc2136Args: + def __init__(__self__, *, + nameserver: pulumi.Input[str], + tsig_algorithm: Optional[pulumi.Input[str]] = None, + tsig_key_name: Optional[pulumi.Input[str]] = None, + tsig_secret_secret_ref: Optional[pulumi.Input['ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRefArgs']] = None): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param pulumi.Input[str] nameserver: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + :param pulumi.Input[str] tsig_algorithm: The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + :param pulumi.Input[str] tsig_key_name: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + :param pulumi.Input['ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRefArgs'] tsig_secret_secret_ref: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + pulumi.set(__self__, "nameserver", nameserver) + if tsig_algorithm is not None: + pulumi.set(__self__, "tsig_algorithm", tsig_algorithm) + if tsig_key_name is not None: + pulumi.set(__self__, "tsig_key_name", tsig_key_name) + if tsig_secret_secret_ref is not None: + pulumi.set(__self__, "tsig_secret_secret_ref", tsig_secret_secret_ref) + + @property + @pulumi.getter + def nameserver(self) -> pulumi.Input[str]: + """ + The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + """ + return pulumi.get(self, "nameserver") + + @nameserver.setter + def nameserver(self, value: pulumi.Input[str]): + pulumi.set(self, "nameserver", value) + + @property + @pulumi.getter(name="tsigAlgorithm") + def tsig_algorithm(self) -> Optional[pulumi.Input[str]]: + """ + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + """ + return pulumi.get(self, "tsig_algorithm") + + @tsig_algorithm.setter + def tsig_algorithm(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tsig_algorithm", value) + + @property + @pulumi.getter(name="tsigKeyName") + def tsig_key_name(self) -> Optional[pulumi.Input[str]]: + """ + The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_key_name") + + @tsig_key_name.setter + def tsig_key_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tsig_key_name", value) + + @property + @pulumi.getter(name="tsigSecretSecretRef") + def tsig_secret_secret_ref(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRefArgs']]: + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_secret_secret_ref") + + @tsig_secret_secret_ref.setter + def tsig_secret_secret_ref(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRefArgs']]): + pulumi.set(self, "tsig_secret_secret_ref", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01Route53AccessKeyIdsecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01Route53SecretAccessKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01Route53Args: + def __init__(__self__, *, + region: pulumi.Input[str], + access_key_id: Optional[pulumi.Input[str]] = None, + access_key_id_secret_ref: Optional[pulumi.Input['ChallengeSpecSolverDns01Route53AccessKeyIdsecretRefArgs']] = None, + hosted_zone_id: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + secret_access_key_secret_ref: Optional[pulumi.Input['ChallengeSpecSolverDns01Route53SecretAccessKeySecretRefArgs']] = None): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + :param pulumi.Input[str] region: Always set the region when using AccessKeyID and SecretAccessKey + :param pulumi.Input[str] access_key_id: The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input['ChallengeSpecSolverDns01Route53AccessKeyIdsecretRefArgs'] access_key_id_secret_ref: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] hosted_zone_id: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + :param pulumi.Input[str] role: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + :param pulumi.Input['ChallengeSpecSolverDns01Route53SecretAccessKeySecretRefArgs'] secret_access_key_secret_ref: The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + pulumi.set(__self__, "region", region) + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if access_key_id_secret_ref is not None: + pulumi.set(__self__, "access_key_id_secret_ref", access_key_id_secret_ref) + if hosted_zone_id is not None: + pulumi.set(__self__, "hosted_zone_id", hosted_zone_id) + if role is not None: + pulumi.set(__self__, "role", role) + if secret_access_key_secret_ref is not None: + pulumi.set(__self__, "secret_access_key_secret_ref", secret_access_key_secret_ref) + + @property + @pulumi.getter + def region(self) -> pulumi.Input[str]: + """ + Always set the region when using AccessKeyID and SecretAccessKey + """ + return pulumi.get(self, "region") + + @region.setter + def region(self, value: pulumi.Input[str]): + pulumi.set(self, "region", value) + + @property + @pulumi.getter(name="accessKeyID") + def access_key_id(self) -> Optional[pulumi.Input[str]]: + """ + The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id") + + @access_key_id.setter + def access_key_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_key_id", value) + + @property + @pulumi.getter(name="accessKeyIDSecretRef") + def access_key_id_secret_ref(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01Route53AccessKeyIdsecretRefArgs']]: + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id_secret_ref") + + @access_key_id_secret_ref.setter + def access_key_id_secret_ref(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01Route53AccessKeyIdsecretRefArgs']]): + pulumi.set(self, "access_key_id_secret_ref", value) + + @property + @pulumi.getter(name="hostedZoneID") + def hosted_zone_id(self) -> Optional[pulumi.Input[str]]: + """ + If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + """ + return pulumi.get(self, "hosted_zone_id") + + @hosted_zone_id.setter + def hosted_zone_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_id", value) + + @property + @pulumi.getter + def role(self) -> Optional[pulumi.Input[str]]: + """ + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter(name="secretAccessKeySecretRef") + def secret_access_key_secret_ref(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01Route53SecretAccessKeySecretRefArgs']]: + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "secret_access_key_secret_ref") + + @secret_access_key_secret_ref.setter + def secret_access_key_secret_ref(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01Route53SecretAccessKeySecretRefArgs']]): + pulumi.set(self, "secret_access_key_secret_ref", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01WebhookArgs: + def __init__(__self__, *, + group_name: pulumi.Input[str], + solver_name: pulumi.Input[str], + config: Optional[pulumi.Input[Mapping[str, Any]]] = None): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + :param pulumi.Input[str] group_name: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + :param pulumi.Input[str] solver_name: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + :param pulumi.Input[Mapping[str, Any]] config: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + pulumi.set(__self__, "group_name", group_name) + pulumi.set(__self__, "solver_name", solver_name) + if config is not None: + pulumi.set(__self__, "config", config) + + @property + @pulumi.getter(name="groupName") + def group_name(self) -> pulumi.Input[str]: + """ + The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + """ + return pulumi.get(self, "group_name") + + @group_name.setter + def group_name(self, value: pulumi.Input[str]): + pulumi.set(self, "group_name", value) + + @property + @pulumi.getter(name="solverName") + def solver_name(self) -> pulumi.Input[str]: + """ + The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + """ + return pulumi.get(self, "solver_name") + + @solver_name.setter + def solver_name(self, value: pulumi.Input[str]): + pulumi.set(self, "solver_name", value) + + @property + @pulumi.getter + def config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + return pulumi.get(self, "config") + + @config.setter + def config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "config", value) + + +@pulumi.input_type +class ChallengeSpecSolverDns01Args: + def __init__(__self__, *, + acme_dns: Optional[pulumi.Input['ChallengeSpecSolverDns01AcmeDnsArgs']] = None, + akamai: Optional[pulumi.Input['ChallengeSpecSolverDns01AkamaiArgs']] = None, + azure_dns: Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsArgs']] = None, + cloud_dns: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudDnsArgs']] = None, + cloudflare: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareArgs']] = None, + cname_strategy: Optional[pulumi.Input[str]] = None, + digitalocean: Optional[pulumi.Input['ChallengeSpecSolverDns01DigitaloceanArgs']] = None, + rfc2136: Optional[pulumi.Input['ChallengeSpecSolverDns01Rfc2136Args']] = None, + route53: Optional[pulumi.Input['ChallengeSpecSolverDns01Route53Args']] = None, + webhook: Optional[pulumi.Input['ChallengeSpecSolverDns01WebhookArgs']] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param pulumi.Input['ChallengeSpecSolverDns01AcmeDnsArgs'] acme_dns: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01AkamaiArgs'] akamai: Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01AzureDnsArgs'] azure_dns: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01CloudDnsArgs'] cloud_dns: Use the Google Cloud DNS API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01CloudflareArgs'] cloudflare: Use the Cloudflare API to manage DNS01 challenge records. + :param pulumi.Input[str] cname_strategy: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + :param pulumi.Input['ChallengeSpecSolverDns01DigitaloceanArgs'] digitalocean: Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01Rfc2136Args'] rfc2136: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01Route53Args'] route53: Use the AWS Route53 API to manage DNS01 challenge records. + :param pulumi.Input['ChallengeSpecSolverDns01WebhookArgs'] webhook: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + if acme_dns is not None: + pulumi.set(__self__, "acme_dns", acme_dns) + if akamai is not None: + pulumi.set(__self__, "akamai", akamai) + if azure_dns is not None: + pulumi.set(__self__, "azure_dns", azure_dns) + if cloud_dns is not None: + pulumi.set(__self__, "cloud_dns", cloud_dns) + if cloudflare is not None: + pulumi.set(__self__, "cloudflare", cloudflare) + if cname_strategy is not None: + pulumi.set(__self__, "cname_strategy", cname_strategy) + if digitalocean is not None: + pulumi.set(__self__, "digitalocean", digitalocean) + if rfc2136 is not None: + pulumi.set(__self__, "rfc2136", rfc2136) + if route53 is not None: + pulumi.set(__self__, "route53", route53) + if webhook is not None: + pulumi.set(__self__, "webhook", webhook) + + @property + @pulumi.getter(name="acmeDNS") + def acme_dns(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01AcmeDnsArgs']]: + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + return pulumi.get(self, "acme_dns") + + @acme_dns.setter + def acme_dns(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01AcmeDnsArgs']]): + pulumi.set(self, "acme_dns", value) + + @property + @pulumi.getter + def akamai(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01AkamaiArgs']]: + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + return pulumi.get(self, "akamai") + + @akamai.setter + def akamai(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01AkamaiArgs']]): + pulumi.set(self, "akamai", value) + + @property + @pulumi.getter(name="azureDNS") + def azure_dns(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsArgs']]: + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "azure_dns") + + @azure_dns.setter + def azure_dns(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01AzureDnsArgs']]): + pulumi.set(self, "azure_dns", value) + + @property + @pulumi.getter(name="cloudDNS") + def cloud_dns(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01CloudDnsArgs']]: + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloud_dns") + + @cloud_dns.setter + def cloud_dns(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudDnsArgs']]): + pulumi.set(self, "cloud_dns", value) + + @property + @pulumi.getter + def cloudflare(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareArgs']]: + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloudflare") + + @cloudflare.setter + def cloudflare(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01CloudflareArgs']]): + pulumi.set(self, "cloudflare", value) + + @property + @pulumi.getter(name="cnameStrategy") + def cname_strategy(self) -> Optional[pulumi.Input[str]]: + """ + CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + """ + return pulumi.get(self, "cname_strategy") + + @cname_strategy.setter + def cname_strategy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cname_strategy", value) + + @property + @pulumi.getter + def digitalocean(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01DigitaloceanArgs']]: + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "digitalocean") + + @digitalocean.setter + def digitalocean(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01DigitaloceanArgs']]): + pulumi.set(self, "digitalocean", value) + + @property + @pulumi.getter + def rfc2136(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01Rfc2136Args']]: + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + return pulumi.get(self, "rfc2136") + + @rfc2136.setter + def rfc2136(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01Rfc2136Args']]): + pulumi.set(self, "rfc2136", value) + + @property + @pulumi.getter + def route53(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01Route53Args']]: + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + return pulumi.get(self, "route53") + + @route53.setter + def route53(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01Route53Args']]): + pulumi.set(self, "route53", value) + + @property + @pulumi.getter + def webhook(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01WebhookArgs']]: + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + return pulumi.get(self, "webhook") + + @webhook.setter + def webhook(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01WebhookArgs']]): + pulumi.set(self, "webhook", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01GatewayHttprouteParentRefsArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + group: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + port: Optional[pulumi.Input[int]] = None, + section_name: Optional[pulumi.Input[str]] = None): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + :param pulumi.Input[str] name: Name is the name of the referent. + Support: Core + :param pulumi.Input[str] group: Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + :param pulumi.Input[str] kind: Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + :param pulumi.Input[str] namespace: Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + :param pulumi.Input[int] port: Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + :param pulumi.Input[str] section_name: SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + pulumi.set(__self__, "name", name) + if group is None: + group = 'gateway.networking.k8s.io' + if group is not None: + pulumi.set(__self__, "group", group) + if kind is None: + kind = 'Gateway' + if kind is not None: + pulumi.set(__self__, "kind", kind) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if port is not None: + pulumi.set(__self__, "port", port) + if section_name is not None: + pulumi.set(__self__, "section_name", section_name) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name is the name of the referent. + Support: Core + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def group(self) -> Optional[pulumi.Input[str]]: + """ + Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + """ + return pulumi.get(self, "group") + + @group.setter + def group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter + def port(self) -> Optional[pulumi.Input[int]]: + """ + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + """ + return pulumi.get(self, "port") + + @port.setter + def port(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "port", value) + + @property + @pulumi.getter(name="sectionName") + def section_name(self) -> Optional[pulumi.Input[str]]: + """ + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + return pulumi.get(self, "section_name") + + @section_name.setter + def section_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "section_name", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01GatewayHttprouteArgs: + def __init__(__self__, *, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + parent_refs: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteParentRefsArgs']]]] = None, + service_type: Optional[pulumi.Input[str]] = None): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteParentRefsArgs']]] parent_refs: When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + :param pulumi.Input[str] service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if labels is not None: + pulumi.set(__self__, "labels", labels) + if parent_refs is not None: + pulumi.set(__self__, "parent_refs", parent_refs) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter(name="parentRefs") + def parent_refs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteParentRefsArgs']]]]: + """ + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + """ + return pulumi.get(self, "parent_refs") + + @parent_refs.setter + def parent_refs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteParentRefsArgs']]]]): + pulumi.set(self, "parent_refs", value) + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[pulumi.Input[str]]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + @service_type.setter + def service_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_type", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressIngressTemplateMetadataArgs: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] annotations: Annotations that should be added to the created ACME HTTP01 solver ingress. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels that should be added to the created ACME HTTP01 solver ingress. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Annotations that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Labels that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressIngressTemplateArgs: + def __init__(__self__, *, + metadata: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateMetadataArgs']] = None): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateMetadataArgs'] metadata: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateMetadataArgs']]: + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateMetadataArgs']]): + pulumi.set(self, "metadata", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateMetadataArgs: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] annotations: Annotations that should be added to the create ACME HTTP01 solver pods. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels that should be added to the created ACME HTTP01 solver pods. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Annotations that should be added to the create ACME HTTP01 solver pods. + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Labels that should be added to the created ACME HTTP01 solver pods. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]] = None, + match_fields: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]] = None): + """ + A node selector term, associated with the corresponding weight. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]] match_expressions: A list of node selector requirements by node's labels. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + @match_fields.setter + def match_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]]): + pulumi.set(self, "match_fields", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + preference: pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs'], + weight: pulumi.Input[int]): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs'] preference: A node selector term, associated with the corresponding weight. + :param pulumi.Input[int] weight: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + pulumi.set(__self__, "preference", preference) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter + def preference(self) -> pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs']: + """ + A node selector term, associated with the corresponding weight. + """ + return pulumi.get(self, "preference") + + @preference.setter + def preference(self, value: pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs']): + pulumi.set(self, "preference", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]] = None, + match_fields: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]] = None): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]] match_expressions: A list of node selector requirements by node's labels. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + @match_fields.setter + def match_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]]): + pulumi.set(self, "match_fields", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + node_selector_terms: pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]] node_selector_terms: Required. A list of node selector terms. The terms are ORed. + """ + pulumi.set(__self__, "node_selector_terms", node_selector_terms) + + @property + @pulumi.getter(name="nodeSelectorTerms") + def node_selector_terms(self) -> pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]: + """ + Required. A list of node selector terms. The terms are ORed. + """ + return pulumi.get(self, "node_selector_terms") + + @node_selector_terms.setter + def node_selector_terms(self, value: pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]): + pulumi.set(self, "node_selector_terms", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']] = None): + """ + Describes node affinity scheduling rules for the pod. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + pod_affinity_term: pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'], + weight: pulumi.Input[int]): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'] pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[int] weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']: + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @pod_affinity_term.setter + def pod_affinity_term(self, value: pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']): + pulumi.set(self, "pod_affinity_term", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + pod_affinity_term: pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'], + weight: pulumi.Input[int]): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'] pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[int] weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']: + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @pod_affinity_term.setter + def pod_affinity_term(self, value: pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']): + pulumi.set(self, "pod_affinity_term", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]] required_during_scheduling_ignored_during_execution: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityArgs: + def __init__(__self__, *, + node_affinity: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']] = None, + pod_affinity: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']] = None, + pod_anti_affinity: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']] = None): + """ + If specified, the pod's scheduling constraints + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs'] node_affinity: Describes node affinity scheduling rules for the pod. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityArgs'] pod_affinity: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs'] pod_anti_affinity: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + if node_affinity is not None: + pulumi.set(__self__, "node_affinity", node_affinity) + if pod_affinity is not None: + pulumi.set(__self__, "pod_affinity", pod_affinity) + if pod_anti_affinity is not None: + pulumi.set(__self__, "pod_anti_affinity", pod_anti_affinity) + + @property + @pulumi.getter(name="nodeAffinity") + def node_affinity(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']]: + """ + Describes node affinity scheduling rules for the pod. + """ + return pulumi.get(self, "node_affinity") + + @node_affinity.setter + def node_affinity(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']]): + pulumi.set(self, "node_affinity", value) + + @property + @pulumi.getter(name="podAffinity") + def pod_affinity(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']]: + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_affinity") + + @pod_affinity.setter + def pod_affinity(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']]): + pulumi.set(self, "pod_affinity", value) + + @property + @pulumi.getter(name="podAntiAffinity") + def pod_anti_affinity(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']]: + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_anti_affinity") + + @pod_anti_affinity.setter + def pod_anti_affinity(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']]): + pulumi.set(self, "pod_anti_affinity", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecretsArgs: + def __init__(__self__, *, + name: Optional[pulumi.Input[str]] = None): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + :param pulumi.Input[str] name: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerationsArgs: + def __init__(__self__, *, + effect: Optional[pulumi.Input[str]] = None, + key: Optional[pulumi.Input[str]] = None, + operator: Optional[pulumi.Input[str]] = None, + toleration_seconds: Optional[pulumi.Input[int]] = None, + value: Optional[pulumi.Input[str]] = None): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + :param pulumi.Input[str] effect: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + :param pulumi.Input[str] key: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + :param pulumi.Input[str] operator: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + :param pulumi.Input[int] toleration_seconds: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + :param pulumi.Input[str] value: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + if effect is not None: + pulumi.set(__self__, "effect", effect) + if key is not None: + pulumi.set(__self__, "key", key) + if operator is not None: + pulumi.set(__self__, "operator", operator) + if toleration_seconds is not None: + pulumi.set(__self__, "toleration_seconds", toleration_seconds) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def effect(self) -> Optional[pulumi.Input[str]]: + """ + Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + """ + return pulumi.get(self, "effect") + + @effect.setter + def effect(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "effect", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> Optional[pulumi.Input[str]]: + """ + Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter(name="tolerationSeconds") + def toleration_seconds(self) -> Optional[pulumi.Input[int]]: + """ + TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + """ + return pulumi.get(self, "toleration_seconds") + + @toleration_seconds.setter + def toleration_seconds(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "toleration_seconds", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + """ + Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecArgs: + def __init__(__self__, *, + affinity: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityArgs']] = None, + image_pull_secrets: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]] = None, + node_selector: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + priority_class_name: Optional[pulumi.Input[str]] = None, + service_account_name: Optional[pulumi.Input[str]] = None, + tolerations: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerationsArgs']]]] = None): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityArgs'] affinity: If specified, the pod's scheduling constraints + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecretsArgs']]] image_pull_secrets: If specified, the pod's imagePullSecrets + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] node_selector: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + :param pulumi.Input[str] priority_class_name: If specified, the pod's priorityClassName. + :param pulumi.Input[str] service_account_name: If specified, the pod's service account + :param pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerationsArgs']]] tolerations: If specified, the pod's tolerations. + """ + if affinity is not None: + pulumi.set(__self__, "affinity", affinity) + if image_pull_secrets is not None: + pulumi.set(__self__, "image_pull_secrets", image_pull_secrets) + if node_selector is not None: + pulumi.set(__self__, "node_selector", node_selector) + if priority_class_name is not None: + pulumi.set(__self__, "priority_class_name", priority_class_name) + if service_account_name is not None: + pulumi.set(__self__, "service_account_name", service_account_name) + if tolerations is not None: + pulumi.set(__self__, "tolerations", tolerations) + + @property + @pulumi.getter + def affinity(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityArgs']]: + """ + If specified, the pod's scheduling constraints + """ + return pulumi.get(self, "affinity") + + @affinity.setter + def affinity(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityArgs']]): + pulumi.set(self, "affinity", value) + + @property + @pulumi.getter(name="imagePullSecrets") + def image_pull_secrets(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]]: + """ + If specified, the pod's imagePullSecrets + """ + return pulumi.get(self, "image_pull_secrets") + + @image_pull_secrets.setter + def image_pull_secrets(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]]): + pulumi.set(self, "image_pull_secrets", value) + + @property + @pulumi.getter(name="nodeSelector") + def node_selector(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + """ + return pulumi.get(self, "node_selector") + + @node_selector.setter + def node_selector(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "node_selector", value) + + @property + @pulumi.getter(name="priorityClassName") + def priority_class_name(self) -> Optional[pulumi.Input[str]]: + """ + If specified, the pod's priorityClassName. + """ + return pulumi.get(self, "priority_class_name") + + @priority_class_name.setter + def priority_class_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "priority_class_name", value) + + @property + @pulumi.getter(name="serviceAccountName") + def service_account_name(self) -> Optional[pulumi.Input[str]]: + """ + If specified, the pod's service account + """ + return pulumi.get(self, "service_account_name") + + @service_account_name.setter + def service_account_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_account_name", value) + + @property + @pulumi.getter + def tolerations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerationsArgs']]]]: + """ + If specified, the pod's tolerations. + """ + return pulumi.get(self, "tolerations") + + @tolerations.setter + def tolerations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerationsArgs']]]]): + pulumi.set(self, "tolerations", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressPodTemplateArgs: + def __init__(__self__, *, + metadata: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateMetadataArgs']] = None, + spec: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecArgs']] = None): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateMetadataArgs'] metadata: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecArgs'] spec: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateMetadataArgs']]: + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateMetadataArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecArgs']]: + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateSpecArgs']]): + pulumi.set(self, "spec", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01IngressArgs: + def __init__(__self__, *, + class_: Optional[pulumi.Input[str]] = None, + ingress_class_name: Optional[pulumi.Input[str]] = None, + ingress_template: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateArgs']] = None, + name: Optional[pulumi.Input[str]] = None, + pod_template: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateArgs']] = None, + service_type: Optional[pulumi.Input[str]] = None): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + :param pulumi.Input[str] class_: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input[str] ingress_class_name: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateArgs'] ingress_template: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param pulumi.Input[str] name: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateArgs'] pod_template: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param pulumi.Input[str] service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if class_ is not None: + pulumi.set(__self__, "class_", class_) + if ingress_class_name is not None: + pulumi.set(__self__, "ingress_class_name", ingress_class_name) + if ingress_template is not None: + pulumi.set(__self__, "ingress_template", ingress_template) + if name is not None: + pulumi.set(__self__, "name", name) + if pod_template is not None: + pulumi.set(__self__, "pod_template", pod_template) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter(name="class") + def class_(self) -> Optional[pulumi.Input[str]]: + """ + This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "class_") + + @class_.setter + def class_(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "class_", value) + + @property + @pulumi.getter(name="ingressClassName") + def ingress_class_name(self) -> Optional[pulumi.Input[str]]: + """ + This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "ingress_class_name") + + @ingress_class_name.setter + def ingress_class_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ingress_class_name", value) + + @property + @pulumi.getter(name="ingressTemplate") + def ingress_template(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateArgs']]: + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + return pulumi.get(self, "ingress_template") + + @ingress_template.setter + def ingress_template(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressIngressTemplateArgs']]): + pulumi.set(self, "ingress_template", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="podTemplate") + def pod_template(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateArgs']]: + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + return pulumi.get(self, "pod_template") + + @pod_template.setter + def pod_template(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressPodTemplateArgs']]): + pulumi.set(self, "pod_template", value) + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[pulumi.Input[str]]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + @service_type.setter + def service_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_type", value) + + +@pulumi.input_type +class ChallengeSpecSolverHttp01Args: + def __init__(__self__, *, + gateway_http_route: Optional[pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteArgs']] = None, + ingress: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressArgs']] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteArgs'] gateway_http_route: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param pulumi.Input['ChallengeSpecSolverHttp01IngressArgs'] ingress: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + if gateway_http_route is not None: + pulumi.set(__self__, "gateway_http_route", gateway_http_route) + if ingress is not None: + pulumi.set(__self__, "ingress", ingress) + + @property + @pulumi.getter(name="gatewayHTTPRoute") + def gateway_http_route(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteArgs']]: + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + return pulumi.get(self, "gateway_http_route") + + @gateway_http_route.setter + def gateway_http_route(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01GatewayHttprouteArgs']]): + pulumi.set(self, "gateway_http_route", value) + + @property + @pulumi.getter + def ingress(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressArgs']]: + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + return pulumi.get(self, "ingress") + + @ingress.setter + def ingress(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01IngressArgs']]): + pulumi.set(self, "ingress", value) + + +@pulumi.input_type +class ChallengeSpecSolverSelectorArgs: + def __init__(__self__, *, + dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + dns_zones: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_zones: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if dns_zones is not None: + pulumi.set(__self__, "dns_zones", dns_zones) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_names") + + @dns_names.setter + def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_names", value) + + @property + @pulumi.getter(name="dnsZones") + def dns_zones(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_zones") + + @dns_zones.setter + def dns_zones(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_zones", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ChallengeSpecSolverArgs: + def __init__(__self__, *, + dns01: Optional[pulumi.Input['ChallengeSpecSolverDns01Args']] = None, + http01: Optional[pulumi.Input['ChallengeSpecSolverHttp01Args']] = None, + selector: Optional[pulumi.Input['ChallengeSpecSolverSelectorArgs']] = None): + """ + Contains the domain solving configuration that should be used to solve this challenge resource. + :param pulumi.Input['ChallengeSpecSolverDns01Args'] dns01: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param pulumi.Input['ChallengeSpecSolverHttp01Args'] http01: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param pulumi.Input['ChallengeSpecSolverSelectorArgs'] selector: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + if dns01 is not None: + pulumi.set(__self__, "dns01", dns01) + if http01 is not None: + pulumi.set(__self__, "http01", http01) + if selector is not None: + pulumi.set(__self__, "selector", selector) + + @property + @pulumi.getter + def dns01(self) -> Optional[pulumi.Input['ChallengeSpecSolverDns01Args']]: + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + return pulumi.get(self, "dns01") + + @dns01.setter + def dns01(self, value: Optional[pulumi.Input['ChallengeSpecSolverDns01Args']]): + pulumi.set(self, "dns01", value) + + @property + @pulumi.getter + def http01(self) -> Optional[pulumi.Input['ChallengeSpecSolverHttp01Args']]: + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + return pulumi.get(self, "http01") + + @http01.setter + def http01(self, value: Optional[pulumi.Input['ChallengeSpecSolverHttp01Args']]): + pulumi.set(self, "http01", value) + + @property + @pulumi.getter + def selector(self) -> Optional[pulumi.Input['ChallengeSpecSolverSelectorArgs']]: + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + return pulumi.get(self, "selector") + + @selector.setter + def selector(self, value: Optional[pulumi.Input['ChallengeSpecSolverSelectorArgs']]): + pulumi.set(self, "selector", value) + + +@pulumi.input_type +class ChallengeSpecArgs: + def __init__(__self__, *, + authorization_url: pulumi.Input[str], + dns_name: pulumi.Input[str], + issuer_ref: pulumi.Input['ChallengeSpecIssuerRefArgs'], + key: pulumi.Input[str], + solver: pulumi.Input['ChallengeSpecSolverArgs'], + token: pulumi.Input[str], + type: pulumi.Input[str], + url: pulumi.Input[str], + wildcard: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[str] authorization_url: The URL to the ACME Authorization resource that this challenge is a part of. + :param pulumi.Input[str] dns_name: dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + :param pulumi.Input['ChallengeSpecIssuerRefArgs'] issuer_ref: References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + :param pulumi.Input[str] key: The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content. + :param pulumi.Input['ChallengeSpecSolverArgs'] solver: Contains the domain solving configuration that should be used to solve this challenge resource. + :param pulumi.Input[str] token: The ACME challenge token for this challenge. This is the raw value returned from the ACME server. + :param pulumi.Input[str] type: The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + :param pulumi.Input[str] url: The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. + :param pulumi.Input[bool] wildcard: wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. + """ + pulumi.set(__self__, "authorization_url", authorization_url) + pulumi.set(__self__, "dns_name", dns_name) + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "solver", solver) + pulumi.set(__self__, "token", token) + pulumi.set(__self__, "type", type) + pulumi.set(__self__, "url", url) + if wildcard is not None: + pulumi.set(__self__, "wildcard", wildcard) + + @property + @pulumi.getter(name="authorizationURL") + def authorization_url(self) -> pulumi.Input[str]: + """ + The URL to the ACME Authorization resource that this challenge is a part of. + """ + return pulumi.get(self, "authorization_url") + + @authorization_url.setter + def authorization_url(self, value: pulumi.Input[str]): + pulumi.set(self, "authorization_url", value) + + @property + @pulumi.getter(name="dnsName") + def dns_name(self) -> pulumi.Input[str]: + """ + dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + """ + return pulumi.get(self, "dns_name") + + @dns_name.setter + def dns_name(self, value: pulumi.Input[str]): + pulumi.set(self, "dns_name", value) + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> pulumi.Input['ChallengeSpecIssuerRefArgs']: + """ + References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + """ + return pulumi.get(self, "issuer_ref") + + @issuer_ref.setter + def issuer_ref(self, value: pulumi.Input['ChallengeSpecIssuerRefArgs']): + pulumi.set(self, "issuer_ref", value) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def solver(self) -> pulumi.Input['ChallengeSpecSolverArgs']: + """ + Contains the domain solving configuration that should be used to solve this challenge resource. + """ + return pulumi.get(self, "solver") + + @solver.setter + def solver(self, value: pulumi.Input['ChallengeSpecSolverArgs']): + pulumi.set(self, "solver", value) + + @property + @pulumi.getter + def token(self) -> pulumi.Input[str]: + """ + The ACME challenge token for this challenge. This is the raw value returned from the ACME server. + """ + return pulumi.get(self, "token") + + @token.setter + def token(self, value: pulumi.Input[str]): + pulumi.set(self, "token", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def url(self) -> pulumi.Input[str]: + """ + The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: pulumi.Input[str]): + pulumi.set(self, "url", value) + + @property + @pulumi.getter + def wildcard(self) -> Optional[pulumi.Input[bool]]: + """ + wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. + """ + return pulumi.get(self, "wildcard") + + @wildcard.setter + def wildcard(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "wildcard", value) + + +@pulumi.input_type +class ChallengeStatusArgs: + def __init__(__self__, *, + presented: Optional[pulumi.Input[bool]] = None, + processing: Optional[pulumi.Input[bool]] = None, + reason: Optional[pulumi.Input[str]] = None, + state: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[bool] presented: presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured). + :param pulumi.Input[bool] processing: Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action. + :param pulumi.Input[str] reason: Contains human readable information on why the Challenge is in the current state. + :param pulumi.Input[str] state: Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown. + """ + if presented is not None: + pulumi.set(__self__, "presented", presented) + if processing is not None: + pulumi.set(__self__, "processing", processing) + if reason is not None: + pulumi.set(__self__, "reason", reason) + if state is not None: + pulumi.set(__self__, "state", state) + + @property + @pulumi.getter + def presented(self) -> Optional[pulumi.Input[bool]]: + """ + presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured). + """ + return pulumi.get(self, "presented") + + @presented.setter + def presented(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "presented", value) + + @property + @pulumi.getter + def processing(self) -> Optional[pulumi.Input[bool]]: + """ + Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action. + """ + return pulumi.get(self, "processing") + + @processing.setter + def processing(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "processing", value) + + @property + @pulumi.getter + def reason(self) -> Optional[pulumi.Input[str]]: + """ + Contains human readable information on why the Challenge is in the current state. + """ + return pulumi.get(self, "reason") + + @reason.setter + def reason(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "reason", value) + + @property + @pulumi.getter + def state(self) -> Optional[pulumi.Input[str]]: + """ + Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown. + """ + return pulumi.get(self, "state") + + @state.setter + def state(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "state", value) + + +@pulumi.input_type +class OrderSpecIssuerRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + group: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None): + """ + IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + :param pulumi.Input[str] name: Name of the resource being referred to. + :param pulumi.Input[str] group: Group of the resource being referred to. + :param pulumi.Input[str] kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def group(self) -> Optional[pulumi.Input[str]]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @group.setter + def group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + +@pulumi.input_type +class OrderSpecArgs: + def __init__(__self__, *, + issuer_ref: pulumi.Input['OrderSpecIssuerRefArgs'], + request: pulumi.Input[str], + common_name: Optional[pulumi.Input[str]] = None, + dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + duration: Optional[pulumi.Input[str]] = None, + ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input['OrderSpecIssuerRefArgs'] issuer_ref: IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + :param pulumi.Input[str] request: Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. + :param pulumi.Input[str] common_name: CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + :param pulumi.Input[str] duration: Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + """ + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "request", request) + if common_name is not None: + pulumi.set(__self__, "common_name", common_name) + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if ip_addresses is not None: + pulumi.set(__self__, "ip_addresses", ip_addresses) + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> pulumi.Input['OrderSpecIssuerRefArgs']: + """ + IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + """ + return pulumi.get(self, "issuer_ref") + + @issuer_ref.setter + def issuer_ref(self, value: pulumi.Input['OrderSpecIssuerRefArgs']): + pulumi.set(self, "issuer_ref", value) + + @property + @pulumi.getter + def request(self) -> pulumi.Input[str]: + """ + Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. + """ + return pulumi.get(self, "request") + + @request.setter + def request(self, value: pulumi.Input[str]): + pulumi.set(self, "request", value) + + @property + @pulumi.getter(name="commonName") + def common_name(self) -> Optional[pulumi.Input[str]]: + """ + CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. + """ + return pulumi.get(self, "common_name") + + @common_name.setter + def common_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "common_name", value) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + """ + return pulumi.get(self, "dns_names") + + @dns_names.setter + def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_names", value) + + @property + @pulumi.getter + def duration(self) -> Optional[pulumi.Input[str]]: + """ + Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. + """ + return pulumi.get(self, "duration") + + @duration.setter + def duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "duration", value) + + @property + @pulumi.getter(name="ipAddresses") + def ip_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + """ + return pulumi.get(self, "ip_addresses") + + @ip_addresses.setter + def ip_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ip_addresses", value) + + +@pulumi.input_type +class OrderStatusAuthorizationsChallengesArgs: + def __init__(__self__, *, + token: pulumi.Input[str], + type: pulumi.Input[str], + url: pulumi.Input[str]): + """ + Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process. + :param pulumi.Input[str] token: Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented. + :param pulumi.Input[str] type: Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored. + :param pulumi.Input[str] url: URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server. + """ + pulumi.set(__self__, "token", token) + pulumi.set(__self__, "type", type) + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter + def token(self) -> pulumi.Input[str]: + """ + Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented. + """ + return pulumi.get(self, "token") + + @token.setter + def token(self, value: pulumi.Input[str]): + pulumi.set(self, "token", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def url(self) -> pulumi.Input[str]: + """ + URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server. + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: pulumi.Input[str]): + pulumi.set(self, "url", value) + + +@pulumi.input_type +class OrderStatusAuthorizationsArgs: + def __init__(__self__, *, + url: pulumi.Input[str], + challenges: Optional[pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsChallengesArgs']]]] = None, + identifier: Optional[pulumi.Input[str]] = None, + initial_state: Optional[pulumi.Input[str]] = None, + wildcard: Optional[pulumi.Input[bool]] = None): + """ + ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource. + :param pulumi.Input[str] url: URL is the URL of the Authorization that must be completed + :param pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsChallengesArgs']]] challenges: Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process. + :param pulumi.Input[str] identifier: Identifier is the DNS name to be validated as part of this authorization + :param pulumi.Input[str] initial_state: InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created. + :param pulumi.Input[bool] wildcard: Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'. + """ + pulumi.set(__self__, "url", url) + if challenges is not None: + pulumi.set(__self__, "challenges", challenges) + if identifier is not None: + pulumi.set(__self__, "identifier", identifier) + if initial_state is not None: + pulumi.set(__self__, "initial_state", initial_state) + if wildcard is not None: + pulumi.set(__self__, "wildcard", wildcard) + + @property + @pulumi.getter + def url(self) -> pulumi.Input[str]: + """ + URL is the URL of the Authorization that must be completed + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: pulumi.Input[str]): + pulumi.set(self, "url", value) + + @property + @pulumi.getter + def challenges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsChallengesArgs']]]]: + """ + Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process. + """ + return pulumi.get(self, "challenges") + + @challenges.setter + def challenges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsChallengesArgs']]]]): + pulumi.set(self, "challenges", value) + + @property + @pulumi.getter + def identifier(self) -> Optional[pulumi.Input[str]]: + """ + Identifier is the DNS name to be validated as part of this authorization + """ + return pulumi.get(self, "identifier") + + @identifier.setter + def identifier(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "identifier", value) + + @property + @pulumi.getter(name="initialState") + def initial_state(self) -> Optional[pulumi.Input[str]]: + """ + InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created. + """ + return pulumi.get(self, "initial_state") + + @initial_state.setter + def initial_state(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "initial_state", value) + + @property + @pulumi.getter + def wildcard(self) -> Optional[pulumi.Input[bool]]: + """ + Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'. + """ + return pulumi.get(self, "wildcard") + + @wildcard.setter + def wildcard(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "wildcard", value) + + +@pulumi.input_type +class OrderStatusArgs: + def __init__(__self__, *, + authorizations: Optional[pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsArgs']]]] = None, + certificate: Optional[pulumi.Input[str]] = None, + failure_time: Optional[pulumi.Input[str]] = None, + finalize_url: Optional[pulumi.Input[str]] = None, + reason: Optional[pulumi.Input[str]] = None, + state: Optional[pulumi.Input[str]] = None, + url: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsArgs']]] authorizations: Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order. + :param pulumi.Input[str] certificate: Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state. + :param pulumi.Input[str] failure_time: FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off. + :param pulumi.Input[str] finalize_url: FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed. + :param pulumi.Input[str] reason: Reason optionally provides more information about a why the order is in the current state. + :param pulumi.Input[str] state: State contains the current state of this Order resource. States 'success' and 'expired' are 'final' + :param pulumi.Input[str] url: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set. + """ + if authorizations is not None: + pulumi.set(__self__, "authorizations", authorizations) + if certificate is not None: + pulumi.set(__self__, "certificate", certificate) + if failure_time is not None: + pulumi.set(__self__, "failure_time", failure_time) + if finalize_url is not None: + pulumi.set(__self__, "finalize_url", finalize_url) + if reason is not None: + pulumi.set(__self__, "reason", reason) + if state is not None: + pulumi.set(__self__, "state", state) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter + def authorizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsArgs']]]]: + """ + Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order. + """ + return pulumi.get(self, "authorizations") + + @authorizations.setter + def authorizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['OrderStatusAuthorizationsArgs']]]]): + pulumi.set(self, "authorizations", value) + + @property + @pulumi.getter + def certificate(self) -> Optional[pulumi.Input[str]]: + """ + Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state. + """ + return pulumi.get(self, "certificate") + + @certificate.setter + def certificate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "certificate", value) + + @property + @pulumi.getter(name="failureTime") + def failure_time(self) -> Optional[pulumi.Input[str]]: + """ + FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off. + """ + return pulumi.get(self, "failure_time") + + @failure_time.setter + def failure_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "failure_time", value) + + @property + @pulumi.getter(name="finalizeURL") + def finalize_url(self) -> Optional[pulumi.Input[str]]: + """ + FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed. + """ + return pulumi.get(self, "finalize_url") + + @finalize_url.setter + def finalize_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "finalize_url", value) + + @property + @pulumi.getter + def reason(self) -> Optional[pulumi.Input[str]]: + """ + Reason optionally provides more information about a why the order is in the current state. + """ + return pulumi.get(self, "reason") + + @reason.setter + def reason(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "reason", value) + + @property + @pulumi.getter + def state(self) -> Optional[pulumi.Input[str]]: + """ + State contains the current state of this Order resource. States 'success' and 'expired' are 'final' + """ + return pulumi.get(self, "state") + + @state.setter + def state(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "state", value) + + @property + @pulumi.getter + def url(self) -> Optional[pulumi.Input[str]]: + """ + URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set. + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "url", value) + + diff --git a/sdk/python/pulumi_cert_manager_resources/acme/v1/outputs.py b/sdk/python/pulumi_cert_manager_resources/acme/v1/outputs.py new file mode 100644 index 0000000..f336846 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/acme/v1/outputs.py @@ -0,0 +1,4736 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs + +__all__ = [ + 'ChallengeSpec', + 'ChallengeSpecIssuerRef', + 'ChallengeSpecSolver', + 'ChallengeSpecSolverDns01', + 'ChallengeSpecSolverDns01AcmeDns', + 'ChallengeSpecSolverDns01AcmeDnsAccountSecretRef', + 'ChallengeSpecSolverDns01Akamai', + 'ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef', + 'ChallengeSpecSolverDns01AkamaiClientSecretSecretRef', + 'ChallengeSpecSolverDns01AkamaiClientTokenSecretRef', + 'ChallengeSpecSolverDns01AzureDns', + 'ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef', + 'ChallengeSpecSolverDns01AzureDnsManagedIdentity', + 'ChallengeSpecSolverDns01CloudDns', + 'ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef', + 'ChallengeSpecSolverDns01Cloudflare', + 'ChallengeSpecSolverDns01CloudflareApiKeySecretRef', + 'ChallengeSpecSolverDns01CloudflareApiTokenSecretRef', + 'ChallengeSpecSolverDns01Digitalocean', + 'ChallengeSpecSolverDns01DigitaloceanTokenSecretRef', + 'ChallengeSpecSolverDns01Rfc2136', + 'ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef', + 'ChallengeSpecSolverDns01Route53', + 'ChallengeSpecSolverDns01Route53AccessKeyIdsecretRef', + 'ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef', + 'ChallengeSpecSolverDns01Webhook', + 'ChallengeSpecSolverHttp01', + 'ChallengeSpecSolverHttp01GatewayHttproute', + 'ChallengeSpecSolverHttp01GatewayHttprouteParentRefs', + 'ChallengeSpecSolverHttp01Ingress', + 'ChallengeSpecSolverHttp01IngressIngressTemplate', + 'ChallengeSpecSolverHttp01IngressIngressTemplateMetadata', + 'ChallengeSpecSolverHttp01IngressPodTemplate', + 'ChallengeSpecSolverHttp01IngressPodTemplateMetadata', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpec', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecrets', + 'ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations', + 'ChallengeSpecSolverSelector', + 'ChallengeStatus', + 'OrderSpec', + 'OrderSpecIssuerRef', + 'OrderStatus', + 'OrderStatusAuthorizations', + 'OrderStatusAuthorizationsChallenges', +] + +@pulumi.output_type +class ChallengeSpec(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "authorizationURL": + suggest = "authorization_url" + elif key == "dnsName": + suggest = "dns_name" + elif key == "issuerRef": + suggest = "issuer_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + authorization_url: str, + dns_name: str, + issuer_ref: 'outputs.ChallengeSpecIssuerRef', + key: str, + solver: 'outputs.ChallengeSpecSolver', + token: str, + type: str, + url: str, + wildcard: Optional[bool] = None): + """ + :param str authorization_url: The URL to the ACME Authorization resource that this challenge is a part of. + :param str dns_name: dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + :param 'ChallengeSpecIssuerRefArgs' issuer_ref: References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + :param str key: The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content. + :param 'ChallengeSpecSolverArgs' solver: Contains the domain solving configuration that should be used to solve this challenge resource. + :param str token: The ACME challenge token for this challenge. This is the raw value returned from the ACME server. + :param str type: The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + :param str url: The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. + :param bool wildcard: wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. + """ + pulumi.set(__self__, "authorization_url", authorization_url) + pulumi.set(__self__, "dns_name", dns_name) + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "solver", solver) + pulumi.set(__self__, "token", token) + pulumi.set(__self__, "type", type) + pulumi.set(__self__, "url", url) + if wildcard is not None: + pulumi.set(__self__, "wildcard", wildcard) + + @property + @pulumi.getter(name="authorizationURL") + def authorization_url(self) -> str: + """ + The URL to the ACME Authorization resource that this challenge is a part of. + """ + return pulumi.get(self, "authorization_url") + + @property + @pulumi.getter(name="dnsName") + def dns_name(self) -> str: + """ + dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + """ + return pulumi.get(self, "dns_name") + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> 'outputs.ChallengeSpecIssuerRef': + """ + References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + """ + return pulumi.get(self, "issuer_ref") + + @property + @pulumi.getter + def key(self) -> str: + """ + The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def solver(self) -> 'outputs.ChallengeSpecSolver': + """ + Contains the domain solving configuration that should be used to solve this challenge resource. + """ + return pulumi.get(self, "solver") + + @property + @pulumi.getter + def token(self) -> str: + """ + The ACME challenge token for this challenge. This is the raw value returned from the ACME server. + """ + return pulumi.get(self, "token") + + @property + @pulumi.getter + def type(self) -> str: + """ + The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter + def url(self) -> str: + """ + The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. + """ + return pulumi.get(self, "url") + + @property + @pulumi.getter + def wildcard(self) -> Optional[bool]: + """ + wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. + """ + return pulumi.get(self, "wildcard") + + +@pulumi.output_type +class ChallengeSpecIssuerRef(dict): + """ + References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + """ + def __init__(__self__, *, + name: str, + group: Optional[str] = None, + kind: Optional[str] = None): + """ + References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + :param str name: Name of the resource being referred to. + :param str group: Group of the resource being referred to. + :param str kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def group(self) -> Optional[str]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + +@pulumi.output_type +class ChallengeSpecSolver(dict): + """ + Contains the domain solving configuration that should be used to solve this challenge resource. + """ + def __init__(__self__, *, + dns01: Optional['outputs.ChallengeSpecSolverDns01'] = None, + http01: Optional['outputs.ChallengeSpecSolverHttp01'] = None, + selector: Optional['outputs.ChallengeSpecSolverSelector'] = None): + """ + Contains the domain solving configuration that should be used to solve this challenge resource. + :param 'ChallengeSpecSolverDns01Args' dns01: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param 'ChallengeSpecSolverHttp01Args' http01: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param 'ChallengeSpecSolverSelectorArgs' selector: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + if dns01 is not None: + pulumi.set(__self__, "dns01", dns01) + if http01 is not None: + pulumi.set(__self__, "http01", http01) + if selector is not None: + pulumi.set(__self__, "selector", selector) + + @property + @pulumi.getter + def dns01(self) -> Optional['outputs.ChallengeSpecSolverDns01']: + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + return pulumi.get(self, "dns01") + + @property + @pulumi.getter + def http01(self) -> Optional['outputs.ChallengeSpecSolverHttp01']: + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + return pulumi.get(self, "http01") + + @property + @pulumi.getter + def selector(self) -> Optional['outputs.ChallengeSpecSolverSelector']: + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + return pulumi.get(self, "selector") + + +@pulumi.output_type +class ChallengeSpecSolverDns01(dict): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "acmeDNS": + suggest = "acme_dns" + elif key == "azureDNS": + suggest = "azure_dns" + elif key == "cloudDNS": + suggest = "cloud_dns" + elif key == "cnameStrategy": + suggest = "cname_strategy" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + acme_dns: Optional['outputs.ChallengeSpecSolverDns01AcmeDns'] = None, + akamai: Optional['outputs.ChallengeSpecSolverDns01Akamai'] = None, + azure_dns: Optional['outputs.ChallengeSpecSolverDns01AzureDns'] = None, + cloud_dns: Optional['outputs.ChallengeSpecSolverDns01CloudDns'] = None, + cloudflare: Optional['outputs.ChallengeSpecSolverDns01Cloudflare'] = None, + cname_strategy: Optional[str] = None, + digitalocean: Optional['outputs.ChallengeSpecSolverDns01Digitalocean'] = None, + rfc2136: Optional['outputs.ChallengeSpecSolverDns01Rfc2136'] = None, + route53: Optional['outputs.ChallengeSpecSolverDns01Route53'] = None, + webhook: Optional['outputs.ChallengeSpecSolverDns01Webhook'] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param 'ChallengeSpecSolverDns01AcmeDnsArgs' acme_dns: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01AkamaiArgs' akamai: Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01AzureDnsArgs' azure_dns: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01CloudDnsArgs' cloud_dns: Use the Google Cloud DNS API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01CloudflareArgs' cloudflare: Use the Cloudflare API to manage DNS01 challenge records. + :param str cname_strategy: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + :param 'ChallengeSpecSolverDns01DigitaloceanArgs' digitalocean: Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01Rfc2136Args' rfc2136: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01Route53Args' route53: Use the AWS Route53 API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01WebhookArgs' webhook: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + if acme_dns is not None: + pulumi.set(__self__, "acme_dns", acme_dns) + if akamai is not None: + pulumi.set(__self__, "akamai", akamai) + if azure_dns is not None: + pulumi.set(__self__, "azure_dns", azure_dns) + if cloud_dns is not None: + pulumi.set(__self__, "cloud_dns", cloud_dns) + if cloudflare is not None: + pulumi.set(__self__, "cloudflare", cloudflare) + if cname_strategy is not None: + pulumi.set(__self__, "cname_strategy", cname_strategy) + if digitalocean is not None: + pulumi.set(__self__, "digitalocean", digitalocean) + if rfc2136 is not None: + pulumi.set(__self__, "rfc2136", rfc2136) + if route53 is not None: + pulumi.set(__self__, "route53", route53) + if webhook is not None: + pulumi.set(__self__, "webhook", webhook) + + @property + @pulumi.getter(name="acmeDNS") + def acme_dns(self) -> Optional['outputs.ChallengeSpecSolverDns01AcmeDns']: + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + return pulumi.get(self, "acme_dns") + + @property + @pulumi.getter + def akamai(self) -> Optional['outputs.ChallengeSpecSolverDns01Akamai']: + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + return pulumi.get(self, "akamai") + + @property + @pulumi.getter(name="azureDNS") + def azure_dns(self) -> Optional['outputs.ChallengeSpecSolverDns01AzureDns']: + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "azure_dns") + + @property + @pulumi.getter(name="cloudDNS") + def cloud_dns(self) -> Optional['outputs.ChallengeSpecSolverDns01CloudDns']: + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloud_dns") + + @property + @pulumi.getter + def cloudflare(self) -> Optional['outputs.ChallengeSpecSolverDns01Cloudflare']: + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloudflare") + + @property + @pulumi.getter(name="cnameStrategy") + def cname_strategy(self) -> Optional[str]: + """ + CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + """ + return pulumi.get(self, "cname_strategy") + + @property + @pulumi.getter + def digitalocean(self) -> Optional['outputs.ChallengeSpecSolverDns01Digitalocean']: + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "digitalocean") + + @property + @pulumi.getter + def rfc2136(self) -> Optional['outputs.ChallengeSpecSolverDns01Rfc2136']: + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + return pulumi.get(self, "rfc2136") + + @property + @pulumi.getter + def route53(self) -> Optional['outputs.ChallengeSpecSolverDns01Route53']: + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + return pulumi.get(self, "route53") + + @property + @pulumi.getter + def webhook(self) -> Optional['outputs.ChallengeSpecSolverDns01Webhook']: + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + return pulumi.get(self, "webhook") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AcmeDns(dict): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accountSecretRef": + suggest = "account_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01AcmeDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01AcmeDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01AcmeDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + account_secret_ref: 'outputs.ChallengeSpecSolverDns01AcmeDnsAccountSecretRef', + host: str): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01AcmeDnsAccountSecretRefArgs' account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "account_secret_ref", account_secret_ref) + pulumi.set(__self__, "host", host) + + @property + @pulumi.getter(name="accountSecretRef") + def account_secret_ref(self) -> 'outputs.ChallengeSpecSolverDns01AcmeDnsAccountSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "account_secret_ref") + + @property + @pulumi.getter + def host(self) -> str: + return pulumi.get(self, "host") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AcmeDnsAccountSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Akamai(dict): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessTokenSecretRef": + suggest = "access_token_secret_ref" + elif key == "clientSecretSecretRef": + suggest = "client_secret_secret_ref" + elif key == "clientTokenSecretRef": + suggest = "client_token_secret_ref" + elif key == "serviceConsumerDomain": + suggest = "service_consumer_domain" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01Akamai. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01Akamai.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01Akamai.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + access_token_secret_ref: 'outputs.ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef', + client_secret_secret_ref: 'outputs.ChallengeSpecSolverDns01AkamaiClientSecretSecretRef', + client_token_secret_ref: 'outputs.ChallengeSpecSolverDns01AkamaiClientTokenSecretRef', + service_consumer_domain: str): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01AkamaiAccessTokenSecretRefArgs' access_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param 'ChallengeSpecSolverDns01AkamaiClientSecretSecretRefArgs' client_secret_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param 'ChallengeSpecSolverDns01AkamaiClientTokenSecretRefArgs' client_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "access_token_secret_ref", access_token_secret_ref) + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + pulumi.set(__self__, "client_token_secret_ref", client_token_secret_ref) + pulumi.set(__self__, "service_consumer_domain", service_consumer_domain) + + @property + @pulumi.getter(name="accessTokenSecretRef") + def access_token_secret_ref(self) -> 'outputs.ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "access_token_secret_ref") + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> 'outputs.ChallengeSpecSolverDns01AkamaiClientSecretSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @property + @pulumi.getter(name="clientTokenSecretRef") + def client_token_secret_ref(self) -> 'outputs.ChallengeSpecSolverDns01AkamaiClientTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_token_secret_ref") + + @property + @pulumi.getter(name="serviceConsumerDomain") + def service_consumer_domain(self) -> str: + return pulumi.get(self, "service_consumer_domain") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AkamaiClientSecretSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AkamaiClientTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AzureDns(dict): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "resourceGroupName": + suggest = "resource_group_name" + elif key == "subscriptionID": + suggest = "subscription_id" + elif key == "clientID": + suggest = "client_id" + elif key == "clientSecretSecretRef": + suggest = "client_secret_secret_ref" + elif key == "hostedZoneName": + suggest = "hosted_zone_name" + elif key == "managedIdentity": + suggest = "managed_identity" + elif key == "tenantID": + suggest = "tenant_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01AzureDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01AzureDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01AzureDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + resource_group_name: str, + subscription_id: str, + client_id: Optional[str] = None, + client_secret_secret_ref: Optional['outputs.ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef'] = None, + environment: Optional[str] = None, + hosted_zone_name: Optional[str] = None, + managed_identity: Optional['outputs.ChallengeSpecSolverDns01AzureDnsManagedIdentity'] = None, + tenant_id: Optional[str] = None): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param str resource_group_name: resource group the DNS zone is located in + :param str subscription_id: ID of the Azure subscription + :param str client_id: Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + :param 'ChallengeSpecSolverDns01AzureDnsClientSecretSecretRefArgs' client_secret_secret_ref: Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param str environment: name of the Azure environment (default AzurePublicCloud) + :param str hosted_zone_name: name of the DNS zone that should be used + :param 'ChallengeSpecSolverDns01AzureDnsManagedIdentityArgs' managed_identity: Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param str tenant_id: Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + pulumi.set(__self__, "resource_group_name", resource_group_name) + pulumi.set(__self__, "subscription_id", subscription_id) + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret_secret_ref is not None: + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + if environment is not None: + pulumi.set(__self__, "environment", environment) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if managed_identity is not None: + pulumi.set(__self__, "managed_identity", managed_identity) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + + @property + @pulumi.getter(name="resourceGroupName") + def resource_group_name(self) -> str: + """ + resource group the DNS zone is located in + """ + return pulumi.get(self, "resource_group_name") + + @property + @pulumi.getter(name="subscriptionID") + def subscription_id(self) -> str: + """ + ID of the Azure subscription + """ + return pulumi.get(self, "subscription_id") + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[str]: + """ + Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + """ + return pulumi.get(self, "client_id") + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> Optional['outputs.ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef']: + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @property + @pulumi.getter + def environment(self) -> Optional[str]: + """ + name of the Azure environment (default AzurePublicCloud) + """ + return pulumi.get(self, "environment") + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[str]: + """ + name of the DNS zone that should be used + """ + return pulumi.get(self, "hosted_zone_name") + + @property + @pulumi.getter(name="managedIdentity") + def managed_identity(self) -> Optional['outputs.ChallengeSpecSolverDns01AzureDnsManagedIdentity']: + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + return pulumi.get(self, "managed_identity") + + @property + @pulumi.getter(name="tenantID") + def tenant_id(self) -> Optional[str]: + """ + Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + return pulumi.get(self, "tenant_id") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef(dict): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01AzureDnsManagedIdentity(dict): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "clientID": + suggest = "client_id" + elif key == "resourceID": + suggest = "resource_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01AzureDnsManagedIdentity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01AzureDnsManagedIdentity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01AzureDnsManagedIdentity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + client_id: Optional[str] = None, + resource_id: Optional[str] = None): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param str client_id: client ID of the managed identity, can not be used at the same time as resourceID + :param str resource_id: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if resource_id is not None: + pulumi.set(__self__, "resource_id", resource_id) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[str]: + """ + client ID of the managed identity, can not be used at the same time as resourceID + """ + return pulumi.get(self, "client_id") + + @property + @pulumi.getter(name="resourceID") + def resource_id(self) -> Optional[str]: + """ + resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + return pulumi.get(self, "resource_id") + + +@pulumi.output_type +class ChallengeSpecSolverDns01CloudDns(dict): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "hostedZoneName": + suggest = "hosted_zone_name" + elif key == "serviceAccountSecretRef": + suggest = "service_account_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01CloudDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01CloudDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01CloudDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + project: str, + hosted_zone_name: Optional[str] = None, + service_account_secret_ref: Optional['outputs.ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef'] = None): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + :param str hosted_zone_name: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + :param 'ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRefArgs' service_account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "project", project) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if service_account_secret_ref is not None: + pulumi.set(__self__, "service_account_secret_ref", service_account_secret_ref) + + @property + @pulumi.getter + def project(self) -> str: + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[str]: + """ + HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + """ + return pulumi.get(self, "hosted_zone_name") + + @property + @pulumi.getter(name="serviceAccountSecretRef") + def service_account_secret_ref(self) -> Optional['outputs.ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "service_account_secret_ref") + + +@pulumi.output_type +class ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Cloudflare(dict): + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "apiKeySecretRef": + suggest = "api_key_secret_ref" + elif key == "apiTokenSecretRef": + suggest = "api_token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01Cloudflare. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01Cloudflare.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01Cloudflare.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + api_key_secret_ref: Optional['outputs.ChallengeSpecSolverDns01CloudflareApiKeySecretRef'] = None, + api_token_secret_ref: Optional['outputs.ChallengeSpecSolverDns01CloudflareApiTokenSecretRef'] = None, + email: Optional[str] = None): + """ + Use the Cloudflare API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01CloudflareApiKeySecretRefArgs' api_key_secret_ref: API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param 'ChallengeSpecSolverDns01CloudflareApiTokenSecretRefArgs' api_token_secret_ref: API token used to authenticate with Cloudflare. + :param str email: Email of the account, only required when using API key based authentication. + """ + if api_key_secret_ref is not None: + pulumi.set(__self__, "api_key_secret_ref", api_key_secret_ref) + if api_token_secret_ref is not None: + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if email is not None: + pulumi.set(__self__, "email", email) + + @property + @pulumi.getter(name="apiKeySecretRef") + def api_key_secret_ref(self) -> Optional['outputs.ChallengeSpecSolverDns01CloudflareApiKeySecretRef']: + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + return pulumi.get(self, "api_key_secret_ref") + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> Optional['outputs.ChallengeSpecSolverDns01CloudflareApiTokenSecretRef']: + """ + API token used to authenticate with Cloudflare. + """ + return pulumi.get(self, "api_token_secret_ref") + + @property + @pulumi.getter + def email(self) -> Optional[str]: + """ + Email of the account, only required when using API key based authentication. + """ + return pulumi.get(self, "email") + + +@pulumi.output_type +class ChallengeSpecSolverDns01CloudflareApiKeySecretRef(dict): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01CloudflareApiTokenSecretRef(dict): + """ + API token used to authenticate with Cloudflare. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + API token used to authenticate with Cloudflare. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Digitalocean(dict): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tokenSecretRef": + suggest = "token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01Digitalocean. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01Digitalocean.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01Digitalocean.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + token_secret_ref: 'outputs.ChallengeSpecSolverDns01DigitaloceanTokenSecretRef'): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param 'ChallengeSpecSolverDns01DigitaloceanTokenSecretRefArgs' token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> 'outputs.ChallengeSpecSolverDns01DigitaloceanTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "token_secret_ref") + + +@pulumi.output_type +class ChallengeSpecSolverDns01DigitaloceanTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Rfc2136(dict): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tsigAlgorithm": + suggest = "tsig_algorithm" + elif key == "tsigKeyName": + suggest = "tsig_key_name" + elif key == "tsigSecretSecretRef": + suggest = "tsig_secret_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01Rfc2136. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01Rfc2136.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01Rfc2136.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + nameserver: str, + tsig_algorithm: Optional[str] = None, + tsig_key_name: Optional[str] = None, + tsig_secret_secret_ref: Optional['outputs.ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef'] = None): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param str nameserver: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + :param str tsig_algorithm: The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + :param str tsig_key_name: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + :param 'ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRefArgs' tsig_secret_secret_ref: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + pulumi.set(__self__, "nameserver", nameserver) + if tsig_algorithm is not None: + pulumi.set(__self__, "tsig_algorithm", tsig_algorithm) + if tsig_key_name is not None: + pulumi.set(__self__, "tsig_key_name", tsig_key_name) + if tsig_secret_secret_ref is not None: + pulumi.set(__self__, "tsig_secret_secret_ref", tsig_secret_secret_ref) + + @property + @pulumi.getter + def nameserver(self) -> str: + """ + The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + """ + return pulumi.get(self, "nameserver") + + @property + @pulumi.getter(name="tsigAlgorithm") + def tsig_algorithm(self) -> Optional[str]: + """ + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + """ + return pulumi.get(self, "tsig_algorithm") + + @property + @pulumi.getter(name="tsigKeyName") + def tsig_key_name(self) -> Optional[str]: + """ + The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_key_name") + + @property + @pulumi.getter(name="tsigSecretSecretRef") + def tsig_secret_secret_ref(self) -> Optional['outputs.ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef']: + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_secret_secret_ref") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef(dict): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Route53(dict): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessKeyID": + suggest = "access_key_id" + elif key == "accessKeyIDSecretRef": + suggest = "access_key_id_secret_ref" + elif key == "hostedZoneID": + suggest = "hosted_zone_id" + elif key == "secretAccessKeySecretRef": + suggest = "secret_access_key_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01Route53. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01Route53.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01Route53.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + region: str, + access_key_id: Optional[str] = None, + access_key_id_secret_ref: Optional['outputs.ChallengeSpecSolverDns01Route53AccessKeyIdsecretRef'] = None, + hosted_zone_id: Optional[str] = None, + role: Optional[str] = None, + secret_access_key_secret_ref: Optional['outputs.ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef'] = None): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + :param str region: Always set the region when using AccessKeyID and SecretAccessKey + :param str access_key_id: The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param 'ChallengeSpecSolverDns01Route53AccessKeyIdsecretRefArgs' access_key_id_secret_ref: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str hosted_zone_id: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + :param str role: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + :param 'ChallengeSpecSolverDns01Route53SecretAccessKeySecretRefArgs' secret_access_key_secret_ref: The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + pulumi.set(__self__, "region", region) + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if access_key_id_secret_ref is not None: + pulumi.set(__self__, "access_key_id_secret_ref", access_key_id_secret_ref) + if hosted_zone_id is not None: + pulumi.set(__self__, "hosted_zone_id", hosted_zone_id) + if role is not None: + pulumi.set(__self__, "role", role) + if secret_access_key_secret_ref is not None: + pulumi.set(__self__, "secret_access_key_secret_ref", secret_access_key_secret_ref) + + @property + @pulumi.getter + def region(self) -> str: + """ + Always set the region when using AccessKeyID and SecretAccessKey + """ + return pulumi.get(self, "region") + + @property + @pulumi.getter(name="accessKeyID") + def access_key_id(self) -> Optional[str]: + """ + The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id") + + @property + @pulumi.getter(name="accessKeyIDSecretRef") + def access_key_id_secret_ref(self) -> Optional['outputs.ChallengeSpecSolverDns01Route53AccessKeyIdsecretRef']: + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id_secret_ref") + + @property + @pulumi.getter(name="hostedZoneID") + def hosted_zone_id(self) -> Optional[str]: + """ + If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + """ + return pulumi.get(self, "hosted_zone_id") + + @property + @pulumi.getter + def role(self) -> Optional[str]: + """ + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + """ + return pulumi.get(self, "role") + + @property + @pulumi.getter(name="secretAccessKeySecretRef") + def secret_access_key_secret_ref(self) -> Optional['outputs.ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef']: + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "secret_access_key_secret_ref") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Route53AccessKeyIdsecretRef(dict): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef(dict): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ChallengeSpecSolverDns01Webhook(dict): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupName": + suggest = "group_name" + elif key == "solverName": + suggest = "solver_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverDns01Webhook. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverDns01Webhook.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverDns01Webhook.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + group_name: str, + solver_name: str, + config: Optional[Mapping[str, Any]] = None): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + :param str group_name: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + :param str solver_name: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + :param Mapping[str, Any] config: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + pulumi.set(__self__, "group_name", group_name) + pulumi.set(__self__, "solver_name", solver_name) + if config is not None: + pulumi.set(__self__, "config", config) + + @property + @pulumi.getter(name="groupName") + def group_name(self) -> str: + """ + The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + """ + return pulumi.get(self, "group_name") + + @property + @pulumi.getter(name="solverName") + def solver_name(self) -> str: + """ + The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + """ + return pulumi.get(self, "solver_name") + + @property + @pulumi.getter + def config(self) -> Optional[Mapping[str, Any]]: + """ + Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + return pulumi.get(self, "config") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01(dict): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "gatewayHTTPRoute": + suggest = "gateway_http_route" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + gateway_http_route: Optional['outputs.ChallengeSpecSolverHttp01GatewayHttproute'] = None, + ingress: Optional['outputs.ChallengeSpecSolverHttp01Ingress'] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param 'ChallengeSpecSolverHttp01GatewayHttprouteArgs' gateway_http_route: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param 'ChallengeSpecSolverHttp01IngressArgs' ingress: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + if gateway_http_route is not None: + pulumi.set(__self__, "gateway_http_route", gateway_http_route) + if ingress is not None: + pulumi.set(__self__, "ingress", ingress) + + @property + @pulumi.getter(name="gatewayHTTPRoute") + def gateway_http_route(self) -> Optional['outputs.ChallengeSpecSolverHttp01GatewayHttproute']: + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + return pulumi.get(self, "gateway_http_route") + + @property + @pulumi.getter + def ingress(self) -> Optional['outputs.ChallengeSpecSolverHttp01Ingress']: + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + return pulumi.get(self, "ingress") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01GatewayHttproute(dict): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "parentRefs": + suggest = "parent_refs" + elif key == "serviceType": + suggest = "service_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01GatewayHttproute. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01GatewayHttproute.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01GatewayHttproute.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + labels: Optional[Mapping[str, str]] = None, + parent_refs: Optional[Sequence['outputs.ChallengeSpecSolverHttp01GatewayHttprouteParentRefs']] = None, + service_type: Optional[str] = None): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param Mapping[str, str] labels: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + :param Sequence['ChallengeSpecSolverHttp01GatewayHttprouteParentRefsArgs'] parent_refs: When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + :param str service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if labels is not None: + pulumi.set(__self__, "labels", labels) + if parent_refs is not None: + pulumi.set(__self__, "parent_refs", parent_refs) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter(name="parentRefs") + def parent_refs(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01GatewayHttprouteParentRefs']]: + """ + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + """ + return pulumi.get(self, "parent_refs") + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[str]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01GatewayHttprouteParentRefs(dict): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "sectionName": + suggest = "section_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01GatewayHttprouteParentRefs. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01GatewayHttprouteParentRefs.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01GatewayHttprouteParentRefs.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + name: str, + group: Optional[str] = None, + kind: Optional[str] = None, + namespace: Optional[str] = None, + port: Optional[int] = None, + section_name: Optional[str] = None): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + :param str name: Name is the name of the referent. + Support: Core + :param str group: Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + :param str kind: Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + :param str namespace: Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + :param int port: Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + :param str section_name: SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + pulumi.set(__self__, "name", name) + if group is None: + group = 'gateway.networking.k8s.io' + if group is not None: + pulumi.set(__self__, "group", group) + if kind is None: + kind = 'Gateway' + if kind is not None: + pulumi.set(__self__, "kind", kind) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if port is not None: + pulumi.set(__self__, "port", port) + if section_name is not None: + pulumi.set(__self__, "section_name", section_name) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name is the name of the referent. + Support: Core + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def group(self) -> Optional[str]: + """ + Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + """ + return pulumi.get(self, "group") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + """ + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def namespace(self) -> Optional[str]: + """ + Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter + def port(self) -> Optional[int]: + """ + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + """ + return pulumi.get(self, "port") + + @property + @pulumi.getter(name="sectionName") + def section_name(self) -> Optional[str]: + """ + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + return pulumi.get(self, "section_name") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01Ingress(dict): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "class": + suggest = "class_" + elif key == "ingressClassName": + suggest = "ingress_class_name" + elif key == "ingressTemplate": + suggest = "ingress_template" + elif key == "podTemplate": + suggest = "pod_template" + elif key == "serviceType": + suggest = "service_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01Ingress. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01Ingress.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01Ingress.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + class_: Optional[str] = None, + ingress_class_name: Optional[str] = None, + ingress_template: Optional['outputs.ChallengeSpecSolverHttp01IngressIngressTemplate'] = None, + name: Optional[str] = None, + pod_template: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplate'] = None, + service_type: Optional[str] = None): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + :param str class_: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + :param str ingress_class_name: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + :param 'ChallengeSpecSolverHttp01IngressIngressTemplateArgs' ingress_template: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param str name: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateArgs' pod_template: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param str service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if class_ is not None: + pulumi.set(__self__, "class_", class_) + if ingress_class_name is not None: + pulumi.set(__self__, "ingress_class_name", ingress_class_name) + if ingress_template is not None: + pulumi.set(__self__, "ingress_template", ingress_template) + if name is not None: + pulumi.set(__self__, "name", name) + if pod_template is not None: + pulumi.set(__self__, "pod_template", pod_template) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter(name="class") + def class_(self) -> Optional[str]: + """ + This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "class_") + + @property + @pulumi.getter(name="ingressClassName") + def ingress_class_name(self) -> Optional[str]: + """ + This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "ingress_class_name") + + @property + @pulumi.getter(name="ingressTemplate") + def ingress_template(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressIngressTemplate']: + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + return pulumi.get(self, "ingress_template") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="podTemplate") + def pod_template(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplate']: + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + return pulumi.get(self, "pod_template") + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[str]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressIngressTemplate(dict): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + def __init__(__self__, *, + metadata: Optional['outputs.ChallengeSpecSolverHttp01IngressIngressTemplateMetadata'] = None): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param 'ChallengeSpecSolverHttp01IngressIngressTemplateMetadataArgs' metadata: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + + @property + @pulumi.getter + def metadata(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressIngressTemplateMetadata']: + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressIngressTemplateMetadata(dict): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + def __init__(__self__, *, + annotations: Optional[Mapping[str, str]] = None, + labels: Optional[Mapping[str, str]] = None): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param Mapping[str, str] annotations: Annotations that should be added to the created ACME HTTP01 solver ingress. + :param Mapping[str, str] labels: Labels that should be added to the created ACME HTTP01 solver ingress. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[Mapping[str, str]]: + """ + Annotations that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Labels that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplate(dict): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + def __init__(__self__, *, + metadata: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateMetadata'] = None, + spec: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpec'] = None): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateMetadataArgs' metadata: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecArgs' spec: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + + @property + @pulumi.getter + def metadata(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateMetadata']: + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpec']: + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + return pulumi.get(self, "spec") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateMetadata(dict): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + def __init__(__self__, *, + annotations: Optional[Mapping[str, str]] = None, + labels: Optional[Mapping[str, str]] = None): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param Mapping[str, str] annotations: Annotations that should be added to the create ACME HTTP01 solver pods. + :param Mapping[str, str] labels: Labels that should be added to the created ACME HTTP01 solver pods. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[Mapping[str, str]]: + """ + Annotations that should be added to the create ACME HTTP01 solver pods. + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Labels that should be added to the created ACME HTTP01 solver pods. + """ + return pulumi.get(self, "labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpec(dict): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "imagePullSecrets": + suggest = "image_pull_secrets" + elif key == "nodeSelector": + suggest = "node_selector" + elif key == "priorityClassName": + suggest = "priority_class_name" + elif key == "serviceAccountName": + suggest = "service_account_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + affinity: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity'] = None, + image_pull_secrets: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecrets']] = None, + node_selector: Optional[Mapping[str, str]] = None, + priority_class_name: Optional[str] = None, + service_account_name: Optional[str] = None, + tolerations: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations']] = None): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityArgs' affinity: If specified, the pod's scheduling constraints + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecretsArgs'] image_pull_secrets: If specified, the pod's imagePullSecrets + :param Mapping[str, str] node_selector: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + :param str priority_class_name: If specified, the pod's priorityClassName. + :param str service_account_name: If specified, the pod's service account + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerationsArgs'] tolerations: If specified, the pod's tolerations. + """ + if affinity is not None: + pulumi.set(__self__, "affinity", affinity) + if image_pull_secrets is not None: + pulumi.set(__self__, "image_pull_secrets", image_pull_secrets) + if node_selector is not None: + pulumi.set(__self__, "node_selector", node_selector) + if priority_class_name is not None: + pulumi.set(__self__, "priority_class_name", priority_class_name) + if service_account_name is not None: + pulumi.set(__self__, "service_account_name", service_account_name) + if tolerations is not None: + pulumi.set(__self__, "tolerations", tolerations) + + @property + @pulumi.getter + def affinity(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity']: + """ + If specified, the pod's scheduling constraints + """ + return pulumi.get(self, "affinity") + + @property + @pulumi.getter(name="imagePullSecrets") + def image_pull_secrets(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecrets']]: + """ + If specified, the pod's imagePullSecrets + """ + return pulumi.get(self, "image_pull_secrets") + + @property + @pulumi.getter(name="nodeSelector") + def node_selector(self) -> Optional[Mapping[str, str]]: + """ + NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + """ + return pulumi.get(self, "node_selector") + + @property + @pulumi.getter(name="priorityClassName") + def priority_class_name(self) -> Optional[str]: + """ + If specified, the pod's priorityClassName. + """ + return pulumi.get(self, "priority_class_name") + + @property + @pulumi.getter(name="serviceAccountName") + def service_account_name(self) -> Optional[str]: + """ + If specified, the pod's service account + """ + return pulumi.get(self, "service_account_name") + + @property + @pulumi.getter + def tolerations(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations']]: + """ + If specified, the pod's tolerations. + """ + return pulumi.get(self, "tolerations") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity(dict): + """ + If specified, the pod's scheduling constraints + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "nodeAffinity": + suggest = "node_affinity" + elif key == "podAffinity": + suggest = "pod_affinity" + elif key == "podAntiAffinity": + suggest = "pod_anti_affinity" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + node_affinity: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity'] = None, + pod_affinity: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity'] = None, + pod_anti_affinity: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity'] = None): + """ + If specified, the pod's scheduling constraints + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs' node_affinity: Describes node affinity scheduling rules for the pod. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityArgs' pod_affinity: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs' pod_anti_affinity: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + if node_affinity is not None: + pulumi.set(__self__, "node_affinity", node_affinity) + if pod_affinity is not None: + pulumi.set(__self__, "pod_affinity", pod_affinity) + if pod_anti_affinity is not None: + pulumi.set(__self__, "pod_anti_affinity", pod_anti_affinity) + + @property + @pulumi.getter(name="nodeAffinity") + def node_affinity(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity']: + """ + Describes node affinity scheduling rules for the pod. + """ + return pulumi.get(self, "node_affinity") + + @property + @pulumi.getter(name="podAffinity") + def pod_affinity(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity']: + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_affinity") + + @property + @pulumi.getter(name="podAntiAffinity") + def pod_anti_affinity(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity']: + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_anti_affinity") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity(dict): + """ + Describes node affinity scheduling rules for the pod. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution'] = None): + """ + Describes node affinity scheduling rules for the pod. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs' required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution']: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + """ + def __init__(__self__, *, + preference: 'outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference', + weight: int): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs' preference: A node selector term, associated with the corresponding weight. + :param int weight: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + pulumi.set(__self__, "preference", preference) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter + def preference(self) -> 'outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference': + """ + A node selector term, associated with the corresponding weight. + """ + return pulumi.get(self, "preference") + + @property + @pulumi.getter + def weight(self) -> int: + """ + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(dict): + """ + A node selector term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchFields": + suggest = "match_fields" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions']] = None, + match_fields: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields']] = None): + """ + A node selector term, associated with the corresponding weight. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs'] match_expressions: A list of node selector requirements by node's labels. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs'] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions']]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields']]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "nodeSelectorTerms": + suggest = "node_selector_terms" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + node_selector_terms: Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms']): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs'] node_selector_terms: Required. A list of node selector terms. The terms are ORed. + """ + pulumi.set(__self__, "node_selector_terms", node_selector_terms) + + @property + @pulumi.getter(name="nodeSelectorTerms") + def node_selector_terms(self) -> Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms']: + """ + Required. A list of node selector terms. The terms are ORed. + """ + return pulumi.get(self, "node_selector_terms") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(dict): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchFields": + suggest = "match_fields" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions']] = None, + match_fields: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields']] = None): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs'] match_expressions: A list of node selector requirements by node's labels. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs'] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions']]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields']]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity(dict): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution']] = None): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution']]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "podAffinityTerm": + suggest = "pod_affinity_term" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + pod_affinity_term: 'outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + weight: int): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs' pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param int weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> 'outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm': + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @property + @pulumi.getter + def weight(self) -> int: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(dict): + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(dict): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution']] = None): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution']]: + """ + If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "podAffinityTerm": + suggest = "pod_affinity_term" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + pod_affinity_term: 'outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + weight: int): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs' pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param int weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> 'outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm': + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @property + @pulumi.getter + def weight(self) -> int: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(dict): + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecImagePullSecrets(dict): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + """ + def __init__(__self__, *, + name: Optional[str] = None): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + :param str name: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations(dict): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tolerationSeconds": + suggest = "toleration_seconds" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + effect: Optional[str] = None, + key: Optional[str] = None, + operator: Optional[str] = None, + toleration_seconds: Optional[int] = None, + value: Optional[str] = None): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + :param str effect: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + :param str key: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + :param str operator: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + :param int toleration_seconds: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + :param str value: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + if effect is not None: + pulumi.set(__self__, "effect", effect) + if key is not None: + pulumi.set(__self__, "key", key) + if operator is not None: + pulumi.set(__self__, "operator", operator) + if toleration_seconds is not None: + pulumi.set(__self__, "toleration_seconds", toleration_seconds) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def effect(self) -> Optional[str]: + """ + Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + """ + return pulumi.get(self, "effect") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> Optional[str]: + """ + Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter(name="tolerationSeconds") + def toleration_seconds(self) -> Optional[int]: + """ + TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + """ + return pulumi.get(self, "toleration_seconds") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + """ + Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + return pulumi.get(self, "value") + + +@pulumi.output_type +class ChallengeSpecSolverSelector(dict): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "dnsNames": + suggest = "dns_names" + elif key == "dnsZones": + suggest = "dns_zones" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ChallengeSpecSolverSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ChallengeSpecSolverSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ChallengeSpecSolverSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + dns_names: Optional[Sequence[str]] = None, + dns_zones: Optional[Sequence[str]] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + :param Sequence[str] dns_names: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param Sequence[str] dns_zones: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param Mapping[str, str] match_labels: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if dns_zones is not None: + pulumi.set(__self__, "dns_zones", dns_zones) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[Sequence[str]]: + """ + List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_names") + + @property + @pulumi.getter(name="dnsZones") + def dns_zones(self) -> Optional[Sequence[str]]: + """ + List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_zones") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ChallengeStatus(dict): + def __init__(__self__, *, + presented: Optional[bool] = None, + processing: Optional[bool] = None, + reason: Optional[str] = None, + state: Optional[str] = None): + """ + :param bool presented: presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured). + :param bool processing: Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action. + :param str reason: Contains human readable information on why the Challenge is in the current state. + :param str state: Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown. + """ + if presented is not None: + pulumi.set(__self__, "presented", presented) + if processing is not None: + pulumi.set(__self__, "processing", processing) + if reason is not None: + pulumi.set(__self__, "reason", reason) + if state is not None: + pulumi.set(__self__, "state", state) + + @property + @pulumi.getter + def presented(self) -> Optional[bool]: + """ + presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured). + """ + return pulumi.get(self, "presented") + + @property + @pulumi.getter + def processing(self) -> Optional[bool]: + """ + Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action. + """ + return pulumi.get(self, "processing") + + @property + @pulumi.getter + def reason(self) -> Optional[str]: + """ + Contains human readable information on why the Challenge is in the current state. + """ + return pulumi.get(self, "reason") + + @property + @pulumi.getter + def state(self) -> Optional[str]: + """ + Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown. + """ + return pulumi.get(self, "state") + + +@pulumi.output_type +class OrderSpec(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "issuerRef": + suggest = "issuer_ref" + elif key == "commonName": + suggest = "common_name" + elif key == "dnsNames": + suggest = "dns_names" + elif key == "ipAddresses": + suggest = "ip_addresses" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in OrderSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + OrderSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + OrderSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + issuer_ref: 'outputs.OrderSpecIssuerRef', + request: str, + common_name: Optional[str] = None, + dns_names: Optional[Sequence[str]] = None, + duration: Optional[str] = None, + ip_addresses: Optional[Sequence[str]] = None): + """ + :param 'OrderSpecIssuerRefArgs' issuer_ref: IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + :param str request: Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. + :param str common_name: CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. + :param Sequence[str] dns_names: DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + :param str duration: Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. + :param Sequence[str] ip_addresses: IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + """ + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "request", request) + if common_name is not None: + pulumi.set(__self__, "common_name", common_name) + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if ip_addresses is not None: + pulumi.set(__self__, "ip_addresses", ip_addresses) + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> 'outputs.OrderSpecIssuerRef': + """ + IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + """ + return pulumi.get(self, "issuer_ref") + + @property + @pulumi.getter + def request(self) -> str: + """ + Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. + """ + return pulumi.get(self, "request") + + @property + @pulumi.getter(name="commonName") + def common_name(self) -> Optional[str]: + """ + CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. + """ + return pulumi.get(self, "common_name") + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[Sequence[str]]: + """ + DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + """ + return pulumi.get(self, "dns_names") + + @property + @pulumi.getter + def duration(self) -> Optional[str]: + """ + Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. + """ + return pulumi.get(self, "duration") + + @property + @pulumi.getter(name="ipAddresses") + def ip_addresses(self) -> Optional[Sequence[str]]: + """ + IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + """ + return pulumi.get(self, "ip_addresses") + + +@pulumi.output_type +class OrderSpecIssuerRef(dict): + """ + IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + """ + def __init__(__self__, *, + name: str, + group: Optional[str] = None, + kind: Optional[str] = None): + """ + IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + :param str name: Name of the resource being referred to. + :param str group: Group of the resource being referred to. + :param str kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def group(self) -> Optional[str]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + +@pulumi.output_type +class OrderStatus(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "failureTime": + suggest = "failure_time" + elif key == "finalizeURL": + suggest = "finalize_url" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in OrderStatus. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + OrderStatus.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + OrderStatus.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + authorizations: Optional[Sequence['outputs.OrderStatusAuthorizations']] = None, + certificate: Optional[str] = None, + failure_time: Optional[str] = None, + finalize_url: Optional[str] = None, + reason: Optional[str] = None, + state: Optional[str] = None, + url: Optional[str] = None): + """ + :param Sequence['OrderStatusAuthorizationsArgs'] authorizations: Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order. + :param str certificate: Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state. + :param str failure_time: FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off. + :param str finalize_url: FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed. + :param str reason: Reason optionally provides more information about a why the order is in the current state. + :param str state: State contains the current state of this Order resource. States 'success' and 'expired' are 'final' + :param str url: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set. + """ + if authorizations is not None: + pulumi.set(__self__, "authorizations", authorizations) + if certificate is not None: + pulumi.set(__self__, "certificate", certificate) + if failure_time is not None: + pulumi.set(__self__, "failure_time", failure_time) + if finalize_url is not None: + pulumi.set(__self__, "finalize_url", finalize_url) + if reason is not None: + pulumi.set(__self__, "reason", reason) + if state is not None: + pulumi.set(__self__, "state", state) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter + def authorizations(self) -> Optional[Sequence['outputs.OrderStatusAuthorizations']]: + """ + Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order. + """ + return pulumi.get(self, "authorizations") + + @property + @pulumi.getter + def certificate(self) -> Optional[str]: + """ + Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state. + """ + return pulumi.get(self, "certificate") + + @property + @pulumi.getter(name="failureTime") + def failure_time(self) -> Optional[str]: + """ + FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off. + """ + return pulumi.get(self, "failure_time") + + @property + @pulumi.getter(name="finalizeURL") + def finalize_url(self) -> Optional[str]: + """ + FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed. + """ + return pulumi.get(self, "finalize_url") + + @property + @pulumi.getter + def reason(self) -> Optional[str]: + """ + Reason optionally provides more information about a why the order is in the current state. + """ + return pulumi.get(self, "reason") + + @property + @pulumi.getter + def state(self) -> Optional[str]: + """ + State contains the current state of this Order resource. States 'success' and 'expired' are 'final' + """ + return pulumi.get(self, "state") + + @property + @pulumi.getter + def url(self) -> Optional[str]: + """ + URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set. + """ + return pulumi.get(self, "url") + + +@pulumi.output_type +class OrderStatusAuthorizations(dict): + """ + ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "initialState": + suggest = "initial_state" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in OrderStatusAuthorizations. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + OrderStatusAuthorizations.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + OrderStatusAuthorizations.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + url: str, + challenges: Optional[Sequence['outputs.OrderStatusAuthorizationsChallenges']] = None, + identifier: Optional[str] = None, + initial_state: Optional[str] = None, + wildcard: Optional[bool] = None): + """ + ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource. + :param str url: URL is the URL of the Authorization that must be completed + :param Sequence['OrderStatusAuthorizationsChallengesArgs'] challenges: Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process. + :param str identifier: Identifier is the DNS name to be validated as part of this authorization + :param str initial_state: InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created. + :param bool wildcard: Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'. + """ + pulumi.set(__self__, "url", url) + if challenges is not None: + pulumi.set(__self__, "challenges", challenges) + if identifier is not None: + pulumi.set(__self__, "identifier", identifier) + if initial_state is not None: + pulumi.set(__self__, "initial_state", initial_state) + if wildcard is not None: + pulumi.set(__self__, "wildcard", wildcard) + + @property + @pulumi.getter + def url(self) -> str: + """ + URL is the URL of the Authorization that must be completed + """ + return pulumi.get(self, "url") + + @property + @pulumi.getter + def challenges(self) -> Optional[Sequence['outputs.OrderStatusAuthorizationsChallenges']]: + """ + Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process. + """ + return pulumi.get(self, "challenges") + + @property + @pulumi.getter + def identifier(self) -> Optional[str]: + """ + Identifier is the DNS name to be validated as part of this authorization + """ + return pulumi.get(self, "identifier") + + @property + @pulumi.getter(name="initialState") + def initial_state(self) -> Optional[str]: + """ + InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created. + """ + return pulumi.get(self, "initial_state") + + @property + @pulumi.getter + def wildcard(self) -> Optional[bool]: + """ + Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'. + """ + return pulumi.get(self, "wildcard") + + +@pulumi.output_type +class OrderStatusAuthorizationsChallenges(dict): + """ + Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process. + """ + def __init__(__self__, *, + token: str, + type: str, + url: str): + """ + Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process. + :param str token: Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented. + :param str type: Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored. + :param str url: URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server. + """ + pulumi.set(__self__, "token", token) + pulumi.set(__self__, "type", type) + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter + def token(self) -> str: + """ + Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented. + """ + return pulumi.get(self, "token") + + @property + @pulumi.getter + def type(self) -> str: + """ + Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored. + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter + def url(self) -> str: + """ + URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server. + """ + return pulumi.get(self, "url") + + diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/__init__.py b/sdk/python/pulumi_cert_manager_resources/certmanager/__init__.py new file mode 100644 index 0000000..7a9aba9 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/__init__.py @@ -0,0 +1,14 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from .. import _utilities +import typing + +# Make subpackages available: +if typing.TYPE_CHECKING: + import pulumi_cert_manager_resources.certmanager.v1 as __v1 + v1 = __v1 +else: + v1 = _utilities.lazy_import('pulumi_cert_manager.certmanager.v1') + diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/v1/Certificate.py b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/Certificate.py new file mode 100644 index 0000000..6edadf9 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/Certificate.py @@ -0,0 +1,216 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs +from ... import meta as _meta +from ._inputs import * + +__all__ = ['CertificateArgs', 'Certificate'] + +@pulumi.input_type +class CertificateArgs: + def __init__(__self__, *, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']] = None, + spec: Optional[pulumi.Input['CertificateSpecArgs']] = None, + status: Optional[pulumi.Input['CertificateStatusArgs']] = None): + """ + The set of arguments for constructing a Certificate resource. + :param pulumi.Input['CertificateSpecArgs'] spec: Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input['CertificateStatusArgs'] status: Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + if api_version is not None: + pulumi.set(__self__, "api_version", 'cert-manager.io/v1') + if kind is not None: + pulumi.set(__self__, "kind", 'Certificate') + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + if status is not None: + pulumi.set(__self__, "status", status) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "api_version") + + @api_version.setter + def api_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "api_version", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]: + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['CertificateSpecArgs']]: + """ + Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['CertificateSpecArgs']]): + pulumi.set(self, "spec", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input['CertificateStatusArgs']]: + """ + Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input['CertificateStatusArgs']]): + pulumi.set(self, "status", value) + + +class Certificate(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['CertificateSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['CertificateStatusArgs']]] = None, + __props__=None): + """ + A Certificate resource should be created to ensure an up to date and signed X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. + The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['CertificateSpecArgs']] spec: Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input[pulumi.InputType['CertificateStatusArgs']] status: Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[CertificateArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + A Certificate resource should be created to ensure an up to date and signed X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. + The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). + + :param str resource_name: The name of the resource. + :param CertificateArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(CertificateArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['CertificateSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['CertificateStatusArgs']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = CertificateArgs.__new__(CertificateArgs) + + __props__.__dict__["api_version"] = 'cert-manager.io/v1' + __props__.__dict__["kind"] = 'Certificate' + __props__.__dict__["metadata"] = metadata + __props__.__dict__["spec"] = spec + __props__.__dict__["status"] = status + super(Certificate, __self__).__init__( + 'kubernetes:cert-manager.io/v1:Certificate', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'Certificate': + """ + Get an existing Certificate resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = CertificateArgs.__new__(CertificateArgs) + + __props__.__dict__["api_version"] = None + __props__.__dict__["kind"] = None + __props__.__dict__["metadata"] = None + __props__.__dict__["spec"] = None + __props__.__dict__["status"] = None + return Certificate(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "api_version") + + @property + @pulumi.getter + def kind(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def metadata(self) -> pulumi.Output[Optional['_meta.v1.outputs.ObjectMeta']]: + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> pulumi.Output[Optional['outputs.CertificateSpec']]: + """ + Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "spec") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[Optional['outputs.CertificateStatus']]: + """ + Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "status") + diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/v1/CertificateRequest.py b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/CertificateRequest.py new file mode 100644 index 0000000..f66226a --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/CertificateRequest.py @@ -0,0 +1,218 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs +from ... import meta as _meta +from ._inputs import * + +__all__ = ['CertificateRequestArgs', 'CertificateRequest'] + +@pulumi.input_type +class CertificateRequestArgs: + def __init__(__self__, *, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']] = None, + spec: Optional[pulumi.Input['CertificateRequestSpecArgs']] = None, + status: Optional[pulumi.Input['CertificateRequestStatusArgs']] = None): + """ + The set of arguments for constructing a CertificateRequest resource. + :param pulumi.Input['CertificateRequestSpecArgs'] spec: Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input['CertificateRequestStatusArgs'] status: Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + if api_version is not None: + pulumi.set(__self__, "api_version", 'cert-manager.io/v1') + if kind is not None: + pulumi.set(__self__, "kind", 'CertificateRequest') + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + if status is not None: + pulumi.set(__self__, "status", status) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "api_version") + + @api_version.setter + def api_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "api_version", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]: + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['CertificateRequestSpecArgs']]: + """ + Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['CertificateRequestSpecArgs']]): + pulumi.set(self, "spec", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input['CertificateRequestStatusArgs']]: + """ + Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input['CertificateRequestStatusArgs']]): + pulumi.set(self, "status", value) + + +class CertificateRequest(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['CertificateRequestSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['CertificateRequestStatusArgs']]] = None, + __props__=None): + """ + A CertificateRequest is used to request a signed certificate from one of the configured issuers. + All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `Ready` status condition and its `status.failureTime` field. + A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['CertificateRequestSpecArgs']] spec: Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input[pulumi.InputType['CertificateRequestStatusArgs']] status: Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[CertificateRequestArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + A CertificateRequest is used to request a signed certificate from one of the configured issuers. + All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `Ready` status condition and its `status.failureTime` field. + A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used. + + :param str resource_name: The name of the resource. + :param CertificateRequestArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(CertificateRequestArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['CertificateRequestSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['CertificateRequestStatusArgs']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = CertificateRequestArgs.__new__(CertificateRequestArgs) + + __props__.__dict__["api_version"] = 'cert-manager.io/v1' + __props__.__dict__["kind"] = 'CertificateRequest' + __props__.__dict__["metadata"] = metadata + __props__.__dict__["spec"] = spec + __props__.__dict__["status"] = status + super(CertificateRequest, __self__).__init__( + 'kubernetes:cert-manager.io/v1:CertificateRequest', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'CertificateRequest': + """ + Get an existing CertificateRequest resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = CertificateRequestArgs.__new__(CertificateRequestArgs) + + __props__.__dict__["api_version"] = None + __props__.__dict__["kind"] = None + __props__.__dict__["metadata"] = None + __props__.__dict__["spec"] = None + __props__.__dict__["status"] = None + return CertificateRequest(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "api_version") + + @property + @pulumi.getter + def kind(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def metadata(self) -> pulumi.Output[Optional['_meta.v1.outputs.ObjectMeta']]: + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> pulumi.Output[Optional['outputs.CertificateRequestSpec']]: + """ + Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "spec") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[Optional['outputs.CertificateRequestStatus']]: + """ + Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + return pulumi.get(self, "status") + diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/v1/ClusterIssuer.py b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/ClusterIssuer.py new file mode 100644 index 0000000..40ea647 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/ClusterIssuer.py @@ -0,0 +1,214 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs +from ... import meta as _meta +from ._inputs import * + +__all__ = ['ClusterIssuerArgs', 'ClusterIssuer'] + +@pulumi.input_type +class ClusterIssuerArgs: + def __init__(__self__, *, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']] = None, + spec: Optional[pulumi.Input['ClusterIssuerSpecArgs']] = None, + status: Optional[pulumi.Input['ClusterIssuerStatusArgs']] = None): + """ + The set of arguments for constructing a ClusterIssuer resource. + :param pulumi.Input['ClusterIssuerSpecArgs'] spec: Desired state of the ClusterIssuer resource. + :param pulumi.Input['ClusterIssuerStatusArgs'] status: Status of the ClusterIssuer. This is set and managed automatically. + """ + if api_version is not None: + pulumi.set(__self__, "api_version", 'cert-manager.io/v1') + if kind is not None: + pulumi.set(__self__, "kind", 'ClusterIssuer') + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + if status is not None: + pulumi.set(__self__, "status", status) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "api_version") + + @api_version.setter + def api_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "api_version", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]: + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['ClusterIssuerSpecArgs']]: + """ + Desired state of the ClusterIssuer resource. + """ + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['ClusterIssuerSpecArgs']]): + pulumi.set(self, "spec", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input['ClusterIssuerStatusArgs']]: + """ + Status of the ClusterIssuer. This is set and managed automatically. + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input['ClusterIssuerStatusArgs']]): + pulumi.set(self, "status", value) + + +class ClusterIssuer(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['ClusterIssuerSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['ClusterIssuerStatusArgs']]] = None, + __props__=None): + """ + A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['ClusterIssuerSpecArgs']] spec: Desired state of the ClusterIssuer resource. + :param pulumi.Input[pulumi.InputType['ClusterIssuerStatusArgs']] status: Status of the ClusterIssuer. This is set and managed automatically. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[ClusterIssuerArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent. + + :param str resource_name: The name of the resource. + :param ClusterIssuerArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(ClusterIssuerArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['ClusterIssuerSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['ClusterIssuerStatusArgs']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = ClusterIssuerArgs.__new__(ClusterIssuerArgs) + + __props__.__dict__["api_version"] = 'cert-manager.io/v1' + __props__.__dict__["kind"] = 'ClusterIssuer' + __props__.__dict__["metadata"] = metadata + __props__.__dict__["spec"] = spec + __props__.__dict__["status"] = status + super(ClusterIssuer, __self__).__init__( + 'kubernetes:cert-manager.io/v1:ClusterIssuer', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'ClusterIssuer': + """ + Get an existing ClusterIssuer resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = ClusterIssuerArgs.__new__(ClusterIssuerArgs) + + __props__.__dict__["api_version"] = None + __props__.__dict__["kind"] = None + __props__.__dict__["metadata"] = None + __props__.__dict__["spec"] = None + __props__.__dict__["status"] = None + return ClusterIssuer(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "api_version") + + @property + @pulumi.getter + def kind(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def metadata(self) -> pulumi.Output[Optional['_meta.v1.outputs.ObjectMeta']]: + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> pulumi.Output['outputs.ClusterIssuerSpec']: + """ + Desired state of the ClusterIssuer resource. + """ + return pulumi.get(self, "spec") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[Optional['outputs.ClusterIssuerStatus']]: + """ + Status of the ClusterIssuer. This is set and managed automatically. + """ + return pulumi.get(self, "status") + diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/v1/Issuer.py b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/Issuer.py new file mode 100644 index 0000000..d9ae397 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/Issuer.py @@ -0,0 +1,214 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs +from ... import meta as _meta +from ._inputs import * + +__all__ = ['IssuerArgs', 'Issuer'] + +@pulumi.input_type +class IssuerArgs: + def __init__(__self__, *, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']] = None, + spec: Optional[pulumi.Input['IssuerSpecArgs']] = None, + status: Optional[pulumi.Input['IssuerStatusArgs']] = None): + """ + The set of arguments for constructing a Issuer resource. + :param pulumi.Input['IssuerSpecArgs'] spec: Desired state of the Issuer resource. + :param pulumi.Input['IssuerStatusArgs'] status: Status of the Issuer. This is set and managed automatically. + """ + if api_version is not None: + pulumi.set(__self__, "api_version", 'cert-manager.io/v1') + if kind is not None: + pulumi.set(__self__, "kind", 'Issuer') + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + if status is not None: + pulumi.set(__self__, "status", status) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "api_version") + + @api_version.setter + def api_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "api_version", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]: + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['_meta.v1.ObjectMetaArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['IssuerSpecArgs']]: + """ + Desired state of the Issuer resource. + """ + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['IssuerSpecArgs']]): + pulumi.set(self, "spec", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input['IssuerStatusArgs']]: + """ + Status of the Issuer. This is set and managed automatically. + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input['IssuerStatusArgs']]): + pulumi.set(self, "status", value) + + +class Issuer(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['IssuerSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['IssuerStatusArgs']]] = None, + __props__=None): + """ + An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['IssuerSpecArgs']] spec: Desired state of the Issuer resource. + :param pulumi.Input[pulumi.InputType['IssuerStatusArgs']] status: Status of the Issuer. This is set and managed automatically. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[IssuerArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace. + + :param str resource_name: The name of the resource. + :param IssuerArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(IssuerArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + api_version: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[pulumi.InputType['_meta.v1.ObjectMetaArgs']]] = None, + spec: Optional[pulumi.Input[pulumi.InputType['IssuerSpecArgs']]] = None, + status: Optional[pulumi.Input[pulumi.InputType['IssuerStatusArgs']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = IssuerArgs.__new__(IssuerArgs) + + __props__.__dict__["api_version"] = 'cert-manager.io/v1' + __props__.__dict__["kind"] = 'Issuer' + __props__.__dict__["metadata"] = metadata + __props__.__dict__["spec"] = spec + __props__.__dict__["status"] = status + super(Issuer, __self__).__init__( + 'kubernetes:cert-manager.io/v1:Issuer', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'Issuer': + """ + Get an existing Issuer resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = IssuerArgs.__new__(IssuerArgs) + + __props__.__dict__["api_version"] = None + __props__.__dict__["kind"] = None + __props__.__dict__["metadata"] = None + __props__.__dict__["spec"] = None + __props__.__dict__["status"] = None + return Issuer(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="apiVersion") + def api_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "api_version") + + @property + @pulumi.getter + def kind(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def metadata(self) -> pulumi.Output[Optional['_meta.v1.outputs.ObjectMeta']]: + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> pulumi.Output['outputs.IssuerSpec']: + """ + Desired state of the Issuer resource. + """ + return pulumi.get(self, "spec") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[Optional['outputs.IssuerStatus']]: + """ + Status of the Issuer. This is set and managed automatically. + """ + return pulumi.get(self, "status") + diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/v1/__init__.py b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/__init__.py new file mode 100644 index 0000000..d5327ba --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/__init__.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from ... import _utilities +import typing +# Export this package's modules as members: +from .Certificate import * +from .CertificateRequest import * +from .ClusterIssuer import * +from .Issuer import * +from ._inputs import * +from . import outputs diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/v1/_inputs.py b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/_inputs.py new file mode 100644 index 0000000..9300f1f --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/_inputs.py @@ -0,0 +1,12415 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities + +__all__ = [ + 'CertificateRequestSpecIssuerRefArgs', + 'CertificateRequestSpecArgs', + 'CertificateRequestStatusConditionsArgs', + 'CertificateRequestStatusArgs', + 'CertificateSpecAdditionalOutputFormatsArgs', + 'CertificateSpecIssuerRefArgs', + 'CertificateSpecKeystoresJksPasswordSecretRefArgs', + 'CertificateSpecKeystoresJksArgs', + 'CertificateSpecKeystoresPkcs12PasswordSecretRefArgs', + 'CertificateSpecKeystoresPkcs12Args', + 'CertificateSpecKeystoresArgs', + 'CertificateSpecNameConstraintsExcludedArgs', + 'CertificateSpecNameConstraintsPermittedArgs', + 'CertificateSpecNameConstraintsArgs', + 'CertificateSpecOtherNamesArgs', + 'CertificateSpecPrivateKeyArgs', + 'CertificateSpecSecretTemplateArgs', + 'CertificateSpecSubjectArgs', + 'CertificateSpecArgs', + 'CertificateStatusConditionsArgs', + 'CertificateStatusArgs', + 'ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRefArgs', + 'ClusterIssuerSpecAcmeExternalAccountBindingArgs', + 'ClusterIssuerSpecAcmePrivateKeySecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01AcmeDnsArgs', + 'ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01AkamaiArgs', + 'ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs', + 'ClusterIssuerSpecAcmeSolversDns01AzureDnsArgs', + 'ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01CloudDnsArgs', + 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01CloudflareArgs', + 'ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01DigitaloceanArgs', + 'ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01Rfc2136Args', + 'ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs', + 'ClusterIssuerSpecAcmeSolversDns01Route53Args', + 'ClusterIssuerSpecAcmeSolversDns01WebhookArgs', + 'ClusterIssuerSpecAcmeSolversDns01Args', + 'ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateArgs', + 'ClusterIssuerSpecAcmeSolversHttp01IngressArgs', + 'ClusterIssuerSpecAcmeSolversHttp01Args', + 'ClusterIssuerSpecAcmeSolversSelectorArgs', + 'ClusterIssuerSpecAcmeSolversArgs', + 'ClusterIssuerSpecAcmeArgs', + 'ClusterIssuerSpecCaArgs', + 'ClusterIssuerSpecSelfSignedArgs', + 'ClusterIssuerSpecVaultAuthAppRoleSecretRefArgs', + 'ClusterIssuerSpecVaultAuthAppRoleArgs', + 'ClusterIssuerSpecVaultAuthKubernetesSecretRefArgs', + 'ClusterIssuerSpecVaultAuthKubernetesServiceAccountRefArgs', + 'ClusterIssuerSpecVaultAuthKubernetesArgs', + 'ClusterIssuerSpecVaultAuthTokenSecretRefArgs', + 'ClusterIssuerSpecVaultAuthArgs', + 'ClusterIssuerSpecVaultCaBundleSecretRefArgs', + 'ClusterIssuerSpecVaultArgs', + 'ClusterIssuerSpecVenafiCloudApiTokenSecretRefArgs', + 'ClusterIssuerSpecVenafiCloudArgs', + 'ClusterIssuerSpecVenafiTppCredentialsRefArgs', + 'ClusterIssuerSpecVenafiTppArgs', + 'ClusterIssuerSpecVenafiArgs', + 'ClusterIssuerSpecArgs', + 'ClusterIssuerStatusAcmeArgs', + 'ClusterIssuerStatusConditionsArgs', + 'ClusterIssuerStatusArgs', + 'IssuerSpecAcmeExternalAccountBindingKeySecretRefArgs', + 'IssuerSpecAcmeExternalAccountBindingArgs', + 'IssuerSpecAcmePrivateKeySecretRefArgs', + 'IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs', + 'IssuerSpecAcmeSolversDns01AcmeDnsArgs', + 'IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs', + 'IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs', + 'IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs', + 'IssuerSpecAcmeSolversDns01AkamaiArgs', + 'IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs', + 'IssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs', + 'IssuerSpecAcmeSolversDns01AzureDnsArgs', + 'IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs', + 'IssuerSpecAcmeSolversDns01CloudDnsArgs', + 'IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs', + 'IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs', + 'IssuerSpecAcmeSolversDns01CloudflareArgs', + 'IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs', + 'IssuerSpecAcmeSolversDns01DigitaloceanArgs', + 'IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs', + 'IssuerSpecAcmeSolversDns01Rfc2136Args', + 'IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs', + 'IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs', + 'IssuerSpecAcmeSolversDns01Route53Args', + 'IssuerSpecAcmeSolversDns01WebhookArgs', + 'IssuerSpecAcmeSolversDns01Args', + 'IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs', + 'IssuerSpecAcmeSolversHttp01GatewayHttprouteArgs', + 'IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs', + 'IssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateArgs', + 'IssuerSpecAcmeSolversHttp01IngressArgs', + 'IssuerSpecAcmeSolversHttp01Args', + 'IssuerSpecAcmeSolversSelectorArgs', + 'IssuerSpecAcmeSolversArgs', + 'IssuerSpecAcmeArgs', + 'IssuerSpecCaArgs', + 'IssuerSpecSelfSignedArgs', + 'IssuerSpecVaultAuthAppRoleSecretRefArgs', + 'IssuerSpecVaultAuthAppRoleArgs', + 'IssuerSpecVaultAuthKubernetesSecretRefArgs', + 'IssuerSpecVaultAuthKubernetesServiceAccountRefArgs', + 'IssuerSpecVaultAuthKubernetesArgs', + 'IssuerSpecVaultAuthTokenSecretRefArgs', + 'IssuerSpecVaultAuthArgs', + 'IssuerSpecVaultCaBundleSecretRefArgs', + 'IssuerSpecVaultArgs', + 'IssuerSpecVenafiCloudApiTokenSecretRefArgs', + 'IssuerSpecVenafiCloudArgs', + 'IssuerSpecVenafiTppCredentialsRefArgs', + 'IssuerSpecVenafiTppArgs', + 'IssuerSpecVenafiArgs', + 'IssuerSpecArgs', + 'IssuerStatusAcmeArgs', + 'IssuerStatusConditionsArgs', + 'IssuerStatusArgs', +] + +@pulumi.input_type +class CertificateRequestSpecIssuerRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + group: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None): + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param pulumi.Input[str] name: Name of the resource being referred to. + :param pulumi.Input[str] group: Group of the resource being referred to. + :param pulumi.Input[str] kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def group(self) -> Optional[pulumi.Input[str]]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @group.setter + def group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + +@pulumi.input_type +class CertificateRequestSpecArgs: + def __init__(__self__, *, + issuer_ref: pulumi.Input['CertificateRequestSpecIssuerRefArgs'], + request: pulumi.Input[str], + duration: Optional[pulumi.Input[str]] = None, + extra: Optional[pulumi.Input[Mapping[str, pulumi.Input[Sequence[pulumi.Input[str]]]]]] = None, + groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + is_ca: Optional[pulumi.Input[bool]] = None, + uid: Optional[pulumi.Input[str]] = None, + usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + username: Optional[pulumi.Input[str]] = None): + """ + Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input['CertificateRequestSpecIssuerRefArgs'] issuer_ref: Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param pulumi.Input[str] request: The PEM-encoded X.509 certificate signing request to be submitted to the issuer for signing. + If the CSR has a BasicConstraints extension, its isCA attribute must match the `isCA` value of this CertificateRequest. If the CSR has a KeyUsage extension, its key usages must match the key usages in the `usages` field of this CertificateRequest. If the CSR has a ExtKeyUsage extension, its extended key usages must match the extended key usages in the `usages` field of this CertificateRequest. + :param pulumi.Input[str] duration: Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + :param pulumi.Input[Mapping[str, pulumi.Input[Sequence[pulumi.Input[str]]]]] extra: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + :param pulumi.Input[Sequence[pulumi.Input[str]]] groups: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + :param pulumi.Input[bool] is_ca: Requested basic constraints isCA value. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + NOTE: If the CSR in the `Request` field has a BasicConstraints extension, it must have the same isCA value as specified here. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + :param pulumi.Input[str] uid: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + :param pulumi.Input[Sequence[pulumi.Input[str]]] usages: Requested key usages and extended key usages. + NOTE: If the CSR in the `Request` field has uses the KeyUsage or ExtKeyUsage extension, these extensions must have the same values as specified here without any additional values. + If unset, defaults to `digital signature` and `key encipherment`. + :param pulumi.Input[str] username: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "request", request) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if extra is not None: + pulumi.set(__self__, "extra", extra) + if groups is not None: + pulumi.set(__self__, "groups", groups) + if is_ca is not None: + pulumi.set(__self__, "is_ca", is_ca) + if uid is not None: + pulumi.set(__self__, "uid", uid) + if usages is not None: + pulumi.set(__self__, "usages", usages) + if username is not None: + pulumi.set(__self__, "username", username) + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> pulumi.Input['CertificateRequestSpecIssuerRefArgs']: + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + """ + return pulumi.get(self, "issuer_ref") + + @issuer_ref.setter + def issuer_ref(self, value: pulumi.Input['CertificateRequestSpecIssuerRefArgs']): + pulumi.set(self, "issuer_ref", value) + + @property + @pulumi.getter + def request(self) -> pulumi.Input[str]: + """ + The PEM-encoded X.509 certificate signing request to be submitted to the issuer for signing. + If the CSR has a BasicConstraints extension, its isCA attribute must match the `isCA` value of this CertificateRequest. If the CSR has a KeyUsage extension, its key usages must match the key usages in the `usages` field of this CertificateRequest. If the CSR has a ExtKeyUsage extension, its extended key usages must match the extended key usages in the `usages` field of this CertificateRequest. + """ + return pulumi.get(self, "request") + + @request.setter + def request(self, value: pulumi.Input[str]): + pulumi.set(self, "request", value) + + @property + @pulumi.getter + def duration(self) -> Optional[pulumi.Input[str]]: + """ + Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + """ + return pulumi.get(self, "duration") + + @duration.setter + def duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "duration", value) + + @property + @pulumi.getter + def extra(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[Sequence[pulumi.Input[str]]]]]]: + """ + Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "extra") + + @extra.setter + def extra(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[Sequence[pulumi.Input[str]]]]]]): + pulumi.set(self, "extra", value) + + @property + @pulumi.getter + def groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "groups") + + @groups.setter + def groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "groups", value) + + @property + @pulumi.getter(name="isCA") + def is_ca(self) -> Optional[pulumi.Input[bool]]: + """ + Requested basic constraints isCA value. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + NOTE: If the CSR in the `Request` field has a BasicConstraints extension, it must have the same isCA value as specified here. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + """ + return pulumi.get(self, "is_ca") + + @is_ca.setter + def is_ca(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ca", value) + + @property + @pulumi.getter + def uid(self) -> Optional[pulumi.Input[str]]: + """ + UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "uid") + + @uid.setter + def uid(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "uid", value) + + @property + @pulumi.getter + def usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Requested key usages and extended key usages. + NOTE: If the CSR in the `Request` field has uses the KeyUsage or ExtKeyUsage extension, these extensions must have the same values as specified here without any additional values. + If unset, defaults to `digital signature` and `key encipherment`. + """ + return pulumi.get(self, "usages") + + @usages.setter + def usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "usages", value) + + @property + @pulumi.getter + def username(self) -> Optional[pulumi.Input[str]]: + """ + Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "username") + + @username.setter + def username(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "username", value) + + +@pulumi.input_type +class CertificateRequestStatusConditionsArgs: + def __init__(__self__, *, + status: pulumi.Input[str], + type: pulumi.Input[str], + last_transition_time: Optional[pulumi.Input[str]] = None, + message: Optional[pulumi.Input[str]] = None, + reason: Optional[pulumi.Input[str]] = None): + """ + CertificateRequestCondition contains condition information for a CertificateRequest. + :param pulumi.Input[str] status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param pulumi.Input[str] type: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). + :param pulumi.Input[str] last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param pulumi.Input[str] message: Message is a human readable description of the details of the last transition, complementing reason. + :param pulumi.Input[str] reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> pulumi.Input[str]: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: pulumi.Input[str]): + pulumi.set(self, "status", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[pulumi.Input[str]]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @last_transition_time.setter + def last_transition_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_transition_time", value) + + @property + @pulumi.getter + def message(self) -> Optional[pulumi.Input[str]]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @message.setter + def message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "message", value) + + @property + @pulumi.getter + def reason(self) -> Optional[pulumi.Input[str]]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + @reason.setter + def reason(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "reason", value) + + +@pulumi.input_type +class CertificateRequestStatusArgs: + def __init__(__self__, *, + ca: Optional[pulumi.Input[str]] = None, + certificate: Optional[pulumi.Input[str]] = None, + conditions: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateRequestStatusConditionsArgs']]]] = None, + failure_time: Optional[pulumi.Input[str]] = None): + """ + Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input[str] ca: The PEM encoded X.509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. + :param pulumi.Input[str] certificate: The PEM encoded X.509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. + :param pulumi.Input[Sequence[pulumi.Input['CertificateRequestStatusConditionsArgs']]] conditions: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + :param pulumi.Input[str] failure_time: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. + """ + if ca is not None: + pulumi.set(__self__, "ca", ca) + if certificate is not None: + pulumi.set(__self__, "certificate", certificate) + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + if failure_time is not None: + pulumi.set(__self__, "failure_time", failure_time) + + @property + @pulumi.getter + def ca(self) -> Optional[pulumi.Input[str]]: + """ + The PEM encoded X.509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. + """ + return pulumi.get(self, "ca") + + @ca.setter + def ca(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ca", value) + + @property + @pulumi.getter + def certificate(self) -> Optional[pulumi.Input[str]]: + """ + The PEM encoded X.509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. + """ + return pulumi.get(self, "certificate") + + @certificate.setter + def certificate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "certificate", value) + + @property + @pulumi.getter + def conditions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CertificateRequestStatusConditionsArgs']]]]: + """ + List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + """ + return pulumi.get(self, "conditions") + + @conditions.setter + def conditions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateRequestStatusConditionsArgs']]]]): + pulumi.set(self, "conditions", value) + + @property + @pulumi.getter(name="failureTime") + def failure_time(self) -> Optional[pulumi.Input[str]]: + """ + FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. + """ + return pulumi.get(self, "failure_time") + + @failure_time.setter + def failure_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "failure_time", value) + + +@pulumi.input_type +class CertificateSpecAdditionalOutputFormatsArgs: + def __init__(__self__, *, + type: pulumi.Input[str]): + """ + CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. + :param pulumi.Input[str] type: Type is the name of the format type that should be written to the Certificate's target Secret. + """ + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + Type is the name of the format type that should be written to the Certificate's target Secret. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + +@pulumi.input_type +class CertificateSpecIssuerRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + group: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None): + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param pulumi.Input[str] name: Name of the resource being referred to. + :param pulumi.Input[str] group: Group of the resource being referred to. + :param pulumi.Input[str] kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def group(self) -> Optional[pulumi.Input[str]]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @group.setter + def group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + +@pulumi.input_type +class CertificateSpecKeystoresJksPasswordSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class CertificateSpecKeystoresJksArgs: + def __init__(__self__, *, + create: pulumi.Input[bool], + password_secret_ref: pulumi.Input['CertificateSpecKeystoresJksPasswordSecretRefArgs']): + """ + JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + :param pulumi.Input[bool] create: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + :param pulumi.Input['CertificateSpecKeystoresJksPasswordSecretRefArgs'] password_secret_ref: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + """ + pulumi.set(__self__, "create", create) + pulumi.set(__self__, "password_secret_ref", password_secret_ref) + + @property + @pulumi.getter + def create(self) -> pulumi.Input[bool]: + """ + Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + """ + return pulumi.get(self, "create") + + @create.setter + def create(self, value: pulumi.Input[bool]): + pulumi.set(self, "create", value) + + @property + @pulumi.getter(name="passwordSecretRef") + def password_secret_ref(self) -> pulumi.Input['CertificateSpecKeystoresJksPasswordSecretRefArgs']: + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + """ + return pulumi.get(self, "password_secret_ref") + + @password_secret_ref.setter + def password_secret_ref(self, value: pulumi.Input['CertificateSpecKeystoresJksPasswordSecretRefArgs']): + pulumi.set(self, "password_secret_ref", value) + + +@pulumi.input_type +class CertificateSpecKeystoresPkcs12PasswordSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class CertificateSpecKeystoresPkcs12Args: + def __init__(__self__, *, + create: pulumi.Input[bool], + password_secret_ref: pulumi.Input['CertificateSpecKeystoresPkcs12PasswordSecretRefArgs'], + profile: Optional[pulumi.Input[str]] = None): + """ + PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + :param pulumi.Input[bool] create: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + :param pulumi.Input['CertificateSpecKeystoresPkcs12PasswordSecretRefArgs'] password_secret_ref: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + :param pulumi.Input[str] profile: Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. + If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret. + """ + pulumi.set(__self__, "create", create) + pulumi.set(__self__, "password_secret_ref", password_secret_ref) + if profile is not None: + pulumi.set(__self__, "profile", profile) + + @property + @pulumi.getter + def create(self) -> pulumi.Input[bool]: + """ + Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + """ + return pulumi.get(self, "create") + + @create.setter + def create(self, value: pulumi.Input[bool]): + pulumi.set(self, "create", value) + + @property + @pulumi.getter(name="passwordSecretRef") + def password_secret_ref(self) -> pulumi.Input['CertificateSpecKeystoresPkcs12PasswordSecretRefArgs']: + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + """ + return pulumi.get(self, "password_secret_ref") + + @password_secret_ref.setter + def password_secret_ref(self, value: pulumi.Input['CertificateSpecKeystoresPkcs12PasswordSecretRefArgs']): + pulumi.set(self, "password_secret_ref", value) + + @property + @pulumi.getter + def profile(self) -> Optional[pulumi.Input[str]]: + """ + Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. + If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret. + """ + return pulumi.get(self, "profile") + + @profile.setter + def profile(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "profile", value) + + +@pulumi.input_type +class CertificateSpecKeystoresArgs: + def __init__(__self__, *, + jks: Optional[pulumi.Input['CertificateSpecKeystoresJksArgs']] = None, + pkcs12: Optional[pulumi.Input['CertificateSpecKeystoresPkcs12Args']] = None): + """ + Additional keystore output formats to be stored in the Certificate's Secret. + :param pulumi.Input['CertificateSpecKeystoresJksArgs'] jks: JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + :param pulumi.Input['CertificateSpecKeystoresPkcs12Args'] pkcs12: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + """ + if jks is not None: + pulumi.set(__self__, "jks", jks) + if pkcs12 is not None: + pulumi.set(__self__, "pkcs12", pkcs12) + + @property + @pulumi.getter + def jks(self) -> Optional[pulumi.Input['CertificateSpecKeystoresJksArgs']]: + """ + JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + """ + return pulumi.get(self, "jks") + + @jks.setter + def jks(self, value: Optional[pulumi.Input['CertificateSpecKeystoresJksArgs']]): + pulumi.set(self, "jks", value) + + @property + @pulumi.getter + def pkcs12(self) -> Optional[pulumi.Input['CertificateSpecKeystoresPkcs12Args']]: + """ + PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + """ + return pulumi.get(self, "pkcs12") + + @pkcs12.setter + def pkcs12(self, value: Optional[pulumi.Input['CertificateSpecKeystoresPkcs12Args']]): + pulumi.set(self, "pkcs12", value) + + +@pulumi.input_type +class CertificateSpecNameConstraintsExcludedArgs: + def __init__(__self__, *, + dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_domains: DNSDomains is a list of DNS domains that are permitted or excluded. + :param pulumi.Input[Sequence[pulumi.Input[str]]] email_addresses: EmailAddresses is a list of Email Addresses that are permitted or excluded. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_ranges: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_domains: URIDomains is a list of URI domains that are permitted or excluded. + """ + if dns_domains is not None: + pulumi.set(__self__, "dns_domains", dns_domains) + if email_addresses is not None: + pulumi.set(__self__, "email_addresses", email_addresses) + if ip_ranges is not None: + pulumi.set(__self__, "ip_ranges", ip_ranges) + if uri_domains is not None: + pulumi.set(__self__, "uri_domains", uri_domains) + + @property + @pulumi.getter(name="dnsDomains") + def dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + DNSDomains is a list of DNS domains that are permitted or excluded. + """ + return pulumi.get(self, "dns_domains") + + @dns_domains.setter + def dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_domains", value) + + @property + @pulumi.getter(name="emailAddresses") + def email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + EmailAddresses is a list of Email Addresses that are permitted or excluded. + """ + return pulumi.get(self, "email_addresses") + + @email_addresses.setter + def email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "email_addresses", value) + + @property + @pulumi.getter(name="ipRanges") + def ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + """ + return pulumi.get(self, "ip_ranges") + + @ip_ranges.setter + def ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ip_ranges", value) + + @property + @pulumi.getter(name="uriDomains") + def uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + URIDomains is a list of URI domains that are permitted or excluded. + """ + return pulumi.get(self, "uri_domains") + + @uri_domains.setter + def uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "uri_domains", value) + + +@pulumi.input_type +class CertificateSpecNameConstraintsPermittedArgs: + def __init__(__self__, *, + dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Permitted contains the constraints in which the names must be located. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_domains: DNSDomains is a list of DNS domains that are permitted or excluded. + :param pulumi.Input[Sequence[pulumi.Input[str]]] email_addresses: EmailAddresses is a list of Email Addresses that are permitted or excluded. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_ranges: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_domains: URIDomains is a list of URI domains that are permitted or excluded. + """ + if dns_domains is not None: + pulumi.set(__self__, "dns_domains", dns_domains) + if email_addresses is not None: + pulumi.set(__self__, "email_addresses", email_addresses) + if ip_ranges is not None: + pulumi.set(__self__, "ip_ranges", ip_ranges) + if uri_domains is not None: + pulumi.set(__self__, "uri_domains", uri_domains) + + @property + @pulumi.getter(name="dnsDomains") + def dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + DNSDomains is a list of DNS domains that are permitted or excluded. + """ + return pulumi.get(self, "dns_domains") + + @dns_domains.setter + def dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_domains", value) + + @property + @pulumi.getter(name="emailAddresses") + def email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + EmailAddresses is a list of Email Addresses that are permitted or excluded. + """ + return pulumi.get(self, "email_addresses") + + @email_addresses.setter + def email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "email_addresses", value) + + @property + @pulumi.getter(name="ipRanges") + def ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + """ + return pulumi.get(self, "ip_ranges") + + @ip_ranges.setter + def ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ip_ranges", value) + + @property + @pulumi.getter(name="uriDomains") + def uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + URIDomains is a list of URI domains that are permitted or excluded. + """ + return pulumi.get(self, "uri_domains") + + @uri_domains.setter + def uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "uri_domains", value) + + +@pulumi.input_type +class CertificateSpecNameConstraintsArgs: + def __init__(__self__, *, + critical: Optional[pulumi.Input[bool]] = None, + excluded: Optional[pulumi.Input['CertificateSpecNameConstraintsExcludedArgs']] = None, + permitted: Optional[pulumi.Input['CertificateSpecNameConstraintsPermittedArgs']] = None): + """ + x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components. + :param pulumi.Input[bool] critical: if true then the name constraints are marked critical. + :param pulumi.Input['CertificateSpecNameConstraintsExcludedArgs'] excluded: Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + :param pulumi.Input['CertificateSpecNameConstraintsPermittedArgs'] permitted: Permitted contains the constraints in which the names must be located. + """ + if critical is not None: + pulumi.set(__self__, "critical", critical) + if excluded is not None: + pulumi.set(__self__, "excluded", excluded) + if permitted is not None: + pulumi.set(__self__, "permitted", permitted) + + @property + @pulumi.getter + def critical(self) -> Optional[pulumi.Input[bool]]: + """ + if true then the name constraints are marked critical. + """ + return pulumi.get(self, "critical") + + @critical.setter + def critical(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "critical", value) + + @property + @pulumi.getter + def excluded(self) -> Optional[pulumi.Input['CertificateSpecNameConstraintsExcludedArgs']]: + """ + Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + """ + return pulumi.get(self, "excluded") + + @excluded.setter + def excluded(self, value: Optional[pulumi.Input['CertificateSpecNameConstraintsExcludedArgs']]): + pulumi.set(self, "excluded", value) + + @property + @pulumi.getter + def permitted(self) -> Optional[pulumi.Input['CertificateSpecNameConstraintsPermittedArgs']]: + """ + Permitted contains the constraints in which the names must be located. + """ + return pulumi.get(self, "permitted") + + @permitted.setter + def permitted(self, value: Optional[pulumi.Input['CertificateSpecNameConstraintsPermittedArgs']]): + pulumi.set(self, "permitted", value) + + +@pulumi.input_type +class CertificateSpecOtherNamesArgs: + def __init__(__self__, *, + oid: Optional[pulumi.Input[str]] = None, + utf8_value: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] oid: OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113556.1.4.221". + :param pulumi.Input[str] utf8_value: utf8Value is the string value of the otherName SAN. The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + """ + if oid is not None: + pulumi.set(__self__, "oid", oid) + if utf8_value is not None: + pulumi.set(__self__, "utf8_value", utf8_value) + + @property + @pulumi.getter + def oid(self) -> Optional[pulumi.Input[str]]: + """ + OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113556.1.4.221". + """ + return pulumi.get(self, "oid") + + @oid.setter + def oid(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "oid", value) + + @property + @pulumi.getter(name="utf8Value") + def utf8_value(self) -> Optional[pulumi.Input[str]]: + """ + utf8Value is the string value of the otherName SAN. The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + """ + return pulumi.get(self, "utf8_value") + + @utf8_value.setter + def utf8_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "utf8_value", value) + + +@pulumi.input_type +class CertificateSpecPrivateKeyArgs: + def __init__(__self__, *, + algorithm: Optional[pulumi.Input[str]] = None, + encoding: Optional[pulumi.Input[str]] = None, + rotation_policy: Optional[pulumi.Input[str]] = None, + size: Optional[pulumi.Input[int]] = None): + """ + Private key options. These include the key algorithm and size, the used encoding and the rotation policy. + :param pulumi.Input[str] algorithm: Algorithm is the private key algorithm of the corresponding private key for this certificate. + If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. If `algorithm` is specified and `size` is not provided, key size of 2048 will be used for `RSA` key algorithm and key size of 256 will be used for `ECDSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + :param pulumi.Input[str] encoding: The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. + If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + :param pulumi.Input[str] rotation_policy: RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. + If set to `Never`, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to `Always`, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is `Never` for backward compatibility. + :param pulumi.Input[int] size: Size is the key bit size of the corresponding private key for this certificate. + If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + """ + if algorithm is not None: + pulumi.set(__self__, "algorithm", algorithm) + if encoding is not None: + pulumi.set(__self__, "encoding", encoding) + if rotation_policy is not None: + pulumi.set(__self__, "rotation_policy", rotation_policy) + if size is not None: + pulumi.set(__self__, "size", size) + + @property + @pulumi.getter + def algorithm(self) -> Optional[pulumi.Input[str]]: + """ + Algorithm is the private key algorithm of the corresponding private key for this certificate. + If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. If `algorithm` is specified and `size` is not provided, key size of 2048 will be used for `RSA` key algorithm and key size of 256 will be used for `ECDSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + """ + return pulumi.get(self, "algorithm") + + @algorithm.setter + def algorithm(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "algorithm", value) + + @property + @pulumi.getter + def encoding(self) -> Optional[pulumi.Input[str]]: + """ + The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. + If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + """ + return pulumi.get(self, "encoding") + + @encoding.setter + def encoding(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "encoding", value) + + @property + @pulumi.getter(name="rotationPolicy") + def rotation_policy(self) -> Optional[pulumi.Input[str]]: + """ + RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. + If set to `Never`, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to `Always`, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is `Never` for backward compatibility. + """ + return pulumi.get(self, "rotation_policy") + + @rotation_policy.setter + def rotation_policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "rotation_policy", value) + + @property + @pulumi.getter + def size(self) -> Optional[pulumi.Input[int]]: + """ + Size is the key bit size of the corresponding private key for this certificate. + If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + """ + return pulumi.get(self, "size") + + @size.setter + def size(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "size", value) + + +@pulumi.input_type +class CertificateSpecSecretTemplateArgs: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] annotations: Annotations is a key value map to be copied to the target Kubernetes Secret. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels is a key value map to be copied to the target Kubernetes Secret. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Annotations is a key value map to be copied to the target Kubernetes Secret. + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Labels is a key value map to be copied to the target Kubernetes Secret. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + +@pulumi.input_type +class CertificateSpecSubjectArgs: + def __init__(__self__, *, + countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + serial_number: Optional[pulumi.Input[str]] = None, + street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set. + :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: Countries to be used on the Certificate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] localities: Cities to be used on the Certificate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] organizational_units: Organizational Units to be used on the Certificate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: Organizations to be used on the Certificate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: Postal codes to be used on the Certificate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: State/Provinces to be used on the Certificate. + :param pulumi.Input[str] serial_number: Serial number to be used on the Certificate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: Street addresses to be used on the Certificate. + """ + if countries is not None: + pulumi.set(__self__, "countries", countries) + if localities is not None: + pulumi.set(__self__, "localities", localities) + if organizational_units is not None: + pulumi.set(__self__, "organizational_units", organizational_units) + if organizations is not None: + pulumi.set(__self__, "organizations", organizations) + if postal_codes is not None: + pulumi.set(__self__, "postal_codes", postal_codes) + if provinces is not None: + pulumi.set(__self__, "provinces", provinces) + if serial_number is not None: + pulumi.set(__self__, "serial_number", serial_number) + if street_addresses is not None: + pulumi.set(__self__, "street_addresses", street_addresses) + + @property + @pulumi.getter + def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Countries to be used on the Certificate. + """ + return pulumi.get(self, "countries") + + @countries.setter + def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "countries", value) + + @property + @pulumi.getter + def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Cities to be used on the Certificate. + """ + return pulumi.get(self, "localities") + + @localities.setter + def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "localities", value) + + @property + @pulumi.getter(name="organizationalUnits") + def organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Organizational Units to be used on the Certificate. + """ + return pulumi.get(self, "organizational_units") + + @organizational_units.setter + def organizational_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "organizational_units", value) + + @property + @pulumi.getter + def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Organizations to be used on the Certificate. + """ + return pulumi.get(self, "organizations") + + @organizations.setter + def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "organizations", value) + + @property + @pulumi.getter(name="postalCodes") + def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Postal codes to be used on the Certificate. + """ + return pulumi.get(self, "postal_codes") + + @postal_codes.setter + def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "postal_codes", value) + + @property + @pulumi.getter + def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + State/Provinces to be used on the Certificate. + """ + return pulumi.get(self, "provinces") + + @provinces.setter + def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "provinces", value) + + @property + @pulumi.getter(name="serialNumber") + def serial_number(self) -> Optional[pulumi.Input[str]]: + """ + Serial number to be used on the Certificate. + """ + return pulumi.get(self, "serial_number") + + @serial_number.setter + def serial_number(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "serial_number", value) + + @property + @pulumi.getter(name="streetAddresses") + def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Street addresses to be used on the Certificate. + """ + return pulumi.get(self, "street_addresses") + + @street_addresses.setter + def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "street_addresses", value) + + +@pulumi.input_type +class CertificateSpecArgs: + def __init__(__self__, *, + issuer_ref: pulumi.Input['CertificateSpecIssuerRefArgs'], + secret_name: pulumi.Input[str], + additional_output_formats: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateSpecAdditionalOutputFormatsArgs']]]] = None, + common_name: Optional[pulumi.Input[str]] = None, + dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + duration: Optional[pulumi.Input[str]] = None, + email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + encode_usages_in_request: Optional[pulumi.Input[bool]] = None, + ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + is_ca: Optional[pulumi.Input[bool]] = None, + keystores: Optional[pulumi.Input['CertificateSpecKeystoresArgs']] = None, + literal_subject: Optional[pulumi.Input[str]] = None, + name_constraints: Optional[pulumi.Input['CertificateSpecNameConstraintsArgs']] = None, + other_names: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateSpecOtherNamesArgs']]]] = None, + private_key: Optional[pulumi.Input['CertificateSpecPrivateKeyArgs']] = None, + renew_before: Optional[pulumi.Input[str]] = None, + revision_history_limit: Optional[pulumi.Input[int]] = None, + secret_template: Optional[pulumi.Input['CertificateSpecSecretTemplateArgs']] = None, + subject: Optional[pulumi.Input['CertificateSpecSubjectArgs']] = None, + uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input['CertificateSpecIssuerRefArgs'] issuer_ref: Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param pulumi.Input[str] secret_name: Name of the Secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. The Secret resource lives in the same namespace as the Certificate resource. + :param pulumi.Input[Sequence[pulumi.Input['CertificateSpecAdditionalOutputFormatsArgs']]] additional_output_formats: Defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. + This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both the controller and webhook components. + :param pulumi.Input[str] common_name: Requested common name X509 certificate subject attribute. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 NOTE: TLS clients will ignore this value when any subject alternative name is set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + Should have a length of 64 characters or fewer to avoid generating invalid CSRs. Cannot be set if the `literalSubject` field is set. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: Requested DNS subject alternative names. + :param pulumi.Input[str] duration: Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + If unset, this defaults to 90 days. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + :param pulumi.Input[Sequence[pulumi.Input[str]]] email_addresses: Requested email subject alternative names. + :param pulumi.Input[bool] encode_usages_in_request: Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + This option defaults to true, and should only be disabled if the target issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: Requested IP address subject alternative names. + :param pulumi.Input[bool] is_ca: Requested basic constraints isCA value. The isCA value is used to set the `isCA` field on the created CertificateRequest resources. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + :param pulumi.Input['CertificateSpecKeystoresArgs'] keystores: Additional keystore output formats to be stored in the Certificate's Secret. + :param pulumi.Input[str] literal_subject: Requested X.509 certificate subject, represented using the LDAP "String Representation of a Distinguished Name" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 + Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components. + :param pulumi.Input['CertificateSpecNameConstraintsArgs'] name_constraints: x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components. + :param pulumi.Input[Sequence[pulumi.Input['CertificateSpecOtherNamesArgs']]] other_names: `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this. + :param pulumi.Input['CertificateSpecPrivateKeyArgs'] private_key: Private key options. These include the key algorithm and size, the used encoding and the rotation policy. + :param pulumi.Input[str] renew_before: How long before the currently issued certificate's expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). + NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate. + If unset, this defaults to 1/3 of the issued certificate's lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + :param pulumi.Input[int] revision_history_limit: The maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. + If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + :param pulumi.Input['CertificateSpecSecretTemplateArgs'] secret_template: Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + :param pulumi.Input['CertificateSpecSubjectArgs'] subject: Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set. + :param pulumi.Input[Sequence[pulumi.Input[str]]] uris: Requested URI subject alternative names. + :param pulumi.Input[Sequence[pulumi.Input[str]]] usages: Requested key usages and extended key usages. These usages are used to set the `usages` field on the created CertificateRequest resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages will additionally be encoded in the `request` field which contains the CSR blob. + If unset, defaults to `digital signature` and `key encipherment`. + """ + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "secret_name", secret_name) + if additional_output_formats is not None: + pulumi.set(__self__, "additional_output_formats", additional_output_formats) + if common_name is not None: + pulumi.set(__self__, "common_name", common_name) + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if email_addresses is not None: + pulumi.set(__self__, "email_addresses", email_addresses) + if encode_usages_in_request is not None: + pulumi.set(__self__, "encode_usages_in_request", encode_usages_in_request) + if ip_addresses is not None: + pulumi.set(__self__, "ip_addresses", ip_addresses) + if is_ca is not None: + pulumi.set(__self__, "is_ca", is_ca) + if keystores is not None: + pulumi.set(__self__, "keystores", keystores) + if literal_subject is not None: + pulumi.set(__self__, "literal_subject", literal_subject) + if name_constraints is not None: + pulumi.set(__self__, "name_constraints", name_constraints) + if other_names is not None: + pulumi.set(__self__, "other_names", other_names) + if private_key is not None: + pulumi.set(__self__, "private_key", private_key) + if renew_before is not None: + pulumi.set(__self__, "renew_before", renew_before) + if revision_history_limit is not None: + pulumi.set(__self__, "revision_history_limit", revision_history_limit) + if secret_template is not None: + pulumi.set(__self__, "secret_template", secret_template) + if subject is not None: + pulumi.set(__self__, "subject", subject) + if uris is not None: + pulumi.set(__self__, "uris", uris) + if usages is not None: + pulumi.set(__self__, "usages", usages) + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> pulumi.Input['CertificateSpecIssuerRefArgs']: + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + """ + return pulumi.get(self, "issuer_ref") + + @issuer_ref.setter + def issuer_ref(self, value: pulumi.Input['CertificateSpecIssuerRefArgs']): + pulumi.set(self, "issuer_ref", value) + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> pulumi.Input[str]: + """ + Name of the Secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. The Secret resource lives in the same namespace as the Certificate resource. + """ + return pulumi.get(self, "secret_name") + + @secret_name.setter + def secret_name(self, value: pulumi.Input[str]): + pulumi.set(self, "secret_name", value) + + @property + @pulumi.getter(name="additionalOutputFormats") + def additional_output_formats(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CertificateSpecAdditionalOutputFormatsArgs']]]]: + """ + Defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. + This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both the controller and webhook components. + """ + return pulumi.get(self, "additional_output_formats") + + @additional_output_formats.setter + def additional_output_formats(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateSpecAdditionalOutputFormatsArgs']]]]): + pulumi.set(self, "additional_output_formats", value) + + @property + @pulumi.getter(name="commonName") + def common_name(self) -> Optional[pulumi.Input[str]]: + """ + Requested common name X509 certificate subject attribute. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 NOTE: TLS clients will ignore this value when any subject alternative name is set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + Should have a length of 64 characters or fewer to avoid generating invalid CSRs. Cannot be set if the `literalSubject` field is set. + """ + return pulumi.get(self, "common_name") + + @common_name.setter + def common_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "common_name", value) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Requested DNS subject alternative names. + """ + return pulumi.get(self, "dns_names") + + @dns_names.setter + def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_names", value) + + @property + @pulumi.getter + def duration(self) -> Optional[pulumi.Input[str]]: + """ + Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + If unset, this defaults to 90 days. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + """ + return pulumi.get(self, "duration") + + @duration.setter + def duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "duration", value) + + @property + @pulumi.getter(name="emailAddresses") + def email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Requested email subject alternative names. + """ + return pulumi.get(self, "email_addresses") + + @email_addresses.setter + def email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "email_addresses", value) + + @property + @pulumi.getter(name="encodeUsagesInRequest") + def encode_usages_in_request(self) -> Optional[pulumi.Input[bool]]: + """ + Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + This option defaults to true, and should only be disabled if the target issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. + """ + return pulumi.get(self, "encode_usages_in_request") + + @encode_usages_in_request.setter + def encode_usages_in_request(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "encode_usages_in_request", value) + + @property + @pulumi.getter(name="ipAddresses") + def ip_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Requested IP address subject alternative names. + """ + return pulumi.get(self, "ip_addresses") + + @ip_addresses.setter + def ip_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ip_addresses", value) + + @property + @pulumi.getter(name="isCA") + def is_ca(self) -> Optional[pulumi.Input[bool]]: + """ + Requested basic constraints isCA value. The isCA value is used to set the `isCA` field on the created CertificateRequest resources. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + """ + return pulumi.get(self, "is_ca") + + @is_ca.setter + def is_ca(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ca", value) + + @property + @pulumi.getter + def keystores(self) -> Optional[pulumi.Input['CertificateSpecKeystoresArgs']]: + """ + Additional keystore output formats to be stored in the Certificate's Secret. + """ + return pulumi.get(self, "keystores") + + @keystores.setter + def keystores(self, value: Optional[pulumi.Input['CertificateSpecKeystoresArgs']]): + pulumi.set(self, "keystores", value) + + @property + @pulumi.getter(name="literalSubject") + def literal_subject(self) -> Optional[pulumi.Input[str]]: + """ + Requested X.509 certificate subject, represented using the LDAP "String Representation of a Distinguished Name" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 + Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components. + """ + return pulumi.get(self, "literal_subject") + + @literal_subject.setter + def literal_subject(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "literal_subject", value) + + @property + @pulumi.getter(name="nameConstraints") + def name_constraints(self) -> Optional[pulumi.Input['CertificateSpecNameConstraintsArgs']]: + """ + x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components. + """ + return pulumi.get(self, "name_constraints") + + @name_constraints.setter + def name_constraints(self, value: Optional[pulumi.Input['CertificateSpecNameConstraintsArgs']]): + pulumi.set(self, "name_constraints", value) + + @property + @pulumi.getter(name="otherNames") + def other_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CertificateSpecOtherNamesArgs']]]]: + """ + `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this. + """ + return pulumi.get(self, "other_names") + + @other_names.setter + def other_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateSpecOtherNamesArgs']]]]): + pulumi.set(self, "other_names", value) + + @property + @pulumi.getter(name="privateKey") + def private_key(self) -> Optional[pulumi.Input['CertificateSpecPrivateKeyArgs']]: + """ + Private key options. These include the key algorithm and size, the used encoding and the rotation policy. + """ + return pulumi.get(self, "private_key") + + @private_key.setter + def private_key(self, value: Optional[pulumi.Input['CertificateSpecPrivateKeyArgs']]): + pulumi.set(self, "private_key", value) + + @property + @pulumi.getter(name="renewBefore") + def renew_before(self) -> Optional[pulumi.Input[str]]: + """ + How long before the currently issued certificate's expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). + NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate. + If unset, this defaults to 1/3 of the issued certificate's lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + """ + return pulumi.get(self, "renew_before") + + @renew_before.setter + def renew_before(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "renew_before", value) + + @property + @pulumi.getter(name="revisionHistoryLimit") + def revision_history_limit(self) -> Optional[pulumi.Input[int]]: + """ + The maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. + If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + """ + return pulumi.get(self, "revision_history_limit") + + @revision_history_limit.setter + def revision_history_limit(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "revision_history_limit", value) + + @property + @pulumi.getter(name="secretTemplate") + def secret_template(self) -> Optional[pulumi.Input['CertificateSpecSecretTemplateArgs']]: + """ + Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + """ + return pulumi.get(self, "secret_template") + + @secret_template.setter + def secret_template(self, value: Optional[pulumi.Input['CertificateSpecSecretTemplateArgs']]): + pulumi.set(self, "secret_template", value) + + @property + @pulumi.getter + def subject(self) -> Optional[pulumi.Input['CertificateSpecSubjectArgs']]: + """ + Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set. + """ + return pulumi.get(self, "subject") + + @subject.setter + def subject(self, value: Optional[pulumi.Input['CertificateSpecSubjectArgs']]): + pulumi.set(self, "subject", value) + + @property + @pulumi.getter + def uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Requested URI subject alternative names. + """ + return pulumi.get(self, "uris") + + @uris.setter + def uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "uris", value) + + @property + @pulumi.getter + def usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Requested key usages and extended key usages. These usages are used to set the `usages` field on the created CertificateRequest resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages will additionally be encoded in the `request` field which contains the CSR blob. + If unset, defaults to `digital signature` and `key encipherment`. + """ + return pulumi.get(self, "usages") + + @usages.setter + def usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "usages", value) + + +@pulumi.input_type +class CertificateStatusConditionsArgs: + def __init__(__self__, *, + status: pulumi.Input[str], + type: pulumi.Input[str], + last_transition_time: Optional[pulumi.Input[str]] = None, + message: Optional[pulumi.Input[str]] = None, + observed_generation: Optional[pulumi.Input[int]] = None, + reason: Optional[pulumi.Input[str]] = None): + """ + CertificateCondition contains condition information for an Certificate. + :param pulumi.Input[str] status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param pulumi.Input[str] type: Type of the condition, known values are (`Ready`, `Issuing`). + :param pulumi.Input[str] last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param pulumi.Input[str] message: Message is a human readable description of the details of the last transition, complementing reason. + :param pulumi.Input[int] observed_generation: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate. + :param pulumi.Input[str] reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if observed_generation is not None: + pulumi.set(__self__, "observed_generation", observed_generation) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> pulumi.Input[str]: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: pulumi.Input[str]): + pulumi.set(self, "status", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + Type of the condition, known values are (`Ready`, `Issuing`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[pulumi.Input[str]]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @last_transition_time.setter + def last_transition_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_transition_time", value) + + @property + @pulumi.getter + def message(self) -> Optional[pulumi.Input[str]]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @message.setter + def message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "message", value) + + @property + @pulumi.getter(name="observedGeneration") + def observed_generation(self) -> Optional[pulumi.Input[int]]: + """ + If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate. + """ + return pulumi.get(self, "observed_generation") + + @observed_generation.setter + def observed_generation(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "observed_generation", value) + + @property + @pulumi.getter + def reason(self) -> Optional[pulumi.Input[str]]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + @reason.setter + def reason(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "reason", value) + + +@pulumi.input_type +class CertificateStatusArgs: + def __init__(__self__, *, + conditions: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateStatusConditionsArgs']]]] = None, + failed_issuance_attempts: Optional[pulumi.Input[int]] = None, + last_failure_time: Optional[pulumi.Input[str]] = None, + next_private_key_secret_name: Optional[pulumi.Input[str]] = None, + not_after: Optional[pulumi.Input[str]] = None, + not_before: Optional[pulumi.Input[str]] = None, + renewal_time: Optional[pulumi.Input[str]] = None, + revision: Optional[pulumi.Input[int]] = None): + """ + Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param pulumi.Input[Sequence[pulumi.Input['CertificateStatusConditionsArgs']]] conditions: List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`. + :param pulumi.Input[int] failed_issuance_attempts: The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). + :param pulumi.Input[str] last_failure_time: LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset. + :param pulumi.Input[str] next_private_key_secret_name: The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False. + :param pulumi.Input[str] not_after: The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`. + :param pulumi.Input[str] not_before: The time after which the certificate stored in the secret named by this resource in `spec.secretName` is valid. + :param pulumi.Input[str] renewal_time: RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled. + :param pulumi.Input[int] revision: The current 'revision' of the certificate as issued. + When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. + Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. + Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field. + """ + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + if failed_issuance_attempts is not None: + pulumi.set(__self__, "failed_issuance_attempts", failed_issuance_attempts) + if last_failure_time is not None: + pulumi.set(__self__, "last_failure_time", last_failure_time) + if next_private_key_secret_name is not None: + pulumi.set(__self__, "next_private_key_secret_name", next_private_key_secret_name) + if not_after is not None: + pulumi.set(__self__, "not_after", not_after) + if not_before is not None: + pulumi.set(__self__, "not_before", not_before) + if renewal_time is not None: + pulumi.set(__self__, "renewal_time", renewal_time) + if revision is not None: + pulumi.set(__self__, "revision", revision) + + @property + @pulumi.getter + def conditions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CertificateStatusConditionsArgs']]]]: + """ + List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`. + """ + return pulumi.get(self, "conditions") + + @conditions.setter + def conditions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CertificateStatusConditionsArgs']]]]): + pulumi.set(self, "conditions", value) + + @property + @pulumi.getter(name="failedIssuanceAttempts") + def failed_issuance_attempts(self) -> Optional[pulumi.Input[int]]: + """ + The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). + """ + return pulumi.get(self, "failed_issuance_attempts") + + @failed_issuance_attempts.setter + def failed_issuance_attempts(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "failed_issuance_attempts", value) + + @property + @pulumi.getter(name="lastFailureTime") + def last_failure_time(self) -> Optional[pulumi.Input[str]]: + """ + LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset. + """ + return pulumi.get(self, "last_failure_time") + + @last_failure_time.setter + def last_failure_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_failure_time", value) + + @property + @pulumi.getter(name="nextPrivateKeySecretName") + def next_private_key_secret_name(self) -> Optional[pulumi.Input[str]]: + """ + The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False. + """ + return pulumi.get(self, "next_private_key_secret_name") + + @next_private_key_secret_name.setter + def next_private_key_secret_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "next_private_key_secret_name", value) + + @property + @pulumi.getter(name="notAfter") + def not_after(self) -> Optional[pulumi.Input[str]]: + """ + The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`. + """ + return pulumi.get(self, "not_after") + + @not_after.setter + def not_after(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "not_after", value) + + @property + @pulumi.getter(name="notBefore") + def not_before(self) -> Optional[pulumi.Input[str]]: + """ + The time after which the certificate stored in the secret named by this resource in `spec.secretName` is valid. + """ + return pulumi.get(self, "not_before") + + @not_before.setter + def not_before(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "not_before", value) + + @property + @pulumi.getter(name="renewalTime") + def renewal_time(self) -> Optional[pulumi.Input[str]]: + """ + RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled. + """ + return pulumi.get(self, "renewal_time") + + @renewal_time.setter + def renewal_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "renewal_time", value) + + @property + @pulumi.getter + def revision(self) -> Optional[pulumi.Input[int]]: + """ + The current 'revision' of the certificate as issued. + When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. + Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. + Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field. + """ + return pulumi.get(self, "revision") + + @revision.setter + def revision(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "revision", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeExternalAccountBindingArgs: + def __init__(__self__, *, + key_id: pulumi.Input[str], + key_secret_ref: pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRefArgs'], + key_algorithm: Optional[pulumi.Input[str]] = None): + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param pulumi.Input[str] key_id: keyID is the ID of the CA key that the External Account is bound to. + :param pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRefArgs'] key_secret_ref: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param pulumi.Input[str] key_algorithm: Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + pulumi.set(__self__, "key_id", key_id) + pulumi.set(__self__, "key_secret_ref", key_secret_ref) + if key_algorithm is not None: + pulumi.set(__self__, "key_algorithm", key_algorithm) + + @property + @pulumi.getter(name="keyID") + def key_id(self) -> pulumi.Input[str]: + """ + keyID is the ID of the CA key that the External Account is bound to. + """ + return pulumi.get(self, "key_id") + + @key_id.setter + def key_id(self, value: pulumi.Input[str]): + pulumi.set(self, "key_id", value) + + @property + @pulumi.getter(name="keySecretRef") + def key_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRefArgs']: + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + """ + return pulumi.get(self, "key_secret_ref") + + @key_secret_ref.setter + def key_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRefArgs']): + pulumi.set(self, "key_secret_ref", value) + + @property + @pulumi.getter(name="keyAlgorithm") + def key_algorithm(self) -> Optional[pulumi.Input[str]]: + """ + Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + return pulumi.get(self, "key_algorithm") + + @key_algorithm.setter + def key_algorithm(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key_algorithm", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmePrivateKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AcmeDnsArgs: + def __init__(__self__, *, + account_secret_ref: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs'], + host: pulumi.Input[str]): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs'] account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "account_secret_ref", account_secret_ref) + pulumi.set(__self__, "host", host) + + @property + @pulumi.getter(name="accountSecretRef") + def account_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "account_secret_ref") + + @account_secret_ref.setter + def account_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs']): + pulumi.set(self, "account_secret_ref", value) + + @property + @pulumi.getter + def host(self) -> pulumi.Input[str]: + return pulumi.get(self, "host") + + @host.setter + def host(self, value: pulumi.Input[str]): + pulumi.set(self, "host", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AkamaiArgs: + def __init__(__self__, *, + access_token_secret_ref: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs'], + client_secret_secret_ref: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs'], + client_token_secret_ref: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs'], + service_consumer_domain: pulumi.Input[str]): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs'] access_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs'] client_secret_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs'] client_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "access_token_secret_ref", access_token_secret_ref) + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + pulumi.set(__self__, "client_token_secret_ref", client_token_secret_ref) + pulumi.set(__self__, "service_consumer_domain", service_consumer_domain) + + @property + @pulumi.getter(name="accessTokenSecretRef") + def access_token_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "access_token_secret_ref") + + @access_token_secret_ref.setter + def access_token_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs']): + pulumi.set(self, "access_token_secret_ref", value) + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @client_secret_secret_ref.setter + def client_secret_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs']): + pulumi.set(self, "client_secret_secret_ref", value) + + @property + @pulumi.getter(name="clientTokenSecretRef") + def client_token_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_token_secret_ref") + + @client_token_secret_ref.setter + def client_token_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs']): + pulumi.set(self, "client_token_secret_ref", value) + + @property + @pulumi.getter(name="serviceConsumerDomain") + def service_consumer_domain(self) -> pulumi.Input[str]: + return pulumi.get(self, "service_consumer_domain") + + @service_consumer_domain.setter + def service_consumer_domain(self, value: pulumi.Input[str]): + pulumi.set(self, "service_consumer_domain", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs: + def __init__(__self__, *, + client_id: Optional[pulumi.Input[str]] = None, + resource_id: Optional[pulumi.Input[str]] = None): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param pulumi.Input[str] client_id: client ID of the managed identity, can not be used at the same time as resourceID + :param pulumi.Input[str] resource_id: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if resource_id is not None: + pulumi.set(__self__, "resource_id", resource_id) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + client ID of the managed identity, can not be used at the same time as resourceID + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="resourceID") + def resource_id(self) -> Optional[pulumi.Input[str]]: + """ + resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + return pulumi.get(self, "resource_id") + + @resource_id.setter + def resource_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_id", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01AzureDnsArgs: + def __init__(__self__, *, + resource_group_name: pulumi.Input[str], + subscription_id: pulumi.Input[str], + client_id: Optional[pulumi.Input[str]] = None, + client_secret_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs']] = None, + environment: Optional[pulumi.Input[str]] = None, + hosted_zone_name: Optional[pulumi.Input[str]] = None, + managed_identity: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs']] = None, + tenant_id: Optional[pulumi.Input[str]] = None): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param pulumi.Input[str] resource_group_name: resource group the DNS zone is located in + :param pulumi.Input[str] subscription_id: ID of the Azure subscription + :param pulumi.Input[str] client_id: Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs'] client_secret_secret_ref: Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param pulumi.Input[str] environment: name of the Azure environment (default AzurePublicCloud) + :param pulumi.Input[str] hosted_zone_name: name of the DNS zone that should be used + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs'] managed_identity: Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param pulumi.Input[str] tenant_id: Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + pulumi.set(__self__, "resource_group_name", resource_group_name) + pulumi.set(__self__, "subscription_id", subscription_id) + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret_secret_ref is not None: + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + if environment is not None: + pulumi.set(__self__, "environment", environment) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if managed_identity is not None: + pulumi.set(__self__, "managed_identity", managed_identity) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + + @property + @pulumi.getter(name="resourceGroupName") + def resource_group_name(self) -> pulumi.Input[str]: + """ + resource group the DNS zone is located in + """ + return pulumi.get(self, "resource_group_name") + + @resource_group_name.setter + def resource_group_name(self, value: pulumi.Input[str]): + pulumi.set(self, "resource_group_name", value) + + @property + @pulumi.getter(name="subscriptionID") + def subscription_id(self) -> pulumi.Input[str]: + """ + ID of the Azure subscription + """ + return pulumi.get(self, "subscription_id") + + @subscription_id.setter + def subscription_id(self, value: pulumi.Input[str]): + pulumi.set(self, "subscription_id", value) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs']]: + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @client_secret_secret_ref.setter + def client_secret_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs']]): + pulumi.set(self, "client_secret_secret_ref", value) + + @property + @pulumi.getter + def environment(self) -> Optional[pulumi.Input[str]]: + """ + name of the Azure environment (default AzurePublicCloud) + """ + return pulumi.get(self, "environment") + + @environment.setter + def environment(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "environment", value) + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[pulumi.Input[str]]: + """ + name of the DNS zone that should be used + """ + return pulumi.get(self, "hosted_zone_name") + + @hosted_zone_name.setter + def hosted_zone_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_name", value) + + @property + @pulumi.getter(name="managedIdentity") + def managed_identity(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs']]: + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + return pulumi.get(self, "managed_identity") + + @managed_identity.setter + def managed_identity(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs']]): + pulumi.set(self, "managed_identity", value) + + @property + @pulumi.getter(name="tenantID") + def tenant_id(self) -> Optional[pulumi.Input[str]]: + """ + Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + return pulumi.get(self, "tenant_id") + + @tenant_id.setter + def tenant_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tenant_id", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01CloudDnsArgs: + def __init__(__self__, *, + project: pulumi.Input[str], + hosted_zone_name: Optional[pulumi.Input[str]] = None, + service_account_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs']] = None): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + :param pulumi.Input[str] hosted_zone_name: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs'] service_account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "project", project) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if service_account_secret_ref is not None: + pulumi.set(__self__, "service_account_secret_ref", service_account_secret_ref) + + @property + @pulumi.getter + def project(self) -> pulumi.Input[str]: + return pulumi.get(self, "project") + + @project.setter + def project(self, value: pulumi.Input[str]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[pulumi.Input[str]]: + """ + HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + """ + return pulumi.get(self, "hosted_zone_name") + + @hosted_zone_name.setter + def hosted_zone_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_name", value) + + @property + @pulumi.getter(name="serviceAccountSecretRef") + def service_account_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs']]: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "service_account_secret_ref") + + @service_account_secret_ref.setter + def service_account_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs']]): + pulumi.set(self, "service_account_secret_ref", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + API token used to authenticate with Cloudflare. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01CloudflareArgs: + def __init__(__self__, *, + api_key_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs']] = None, + api_token_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs']] = None, + email: Optional[pulumi.Input[str]] = None): + """ + Use the Cloudflare API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs'] api_key_secret_ref: API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs'] api_token_secret_ref: API token used to authenticate with Cloudflare. + :param pulumi.Input[str] email: Email of the account, only required when using API key based authentication. + """ + if api_key_secret_ref is not None: + pulumi.set(__self__, "api_key_secret_ref", api_key_secret_ref) + if api_token_secret_ref is not None: + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if email is not None: + pulumi.set(__self__, "email", email) + + @property + @pulumi.getter(name="apiKeySecretRef") + def api_key_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs']]: + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + return pulumi.get(self, "api_key_secret_ref") + + @api_key_secret_ref.setter + def api_key_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs']]): + pulumi.set(self, "api_key_secret_ref", value) + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs']]: + """ + API token used to authenticate with Cloudflare. + """ + return pulumi.get(self, "api_token_secret_ref") + + @api_token_secret_ref.setter + def api_token_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs']]): + pulumi.set(self, "api_token_secret_ref", value) + + @property + @pulumi.getter + def email(self) -> Optional[pulumi.Input[str]]: + """ + Email of the account, only required when using API key based authentication. + """ + return pulumi.get(self, "email") + + @email.setter + def email(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "email", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01DigitaloceanArgs: + def __init__(__self__, *, + token_secret_ref: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs']): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs'] token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "token_secret_ref") + + @token_secret_ref.setter + def token_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs']): + pulumi.set(self, "token_secret_ref", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01Rfc2136Args: + def __init__(__self__, *, + nameserver: pulumi.Input[str], + tsig_algorithm: Optional[pulumi.Input[str]] = None, + tsig_key_name: Optional[pulumi.Input[str]] = None, + tsig_secret_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs']] = None): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param pulumi.Input[str] nameserver: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + :param pulumi.Input[str] tsig_algorithm: The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + :param pulumi.Input[str] tsig_key_name: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs'] tsig_secret_secret_ref: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + pulumi.set(__self__, "nameserver", nameserver) + if tsig_algorithm is not None: + pulumi.set(__self__, "tsig_algorithm", tsig_algorithm) + if tsig_key_name is not None: + pulumi.set(__self__, "tsig_key_name", tsig_key_name) + if tsig_secret_secret_ref is not None: + pulumi.set(__self__, "tsig_secret_secret_ref", tsig_secret_secret_ref) + + @property + @pulumi.getter + def nameserver(self) -> pulumi.Input[str]: + """ + The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + """ + return pulumi.get(self, "nameserver") + + @nameserver.setter + def nameserver(self, value: pulumi.Input[str]): + pulumi.set(self, "nameserver", value) + + @property + @pulumi.getter(name="tsigAlgorithm") + def tsig_algorithm(self) -> Optional[pulumi.Input[str]]: + """ + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + """ + return pulumi.get(self, "tsig_algorithm") + + @tsig_algorithm.setter + def tsig_algorithm(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tsig_algorithm", value) + + @property + @pulumi.getter(name="tsigKeyName") + def tsig_key_name(self) -> Optional[pulumi.Input[str]]: + """ + The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_key_name") + + @tsig_key_name.setter + def tsig_key_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tsig_key_name", value) + + @property + @pulumi.getter(name="tsigSecretSecretRef") + def tsig_secret_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs']]: + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_secret_secret_ref") + + @tsig_secret_secret_ref.setter + def tsig_secret_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs']]): + pulumi.set(self, "tsig_secret_secret_ref", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01Route53Args: + def __init__(__self__, *, + region: pulumi.Input[str], + access_key_id: Optional[pulumi.Input[str]] = None, + access_key_id_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs']] = None, + hosted_zone_id: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + secret_access_key_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs']] = None): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + :param pulumi.Input[str] region: Always set the region when using AccessKeyID and SecretAccessKey + :param pulumi.Input[str] access_key_id: The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs'] access_key_id_secret_ref: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] hosted_zone_id: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + :param pulumi.Input[str] role: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs'] secret_access_key_secret_ref: The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + pulumi.set(__self__, "region", region) + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if access_key_id_secret_ref is not None: + pulumi.set(__self__, "access_key_id_secret_ref", access_key_id_secret_ref) + if hosted_zone_id is not None: + pulumi.set(__self__, "hosted_zone_id", hosted_zone_id) + if role is not None: + pulumi.set(__self__, "role", role) + if secret_access_key_secret_ref is not None: + pulumi.set(__self__, "secret_access_key_secret_ref", secret_access_key_secret_ref) + + @property + @pulumi.getter + def region(self) -> pulumi.Input[str]: + """ + Always set the region when using AccessKeyID and SecretAccessKey + """ + return pulumi.get(self, "region") + + @region.setter + def region(self, value: pulumi.Input[str]): + pulumi.set(self, "region", value) + + @property + @pulumi.getter(name="accessKeyID") + def access_key_id(self) -> Optional[pulumi.Input[str]]: + """ + The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id") + + @access_key_id.setter + def access_key_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_key_id", value) + + @property + @pulumi.getter(name="accessKeyIDSecretRef") + def access_key_id_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs']]: + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id_secret_ref") + + @access_key_id_secret_ref.setter + def access_key_id_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs']]): + pulumi.set(self, "access_key_id_secret_ref", value) + + @property + @pulumi.getter(name="hostedZoneID") + def hosted_zone_id(self) -> Optional[pulumi.Input[str]]: + """ + If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + """ + return pulumi.get(self, "hosted_zone_id") + + @hosted_zone_id.setter + def hosted_zone_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_id", value) + + @property + @pulumi.getter + def role(self) -> Optional[pulumi.Input[str]]: + """ + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter(name="secretAccessKeySecretRef") + def secret_access_key_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs']]: + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "secret_access_key_secret_ref") + + @secret_access_key_secret_ref.setter + def secret_access_key_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs']]): + pulumi.set(self, "secret_access_key_secret_ref", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01WebhookArgs: + def __init__(__self__, *, + group_name: pulumi.Input[str], + solver_name: pulumi.Input[str], + config: Optional[pulumi.Input[Mapping[str, Any]]] = None): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + :param pulumi.Input[str] group_name: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + :param pulumi.Input[str] solver_name: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + :param pulumi.Input[Mapping[str, Any]] config: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + pulumi.set(__self__, "group_name", group_name) + pulumi.set(__self__, "solver_name", solver_name) + if config is not None: + pulumi.set(__self__, "config", config) + + @property + @pulumi.getter(name="groupName") + def group_name(self) -> pulumi.Input[str]: + """ + The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + """ + return pulumi.get(self, "group_name") + + @group_name.setter + def group_name(self, value: pulumi.Input[str]): + pulumi.set(self, "group_name", value) + + @property + @pulumi.getter(name="solverName") + def solver_name(self) -> pulumi.Input[str]: + """ + The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + """ + return pulumi.get(self, "solver_name") + + @solver_name.setter + def solver_name(self, value: pulumi.Input[str]): + pulumi.set(self, "solver_name", value) + + @property + @pulumi.getter + def config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + return pulumi.get(self, "config") + + @config.setter + def config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "config", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversDns01Args: + def __init__(__self__, *, + acme_dns: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsArgs']] = None, + akamai: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiArgs']] = None, + azure_dns: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsArgs']] = None, + cloud_dns: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsArgs']] = None, + cloudflare: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareArgs']] = None, + cname_strategy: Optional[pulumi.Input[str]] = None, + digitalocean: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanArgs']] = None, + rfc2136: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136Args']] = None, + route53: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53Args']] = None, + webhook: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01WebhookArgs']] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsArgs'] acme_dns: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiArgs'] akamai: Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsArgs'] azure_dns: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsArgs'] cloud_dns: Use the Google Cloud DNS API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareArgs'] cloudflare: Use the Cloudflare API to manage DNS01 challenge records. + :param pulumi.Input[str] cname_strategy: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanArgs'] digitalocean: Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136Args'] rfc2136: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53Args'] route53: Use the AWS Route53 API to manage DNS01 challenge records. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01WebhookArgs'] webhook: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + if acme_dns is not None: + pulumi.set(__self__, "acme_dns", acme_dns) + if akamai is not None: + pulumi.set(__self__, "akamai", akamai) + if azure_dns is not None: + pulumi.set(__self__, "azure_dns", azure_dns) + if cloud_dns is not None: + pulumi.set(__self__, "cloud_dns", cloud_dns) + if cloudflare is not None: + pulumi.set(__self__, "cloudflare", cloudflare) + if cname_strategy is not None: + pulumi.set(__self__, "cname_strategy", cname_strategy) + if digitalocean is not None: + pulumi.set(__self__, "digitalocean", digitalocean) + if rfc2136 is not None: + pulumi.set(__self__, "rfc2136", rfc2136) + if route53 is not None: + pulumi.set(__self__, "route53", route53) + if webhook is not None: + pulumi.set(__self__, "webhook", webhook) + + @property + @pulumi.getter(name="acmeDNS") + def acme_dns(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsArgs']]: + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + return pulumi.get(self, "acme_dns") + + @acme_dns.setter + def acme_dns(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AcmeDnsArgs']]): + pulumi.set(self, "acme_dns", value) + + @property + @pulumi.getter + def akamai(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiArgs']]: + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + return pulumi.get(self, "akamai") + + @akamai.setter + def akamai(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AkamaiArgs']]): + pulumi.set(self, "akamai", value) + + @property + @pulumi.getter(name="azureDNS") + def azure_dns(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsArgs']]: + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "azure_dns") + + @azure_dns.setter + def azure_dns(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01AzureDnsArgs']]): + pulumi.set(self, "azure_dns", value) + + @property + @pulumi.getter(name="cloudDNS") + def cloud_dns(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsArgs']]: + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloud_dns") + + @cloud_dns.setter + def cloud_dns(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudDnsArgs']]): + pulumi.set(self, "cloud_dns", value) + + @property + @pulumi.getter + def cloudflare(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareArgs']]: + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloudflare") + + @cloudflare.setter + def cloudflare(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01CloudflareArgs']]): + pulumi.set(self, "cloudflare", value) + + @property + @pulumi.getter(name="cnameStrategy") + def cname_strategy(self) -> Optional[pulumi.Input[str]]: + """ + CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + """ + return pulumi.get(self, "cname_strategy") + + @cname_strategy.setter + def cname_strategy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cname_strategy", value) + + @property + @pulumi.getter + def digitalocean(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanArgs']]: + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "digitalocean") + + @digitalocean.setter + def digitalocean(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01DigitaloceanArgs']]): + pulumi.set(self, "digitalocean", value) + + @property + @pulumi.getter + def rfc2136(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136Args']]: + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + return pulumi.get(self, "rfc2136") + + @rfc2136.setter + def rfc2136(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Rfc2136Args']]): + pulumi.set(self, "rfc2136", value) + + @property + @pulumi.getter + def route53(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53Args']]: + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + return pulumi.get(self, "route53") + + @route53.setter + def route53(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Route53Args']]): + pulumi.set(self, "route53", value) + + @property + @pulumi.getter + def webhook(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01WebhookArgs']]: + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + return pulumi.get(self, "webhook") + + @webhook.setter + def webhook(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01WebhookArgs']]): + pulumi.set(self, "webhook", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + group: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + port: Optional[pulumi.Input[int]] = None, + section_name: Optional[pulumi.Input[str]] = None): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + :param pulumi.Input[str] name: Name is the name of the referent. + Support: Core + :param pulumi.Input[str] group: Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + :param pulumi.Input[str] kind: Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + :param pulumi.Input[str] namespace: Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + :param pulumi.Input[int] port: Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + :param pulumi.Input[str] section_name: SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + pulumi.set(__self__, "name", name) + if group is None: + group = 'gateway.networking.k8s.io' + if group is not None: + pulumi.set(__self__, "group", group) + if kind is None: + kind = 'Gateway' + if kind is not None: + pulumi.set(__self__, "kind", kind) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if port is not None: + pulumi.set(__self__, "port", port) + if section_name is not None: + pulumi.set(__self__, "section_name", section_name) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name is the name of the referent. + Support: Core + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def group(self) -> Optional[pulumi.Input[str]]: + """ + Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + """ + return pulumi.get(self, "group") + + @group.setter + def group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter + def port(self) -> Optional[pulumi.Input[int]]: + """ + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + """ + return pulumi.get(self, "port") + + @port.setter + def port(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "port", value) + + @property + @pulumi.getter(name="sectionName") + def section_name(self) -> Optional[pulumi.Input[str]]: + """ + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + return pulumi.get(self, "section_name") + + @section_name.setter + def section_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "section_name", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteArgs: + def __init__(__self__, *, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + parent_refs: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]]] = None, + service_type: Optional[pulumi.Input[str]] = None): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]] parent_refs: When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + :param pulumi.Input[str] service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if labels is not None: + pulumi.set(__self__, "labels", labels) + if parent_refs is not None: + pulumi.set(__self__, "parent_refs", parent_refs) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter(name="parentRefs") + def parent_refs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]]]: + """ + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + """ + return pulumi.get(self, "parent_refs") + + @parent_refs.setter + def parent_refs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]]]): + pulumi.set(self, "parent_refs", value) + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[pulumi.Input[str]]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + @service_type.setter + def service_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_type", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] annotations: Annotations that should be added to the created ACME HTTP01 solver ingress. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels that should be added to the created ACME HTTP01 solver ingress. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Annotations that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Labels that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs: + def __init__(__self__, *, + metadata: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs']] = None): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs'] metadata: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs']]: + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs']]): + pulumi.set(self, "metadata", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] annotations: Annotations that should be added to the create ACME HTTP01 solver pods. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels that should be added to the created ACME HTTP01 solver pods. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Annotations that should be added to the create ACME HTTP01 solver pods. + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Labels that should be added to the created ACME HTTP01 solver pods. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]] = None, + match_fields: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]] = None): + """ + A node selector term, associated with the corresponding weight. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]] match_expressions: A list of node selector requirements by node's labels. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + @match_fields.setter + def match_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]]): + pulumi.set(self, "match_fields", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + preference: pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs'], + weight: pulumi.Input[int]): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs'] preference: A node selector term, associated with the corresponding weight. + :param pulumi.Input[int] weight: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + pulumi.set(__self__, "preference", preference) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter + def preference(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs']: + """ + A node selector term, associated with the corresponding weight. + """ + return pulumi.get(self, "preference") + + @preference.setter + def preference(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs']): + pulumi.set(self, "preference", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]] = None, + match_fields: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]] = None): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]] match_expressions: A list of node selector requirements by node's labels. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + @match_fields.setter + def match_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]]): + pulumi.set(self, "match_fields", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + node_selector_terms: pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]] node_selector_terms: Required. A list of node selector terms. The terms are ORed. + """ + pulumi.set(__self__, "node_selector_terms", node_selector_terms) + + @property + @pulumi.getter(name="nodeSelectorTerms") + def node_selector_terms(self) -> pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]: + """ + Required. A list of node selector terms. The terms are ORed. + """ + return pulumi.get(self, "node_selector_terms") + + @node_selector_terms.setter + def node_selector_terms(self, value: pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]): + pulumi.set(self, "node_selector_terms", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']] = None): + """ + Describes node affinity scheduling rules for the pod. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + pod_affinity_term: pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'], + weight: pulumi.Input[int]): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'] pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[int] weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']: + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @pod_affinity_term.setter + def pod_affinity_term(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']): + pulumi.set(self, "pod_affinity_term", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + pod_affinity_term: pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'], + weight: pulumi.Input[int]): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'] pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[int] weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']: + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @pod_affinity_term.setter + def pod_affinity_term(self, value: pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']): + pulumi.set(self, "pod_affinity_term", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]] required_during_scheduling_ignored_during_execution: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs: + def __init__(__self__, *, + node_affinity: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']] = None, + pod_affinity: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']] = None, + pod_anti_affinity: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']] = None): + """ + If specified, the pod's scheduling constraints + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs'] node_affinity: Describes node affinity scheduling rules for the pod. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs'] pod_affinity: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs'] pod_anti_affinity: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + if node_affinity is not None: + pulumi.set(__self__, "node_affinity", node_affinity) + if pod_affinity is not None: + pulumi.set(__self__, "pod_affinity", pod_affinity) + if pod_anti_affinity is not None: + pulumi.set(__self__, "pod_anti_affinity", pod_anti_affinity) + + @property + @pulumi.getter(name="nodeAffinity") + def node_affinity(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']]: + """ + Describes node affinity scheduling rules for the pod. + """ + return pulumi.get(self, "node_affinity") + + @node_affinity.setter + def node_affinity(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']]): + pulumi.set(self, "node_affinity", value) + + @property + @pulumi.getter(name="podAffinity") + def pod_affinity(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']]: + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_affinity") + + @pod_affinity.setter + def pod_affinity(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']]): + pulumi.set(self, "pod_affinity", value) + + @property + @pulumi.getter(name="podAntiAffinity") + def pod_anti_affinity(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']]: + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_anti_affinity") + + @pod_anti_affinity.setter + def pod_anti_affinity(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']]): + pulumi.set(self, "pod_anti_affinity", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs: + def __init__(__self__, *, + name: Optional[pulumi.Input[str]] = None): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + :param pulumi.Input[str] name: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs: + def __init__(__self__, *, + effect: Optional[pulumi.Input[str]] = None, + key: Optional[pulumi.Input[str]] = None, + operator: Optional[pulumi.Input[str]] = None, + toleration_seconds: Optional[pulumi.Input[int]] = None, + value: Optional[pulumi.Input[str]] = None): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + :param pulumi.Input[str] effect: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + :param pulumi.Input[str] key: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + :param pulumi.Input[str] operator: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + :param pulumi.Input[int] toleration_seconds: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + :param pulumi.Input[str] value: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + if effect is not None: + pulumi.set(__self__, "effect", effect) + if key is not None: + pulumi.set(__self__, "key", key) + if operator is not None: + pulumi.set(__self__, "operator", operator) + if toleration_seconds is not None: + pulumi.set(__self__, "toleration_seconds", toleration_seconds) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def effect(self) -> Optional[pulumi.Input[str]]: + """ + Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + """ + return pulumi.get(self, "effect") + + @effect.setter + def effect(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "effect", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> Optional[pulumi.Input[str]]: + """ + Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter(name="tolerationSeconds") + def toleration_seconds(self) -> Optional[pulumi.Input[int]]: + """ + TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + """ + return pulumi.get(self, "toleration_seconds") + + @toleration_seconds.setter + def toleration_seconds(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "toleration_seconds", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + """ + Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs: + def __init__(__self__, *, + affinity: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs']] = None, + image_pull_secrets: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]] = None, + node_selector: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + priority_class_name: Optional[pulumi.Input[str]] = None, + service_account_name: Optional[pulumi.Input[str]] = None, + tolerations: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]]] = None): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs'] affinity: If specified, the pod's scheduling constraints + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]] image_pull_secrets: If specified, the pod's imagePullSecrets + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] node_selector: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + :param pulumi.Input[str] priority_class_name: If specified, the pod's priorityClassName. + :param pulumi.Input[str] service_account_name: If specified, the pod's service account + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]] tolerations: If specified, the pod's tolerations. + """ + if affinity is not None: + pulumi.set(__self__, "affinity", affinity) + if image_pull_secrets is not None: + pulumi.set(__self__, "image_pull_secrets", image_pull_secrets) + if node_selector is not None: + pulumi.set(__self__, "node_selector", node_selector) + if priority_class_name is not None: + pulumi.set(__self__, "priority_class_name", priority_class_name) + if service_account_name is not None: + pulumi.set(__self__, "service_account_name", service_account_name) + if tolerations is not None: + pulumi.set(__self__, "tolerations", tolerations) + + @property + @pulumi.getter + def affinity(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs']]: + """ + If specified, the pod's scheduling constraints + """ + return pulumi.get(self, "affinity") + + @affinity.setter + def affinity(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs']]): + pulumi.set(self, "affinity", value) + + @property + @pulumi.getter(name="imagePullSecrets") + def image_pull_secrets(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]]: + """ + If specified, the pod's imagePullSecrets + """ + return pulumi.get(self, "image_pull_secrets") + + @image_pull_secrets.setter + def image_pull_secrets(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]]): + pulumi.set(self, "image_pull_secrets", value) + + @property + @pulumi.getter(name="nodeSelector") + def node_selector(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + """ + return pulumi.get(self, "node_selector") + + @node_selector.setter + def node_selector(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "node_selector", value) + + @property + @pulumi.getter(name="priorityClassName") + def priority_class_name(self) -> Optional[pulumi.Input[str]]: + """ + If specified, the pod's priorityClassName. + """ + return pulumi.get(self, "priority_class_name") + + @priority_class_name.setter + def priority_class_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "priority_class_name", value) + + @property + @pulumi.getter(name="serviceAccountName") + def service_account_name(self) -> Optional[pulumi.Input[str]]: + """ + If specified, the pod's service account + """ + return pulumi.get(self, "service_account_name") + + @service_account_name.setter + def service_account_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_account_name", value) + + @property + @pulumi.getter + def tolerations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]]]: + """ + If specified, the pod's tolerations. + """ + return pulumi.get(self, "tolerations") + + @tolerations.setter + def tolerations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]]]): + pulumi.set(self, "tolerations", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateArgs: + def __init__(__self__, *, + metadata: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs']] = None, + spec: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs']] = None): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs'] metadata: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs'] spec: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs']]: + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs']]: + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs']]): + pulumi.set(self, "spec", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01IngressArgs: + def __init__(__self__, *, + class_: Optional[pulumi.Input[str]] = None, + ingress_class_name: Optional[pulumi.Input[str]] = None, + ingress_template: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs']] = None, + name: Optional[pulumi.Input[str]] = None, + pod_template: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateArgs']] = None, + service_type: Optional[pulumi.Input[str]] = None): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + :param pulumi.Input[str] class_: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input[str] ingress_class_name: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs'] ingress_template: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param pulumi.Input[str] name: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateArgs'] pod_template: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param pulumi.Input[str] service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if class_ is not None: + pulumi.set(__self__, "class_", class_) + if ingress_class_name is not None: + pulumi.set(__self__, "ingress_class_name", ingress_class_name) + if ingress_template is not None: + pulumi.set(__self__, "ingress_template", ingress_template) + if name is not None: + pulumi.set(__self__, "name", name) + if pod_template is not None: + pulumi.set(__self__, "pod_template", pod_template) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter(name="class") + def class_(self) -> Optional[pulumi.Input[str]]: + """ + This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "class_") + + @class_.setter + def class_(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "class_", value) + + @property + @pulumi.getter(name="ingressClassName") + def ingress_class_name(self) -> Optional[pulumi.Input[str]]: + """ + This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "ingress_class_name") + + @ingress_class_name.setter + def ingress_class_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ingress_class_name", value) + + @property + @pulumi.getter(name="ingressTemplate") + def ingress_template(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs']]: + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + return pulumi.get(self, "ingress_template") + + @ingress_template.setter + def ingress_template(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs']]): + pulumi.set(self, "ingress_template", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="podTemplate") + def pod_template(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateArgs']]: + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + return pulumi.get(self, "pod_template") + + @pod_template.setter + def pod_template(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateArgs']]): + pulumi.set(self, "pod_template", value) + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[pulumi.Input[str]]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + @service_type.setter + def service_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_type", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversHttp01Args: + def __init__(__self__, *, + gateway_http_route: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteArgs']] = None, + ingress: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressArgs']] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteArgs'] gateway_http_route: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressArgs'] ingress: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + if gateway_http_route is not None: + pulumi.set(__self__, "gateway_http_route", gateway_http_route) + if ingress is not None: + pulumi.set(__self__, "ingress", ingress) + + @property + @pulumi.getter(name="gatewayHTTPRoute") + def gateway_http_route(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteArgs']]: + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + return pulumi.get(self, "gateway_http_route") + + @gateway_http_route.setter + def gateway_http_route(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteArgs']]): + pulumi.set(self, "gateway_http_route", value) + + @property + @pulumi.getter + def ingress(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressArgs']]: + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + return pulumi.get(self, "ingress") + + @ingress.setter + def ingress(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01IngressArgs']]): + pulumi.set(self, "ingress", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversSelectorArgs: + def __init__(__self__, *, + dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + dns_zones: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_zones: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if dns_zones is not None: + pulumi.set(__self__, "dns_zones", dns_zones) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_names") + + @dns_names.setter + def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_names", value) + + @property + @pulumi.getter(name="dnsZones") + def dns_zones(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_zones") + + @dns_zones.setter + def dns_zones(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_zones", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeSolversArgs: + def __init__(__self__, *, + dns01: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Args']] = None, + http01: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01Args']] = None, + selector: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversSelectorArgs']] = None): + """ + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Args'] dns01: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01Args'] http01: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param pulumi.Input['ClusterIssuerSpecAcmeSolversSelectorArgs'] selector: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + if dns01 is not None: + pulumi.set(__self__, "dns01", dns01) + if http01 is not None: + pulumi.set(__self__, "http01", http01) + if selector is not None: + pulumi.set(__self__, "selector", selector) + + @property + @pulumi.getter + def dns01(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Args']]: + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + return pulumi.get(self, "dns01") + + @dns01.setter + def dns01(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversDns01Args']]): + pulumi.set(self, "dns01", value) + + @property + @pulumi.getter + def http01(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01Args']]: + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + return pulumi.get(self, "http01") + + @http01.setter + def http01(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversHttp01Args']]): + pulumi.set(self, "http01", value) + + @property + @pulumi.getter + def selector(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversSelectorArgs']]: + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + return pulumi.get(self, "selector") + + @selector.setter + def selector(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeSolversSelectorArgs']]): + pulumi.set(self, "selector", value) + + +@pulumi.input_type +class ClusterIssuerSpecAcmeArgs: + def __init__(__self__, *, + private_key_secret_ref: pulumi.Input['ClusterIssuerSpecAcmePrivateKeySecretRefArgs'], + server: pulumi.Input[str], + ca_bundle: Optional[pulumi.Input[str]] = None, + disable_account_key_generation: Optional[pulumi.Input[bool]] = None, + email: Optional[pulumi.Input[str]] = None, + enable_duration_feature: Optional[pulumi.Input[bool]] = None, + external_account_binding: Optional[pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingArgs']] = None, + preferred_chain: Optional[pulumi.Input[str]] = None, + skip_tls_verify: Optional[pulumi.Input[bool]] = None, + solvers: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversArgs']]]] = None): + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param pulumi.Input['ClusterIssuerSpecAcmePrivateKeySecretRefArgs'] private_key_secret_ref: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param pulumi.Input[str] server: Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + :param pulumi.Input[str] ca_bundle: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + :param pulumi.Input[bool] disable_account_key_generation: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + :param pulumi.Input[str] email: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + :param pulumi.Input[bool] enable_duration_feature: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + :param pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingArgs'] external_account_binding: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param pulumi.Input[str] preferred_chain: PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + :param pulumi.Input[bool] skip_tls_verify: INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversArgs']]] solvers: Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + pulumi.set(__self__, "private_key_secret_ref", private_key_secret_ref) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if disable_account_key_generation is not None: + pulumi.set(__self__, "disable_account_key_generation", disable_account_key_generation) + if email is not None: + pulumi.set(__self__, "email", email) + if enable_duration_feature is not None: + pulumi.set(__self__, "enable_duration_feature", enable_duration_feature) + if external_account_binding is not None: + pulumi.set(__self__, "external_account_binding", external_account_binding) + if preferred_chain is not None: + pulumi.set(__self__, "preferred_chain", preferred_chain) + if skip_tls_verify is not None: + pulumi.set(__self__, "skip_tls_verify", skip_tls_verify) + if solvers is not None: + pulumi.set(__self__, "solvers", solvers) + + @property + @pulumi.getter(name="privateKeySecretRef") + def private_key_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecAcmePrivateKeySecretRefArgs']: + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + """ + return pulumi.get(self, "private_key_secret_ref") + + @private_key_secret_ref.setter + def private_key_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecAcmePrivateKeySecretRefArgs']): + pulumi.set(self, "private_key_secret_ref", value) + + @property + @pulumi.getter + def server(self) -> pulumi.Input[str]: + """ + Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + """ + return pulumi.get(self, "server") + + @server.setter + def server(self, value: pulumi.Input[str]): + pulumi.set(self, "server", value) + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[pulumi.Input[str]]: + """ + Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @ca_bundle.setter + def ca_bundle(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ca_bundle", value) + + @property + @pulumi.getter(name="disableAccountKeyGeneration") + def disable_account_key_generation(self) -> Optional[pulumi.Input[bool]]: + """ + Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + """ + return pulumi.get(self, "disable_account_key_generation") + + @disable_account_key_generation.setter + def disable_account_key_generation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disable_account_key_generation", value) + + @property + @pulumi.getter + def email(self) -> Optional[pulumi.Input[str]]: + """ + Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + """ + return pulumi.get(self, "email") + + @email.setter + def email(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "email", value) + + @property + @pulumi.getter(name="enableDurationFeature") + def enable_duration_feature(self) -> Optional[pulumi.Input[bool]]: + """ + Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + """ + return pulumi.get(self, "enable_duration_feature") + + @enable_duration_feature.setter + def enable_duration_feature(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_duration_feature", value) + + @property + @pulumi.getter(name="externalAccountBinding") + def external_account_binding(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingArgs']]: + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + """ + return pulumi.get(self, "external_account_binding") + + @external_account_binding.setter + def external_account_binding(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeExternalAccountBindingArgs']]): + pulumi.set(self, "external_account_binding", value) + + @property + @pulumi.getter(name="preferredChain") + def preferred_chain(self) -> Optional[pulumi.Input[str]]: + """ + PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + """ + return pulumi.get(self, "preferred_chain") + + @preferred_chain.setter + def preferred_chain(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "preferred_chain", value) + + @property + @pulumi.getter(name="skipTLSVerify") + def skip_tls_verify(self) -> Optional[pulumi.Input[bool]]: + """ + INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + """ + return pulumi.get(self, "skip_tls_verify") + + @skip_tls_verify.setter + def skip_tls_verify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "skip_tls_verify", value) + + @property + @pulumi.getter + def solvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversArgs']]]]: + """ + Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + return pulumi.get(self, "solvers") + + @solvers.setter + def solvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerSpecAcmeSolversArgs']]]]): + pulumi.set(self, "solvers", value) + + +@pulumi.input_type +class ClusterIssuerSpecCaArgs: + def __init__(__self__, *, + secret_name: pulumi.Input[str], + crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + issuing_certificate_urls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param pulumi.Input[str] secret_name: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificate_urls: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + pulumi.set(__self__, "secret_name", secret_name) + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + if issuing_certificate_urls is not None: + pulumi.set(__self__, "issuing_certificate_urls", issuing_certificate_urls) + if ocsp_servers is not None: + pulumi.set(__self__, "ocsp_servers", ocsp_servers) + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> pulumi.Input[str]: + """ + SecretName is the name of the secret used to sign Certificates issued by this Issuer. + """ + return pulumi.get(self, "secret_name") + + @secret_name.setter + def secret_name(self, value: pulumi.Input[str]): + pulumi.set(self, "secret_name", value) + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + """ + return pulumi.get(self, "crl_distribution_points") + + @crl_distribution_points.setter + def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "crl_distribution_points", value) + + @property + @pulumi.getter(name="issuingCertificateURLs") + def issuing_certificate_urls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + """ + return pulumi.get(self, "issuing_certificate_urls") + + @issuing_certificate_urls.setter + def issuing_certificate_urls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "issuing_certificate_urls", value) + + @property + @pulumi.getter(name="ocspServers") + def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + return pulumi.get(self, "ocsp_servers") + + @ocsp_servers.setter + def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ocsp_servers", value) + + +@pulumi.input_type +class ClusterIssuerSpecSelfSignedArgs: + def __init__(__self__, *, + crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + return pulumi.get(self, "crl_distribution_points") + + @crl_distribution_points.setter + def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "crl_distribution_points", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultAuthAppRoleSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultAuthAppRoleArgs: + def __init__(__self__, *, + path: pulumi.Input[str], + role_id: pulumi.Input[str], + secret_ref: pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleSecretRefArgs']): + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param pulumi.Input[str] path: Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + :param pulumi.Input[str] role_id: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + :param pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleSecretRefArgs'] secret_ref: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "role_id", role_id) + pulumi.set(__self__, "secret_ref", secret_ref) + + @property + @pulumi.getter + def path(self) -> pulumi.Input[str]: + """ + Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + """ + return pulumi.get(self, "path") + + @path.setter + def path(self, value: pulumi.Input[str]): + pulumi.set(self, "path", value) + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> pulumi.Input[str]: + """ + RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + """ + return pulumi.get(self, "role_id") + + @role_id.setter + def role_id(self, value: pulumi.Input[str]): + pulumi.set(self, "role_id", value) + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleSecretRefArgs']: + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + return pulumi.get(self, "secret_ref") + + @secret_ref.setter + def secret_ref(self, value: pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleSecretRefArgs']): + pulumi.set(self, "secret_ref", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultAuthKubernetesSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultAuthKubernetesServiceAccountRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str]): + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + :param pulumi.Input[str] name: Name of the ServiceAccount used to request a token. + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the ServiceAccount used to request a token. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultAuthKubernetesArgs: + def __init__(__self__, *, + role: pulumi.Input[str], + mount_path: Optional[pulumi.Input[str]] = None, + secret_ref: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesSecretRefArgs']] = None, + service_account_ref: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesServiceAccountRefArgs']] = None): + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param pulumi.Input[str] role: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + :param pulumi.Input[str] mount_path: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + :param pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesSecretRefArgs'] secret_ref: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesServiceAccountRefArgs'] service_account_ref: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + pulumi.set(__self__, "role", role) + if mount_path is not None: + pulumi.set(__self__, "mount_path", mount_path) + if secret_ref is not None: + pulumi.set(__self__, "secret_ref", secret_ref) + if service_account_ref is not None: + pulumi.set(__self__, "service_account_ref", service_account_ref) + + @property + @pulumi.getter + def role(self) -> pulumi.Input[str]: + """ + A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: pulumi.Input[str]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter(name="mountPath") + def mount_path(self) -> Optional[pulumi.Input[str]]: + """ + The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + """ + return pulumi.get(self, "mount_path") + + @mount_path.setter + def mount_path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "mount_path", value) + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesSecretRefArgs']]: + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + """ + return pulumi.get(self, "secret_ref") + + @secret_ref.setter + def secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesSecretRefArgs']]): + pulumi.set(self, "secret_ref", value) + + @property + @pulumi.getter(name="serviceAccountRef") + def service_account_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesServiceAccountRefArgs']]: + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + return pulumi.get(self, "service_account_ref") + + @service_account_ref.setter + def service_account_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesServiceAccountRefArgs']]): + pulumi.set(self, "service_account_ref", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultAuthTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + TokenSecretRef authenticates with Vault by presenting a token. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultAuthArgs: + def __init__(__self__, *, + app_role: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleArgs']] = None, + kubernetes: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesArgs']] = None, + token_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthTokenSecretRefArgs']] = None): + """ + Auth configures how cert-manager authenticates with the Vault server. + :param pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleArgs'] app_role: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesArgs'] kubernetes: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param pulumi.Input['ClusterIssuerSpecVaultAuthTokenSecretRefArgs'] token_secret_ref: TokenSecretRef authenticates with Vault by presenting a token. + """ + if app_role is not None: + pulumi.set(__self__, "app_role", app_role) + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if token_secret_ref is not None: + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="appRole") + def app_role(self) -> Optional[pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleArgs']]: + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + """ + return pulumi.get(self, "app_role") + + @app_role.setter + def app_role(self, value: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthAppRoleArgs']]): + pulumi.set(self, "app_role", value) + + @property + @pulumi.getter + def kubernetes(self) -> Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesArgs']]: + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + """ + return pulumi.get(self, "kubernetes") + + @kubernetes.setter + def kubernetes(self, value: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthKubernetesArgs']]): + pulumi.set(self, "kubernetes", value) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecVaultAuthTokenSecretRefArgs']]: + """ + TokenSecretRef authenticates with Vault by presenting a token. + """ + return pulumi.get(self, "token_secret_ref") + + @token_secret_ref.setter + def token_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecVaultAuthTokenSecretRefArgs']]): + pulumi.set(self, "token_secret_ref", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultCaBundleSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecVaultArgs: + def __init__(__self__, *, + auth: pulumi.Input['ClusterIssuerSpecVaultAuthArgs'], + path: pulumi.Input[str], + server: pulumi.Input[str], + ca_bundle: Optional[pulumi.Input[str]] = None, + ca_bundle_secret_ref: Optional[pulumi.Input['ClusterIssuerSpecVaultCaBundleSecretRefArgs']] = None, + namespace: Optional[pulumi.Input[str]] = None): + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param pulumi.Input['ClusterIssuerSpecVaultAuthArgs'] auth: Auth configures how cert-manager authenticates with the Vault server. + :param pulumi.Input[str] path: Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + :param pulumi.Input[str] server: Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + :param pulumi.Input[str] ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + :param pulumi.Input['ClusterIssuerSpecVaultCaBundleSecretRefArgs'] ca_bundle_secret_ref: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param pulumi.Input[str] namespace: Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + pulumi.set(__self__, "auth", auth) + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if ca_bundle_secret_ref is not None: + pulumi.set(__self__, "ca_bundle_secret_ref", ca_bundle_secret_ref) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + + @property + @pulumi.getter + def auth(self) -> pulumi.Input['ClusterIssuerSpecVaultAuthArgs']: + """ + Auth configures how cert-manager authenticates with the Vault server. + """ + return pulumi.get(self, "auth") + + @auth.setter + def auth(self, value: pulumi.Input['ClusterIssuerSpecVaultAuthArgs']): + pulumi.set(self, "auth", value) + + @property + @pulumi.getter + def path(self) -> pulumi.Input[str]: + """ + Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + """ + return pulumi.get(self, "path") + + @path.setter + def path(self, value: pulumi.Input[str]): + pulumi.set(self, "path", value) + + @property + @pulumi.getter + def server(self) -> pulumi.Input[str]: + """ + Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + """ + return pulumi.get(self, "server") + + @server.setter + def server(self, value: pulumi.Input[str]): + pulumi.set(self, "server", value) + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[pulumi.Input[str]]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @ca_bundle.setter + def ca_bundle(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ca_bundle", value) + + @property + @pulumi.getter(name="caBundleSecretRef") + def ca_bundle_secret_ref(self) -> Optional[pulumi.Input['ClusterIssuerSpecVaultCaBundleSecretRefArgs']]: + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + """ + return pulumi.get(self, "ca_bundle_secret_ref") + + @ca_bundle_secret_ref.setter + def ca_bundle_secret_ref(self, value: Optional[pulumi.Input['ClusterIssuerSpecVaultCaBundleSecretRefArgs']]): + pulumi.set(self, "ca_bundle_secret_ref", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + +@pulumi.input_type +class ClusterIssuerSpecVenafiCloudApiTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class ClusterIssuerSpecVenafiCloudArgs: + def __init__(__self__, *, + api_token_secret_ref: pulumi.Input['ClusterIssuerSpecVenafiCloudApiTokenSecretRefArgs'], + url: Optional[pulumi.Input[str]] = None): + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param pulumi.Input['ClusterIssuerSpecVenafiCloudApiTokenSecretRefArgs'] api_token_secret_ref: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param pulumi.Input[str] url: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> pulumi.Input['ClusterIssuerSpecVenafiCloudApiTokenSecretRefArgs']: + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + """ + return pulumi.get(self, "api_token_secret_ref") + + @api_token_secret_ref.setter + def api_token_secret_ref(self, value: pulumi.Input['ClusterIssuerSpecVenafiCloudApiTokenSecretRefArgs']): + pulumi.set(self, "api_token_secret_ref", value) + + @property + @pulumi.getter + def url(self) -> Optional[pulumi.Input[str]]: + """ + URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "url", value) + + +@pulumi.input_type +class ClusterIssuerSpecVenafiTppCredentialsRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str]): + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class ClusterIssuerSpecVenafiTppArgs: + def __init__(__self__, *, + credentials_ref: pulumi.Input['ClusterIssuerSpecVenafiTppCredentialsRefArgs'], + url: pulumi.Input[str], + ca_bundle: Optional[pulumi.Input[str]] = None): + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + :param pulumi.Input['ClusterIssuerSpecVenafiTppCredentialsRefArgs'] credentials_ref: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param pulumi.Input[str] url: URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + :param pulumi.Input[str] ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + pulumi.set(__self__, "credentials_ref", credentials_ref) + pulumi.set(__self__, "url", url) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + + @property + @pulumi.getter(name="credentialsRef") + def credentials_ref(self) -> pulumi.Input['ClusterIssuerSpecVenafiTppCredentialsRefArgs']: + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + """ + return pulumi.get(self, "credentials_ref") + + @credentials_ref.setter + def credentials_ref(self, value: pulumi.Input['ClusterIssuerSpecVenafiTppCredentialsRefArgs']): + pulumi.set(self, "credentials_ref", value) + + @property + @pulumi.getter + def url(self) -> pulumi.Input[str]: + """ + URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: pulumi.Input[str]): + pulumi.set(self, "url", value) + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[pulumi.Input[str]]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + return pulumi.get(self, "ca_bundle") + + @ca_bundle.setter + def ca_bundle(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ca_bundle", value) + + +@pulumi.input_type +class ClusterIssuerSpecVenafiArgs: + def __init__(__self__, *, + zone: pulumi.Input[str], + cloud: Optional[pulumi.Input['ClusterIssuerSpecVenafiCloudArgs']] = None, + tpp: Optional[pulumi.Input['ClusterIssuerSpecVenafiTppArgs']] = None): + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + :param pulumi.Input[str] zone: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + :param pulumi.Input['ClusterIssuerSpecVenafiCloudArgs'] cloud: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param pulumi.Input['ClusterIssuerSpecVenafiTppArgs'] tpp: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + pulumi.set(__self__, "zone", zone) + if cloud is not None: + pulumi.set(__self__, "cloud", cloud) + if tpp is not None: + pulumi.set(__self__, "tpp", tpp) + + @property + @pulumi.getter + def zone(self) -> pulumi.Input[str]: + """ + Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + """ + return pulumi.get(self, "zone") + + @zone.setter + def zone(self, value: pulumi.Input[str]): + pulumi.set(self, "zone", value) + + @property + @pulumi.getter + def cloud(self) -> Optional[pulumi.Input['ClusterIssuerSpecVenafiCloudArgs']]: + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "cloud") + + @cloud.setter + def cloud(self, value: Optional[pulumi.Input['ClusterIssuerSpecVenafiCloudArgs']]): + pulumi.set(self, "cloud", value) + + @property + @pulumi.getter + def tpp(self) -> Optional[pulumi.Input['ClusterIssuerSpecVenafiTppArgs']]: + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "tpp") + + @tpp.setter + def tpp(self, value: Optional[pulumi.Input['ClusterIssuerSpecVenafiTppArgs']]): + pulumi.set(self, "tpp", value) + + +@pulumi.input_type +class ClusterIssuerSpecArgs: + def __init__(__self__, *, + acme: Optional[pulumi.Input['ClusterIssuerSpecAcmeArgs']] = None, + ca: Optional[pulumi.Input['ClusterIssuerSpecCaArgs']] = None, + self_signed: Optional[pulumi.Input['ClusterIssuerSpecSelfSignedArgs']] = None, + vault: Optional[pulumi.Input['ClusterIssuerSpecVaultArgs']] = None, + venafi: Optional[pulumi.Input['ClusterIssuerSpecVenafiArgs']] = None): + """ + Desired state of the ClusterIssuer resource. + :param pulumi.Input['ClusterIssuerSpecAcmeArgs'] acme: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param pulumi.Input['ClusterIssuerSpecCaArgs'] ca: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param pulumi.Input['ClusterIssuerSpecSelfSignedArgs'] self_signed: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param pulumi.Input['ClusterIssuerSpecVaultArgs'] vault: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param pulumi.Input['ClusterIssuerSpecVenafiArgs'] venafi: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if ca is not None: + pulumi.set(__self__, "ca", ca) + if self_signed is not None: + pulumi.set(__self__, "self_signed", self_signed) + if vault is not None: + pulumi.set(__self__, "vault", vault) + if venafi is not None: + pulumi.set(__self__, "venafi", venafi) + + @property + @pulumi.getter + def acme(self) -> Optional[pulumi.Input['ClusterIssuerSpecAcmeArgs']]: + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + """ + return pulumi.get(self, "acme") + + @acme.setter + def acme(self, value: Optional[pulumi.Input['ClusterIssuerSpecAcmeArgs']]): + pulumi.set(self, "acme", value) + + @property + @pulumi.getter + def ca(self) -> Optional[pulumi.Input['ClusterIssuerSpecCaArgs']]: + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + """ + return pulumi.get(self, "ca") + + @ca.setter + def ca(self, value: Optional[pulumi.Input['ClusterIssuerSpecCaArgs']]): + pulumi.set(self, "ca", value) + + @property + @pulumi.getter(name="selfSigned") + def self_signed(self) -> Optional[pulumi.Input['ClusterIssuerSpecSelfSignedArgs']]: + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + """ + return pulumi.get(self, "self_signed") + + @self_signed.setter + def self_signed(self, value: Optional[pulumi.Input['ClusterIssuerSpecSelfSignedArgs']]): + pulumi.set(self, "self_signed", value) + + @property + @pulumi.getter + def vault(self) -> Optional[pulumi.Input['ClusterIssuerSpecVaultArgs']]: + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + """ + return pulumi.get(self, "vault") + + @vault.setter + def vault(self, value: Optional[pulumi.Input['ClusterIssuerSpecVaultArgs']]): + pulumi.set(self, "vault", value) + + @property + @pulumi.getter + def venafi(self) -> Optional[pulumi.Input['ClusterIssuerSpecVenafiArgs']]: + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + return pulumi.get(self, "venafi") + + @venafi.setter + def venafi(self, value: Optional[pulumi.Input['ClusterIssuerSpecVenafiArgs']]): + pulumi.set(self, "venafi", value) + + +@pulumi.input_type +class ClusterIssuerStatusAcmeArgs: + def __init__(__self__, *, + last_private_key_hash: Optional[pulumi.Input[str]] = None, + last_registered_email: Optional[pulumi.Input[str]] = None, + uri: Optional[pulumi.Input[str]] = None): + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param pulumi.Input[str] last_private_key_hash: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param pulumi.Input[str] last_registered_email: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param pulumi.Input[str] uri: URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + if last_private_key_hash is not None: + pulumi.set(__self__, "last_private_key_hash", last_private_key_hash) + if last_registered_email is not None: + pulumi.set(__self__, "last_registered_email", last_registered_email) + if uri is not None: + pulumi.set(__self__, "uri", uri) + + @property + @pulumi.getter(name="lastPrivateKeyHash") + def last_private_key_hash(self) -> Optional[pulumi.Input[str]]: + """ + LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_private_key_hash") + + @last_private_key_hash.setter + def last_private_key_hash(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_private_key_hash", value) + + @property + @pulumi.getter(name="lastRegisteredEmail") + def last_registered_email(self) -> Optional[pulumi.Input[str]]: + """ + LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_registered_email") + + @last_registered_email.setter + def last_registered_email(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_registered_email", value) + + @property + @pulumi.getter + def uri(self) -> Optional[pulumi.Input[str]]: + """ + URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + return pulumi.get(self, "uri") + + @uri.setter + def uri(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "uri", value) + + +@pulumi.input_type +class ClusterIssuerStatusConditionsArgs: + def __init__(__self__, *, + status: pulumi.Input[str], + type: pulumi.Input[str], + last_transition_time: Optional[pulumi.Input[str]] = None, + message: Optional[pulumi.Input[str]] = None, + observed_generation: Optional[pulumi.Input[int]] = None, + reason: Optional[pulumi.Input[str]] = None): + """ + IssuerCondition contains condition information for an Issuer. + :param pulumi.Input[str] status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param pulumi.Input[str] type: Type of the condition, known values are (`Ready`). + :param pulumi.Input[str] last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param pulumi.Input[str] message: Message is a human readable description of the details of the last transition, complementing reason. + :param pulumi.Input[int] observed_generation: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + :param pulumi.Input[str] reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if observed_generation is not None: + pulumi.set(__self__, "observed_generation", observed_generation) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> pulumi.Input[str]: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: pulumi.Input[str]): + pulumi.set(self, "status", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + Type of the condition, known values are (`Ready`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[pulumi.Input[str]]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @last_transition_time.setter + def last_transition_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_transition_time", value) + + @property + @pulumi.getter + def message(self) -> Optional[pulumi.Input[str]]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @message.setter + def message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "message", value) + + @property + @pulumi.getter(name="observedGeneration") + def observed_generation(self) -> Optional[pulumi.Input[int]]: + """ + If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + """ + return pulumi.get(self, "observed_generation") + + @observed_generation.setter + def observed_generation(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "observed_generation", value) + + @property + @pulumi.getter + def reason(self) -> Optional[pulumi.Input[str]]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + @reason.setter + def reason(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "reason", value) + + +@pulumi.input_type +class ClusterIssuerStatusArgs: + def __init__(__self__, *, + acme: Optional[pulumi.Input['ClusterIssuerStatusAcmeArgs']] = None, + conditions: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerStatusConditionsArgs']]]] = None): + """ + Status of the ClusterIssuer. This is set and managed automatically. + :param pulumi.Input['ClusterIssuerStatusAcmeArgs'] acme: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param pulumi.Input[Sequence[pulumi.Input['ClusterIssuerStatusConditionsArgs']]] conditions: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + + @property + @pulumi.getter + def acme(self) -> Optional[pulumi.Input['ClusterIssuerStatusAcmeArgs']]: + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + """ + return pulumi.get(self, "acme") + + @acme.setter + def acme(self, value: Optional[pulumi.Input['ClusterIssuerStatusAcmeArgs']]): + pulumi.set(self, "acme", value) + + @property + @pulumi.getter + def conditions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerStatusConditionsArgs']]]]: + """ + List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + return pulumi.get(self, "conditions") + + @conditions.setter + def conditions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterIssuerStatusConditionsArgs']]]]): + pulumi.set(self, "conditions", value) + + +@pulumi.input_type +class IssuerSpecAcmeExternalAccountBindingKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeExternalAccountBindingArgs: + def __init__(__self__, *, + key_id: pulumi.Input[str], + key_secret_ref: pulumi.Input['IssuerSpecAcmeExternalAccountBindingKeySecretRefArgs'], + key_algorithm: Optional[pulumi.Input[str]] = None): + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param pulumi.Input[str] key_id: keyID is the ID of the CA key that the External Account is bound to. + :param pulumi.Input['IssuerSpecAcmeExternalAccountBindingKeySecretRefArgs'] key_secret_ref: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param pulumi.Input[str] key_algorithm: Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + pulumi.set(__self__, "key_id", key_id) + pulumi.set(__self__, "key_secret_ref", key_secret_ref) + if key_algorithm is not None: + pulumi.set(__self__, "key_algorithm", key_algorithm) + + @property + @pulumi.getter(name="keyID") + def key_id(self) -> pulumi.Input[str]: + """ + keyID is the ID of the CA key that the External Account is bound to. + """ + return pulumi.get(self, "key_id") + + @key_id.setter + def key_id(self, value: pulumi.Input[str]): + pulumi.set(self, "key_id", value) + + @property + @pulumi.getter(name="keySecretRef") + def key_secret_ref(self) -> pulumi.Input['IssuerSpecAcmeExternalAccountBindingKeySecretRefArgs']: + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + """ + return pulumi.get(self, "key_secret_ref") + + @key_secret_ref.setter + def key_secret_ref(self, value: pulumi.Input['IssuerSpecAcmeExternalAccountBindingKeySecretRefArgs']): + pulumi.set(self, "key_secret_ref", value) + + @property + @pulumi.getter(name="keyAlgorithm") + def key_algorithm(self) -> Optional[pulumi.Input[str]]: + """ + Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + return pulumi.get(self, "key_algorithm") + + @key_algorithm.setter + def key_algorithm(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key_algorithm", value) + + +@pulumi.input_type +class IssuerSpecAcmePrivateKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AcmeDnsArgs: + def __init__(__self__, *, + account_secret_ref: pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs'], + host: pulumi.Input[str]): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs'] account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "account_secret_ref", account_secret_ref) + pulumi.set(__self__, "host", host) + + @property + @pulumi.getter(name="accountSecretRef") + def account_secret_ref(self) -> pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "account_secret_ref") + + @account_secret_ref.setter + def account_secret_ref(self, value: pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs']): + pulumi.set(self, "account_secret_ref", value) + + @property + @pulumi.getter + def host(self) -> pulumi.Input[str]: + return pulumi.get(self, "host") + + @host.setter + def host(self, value: pulumi.Input[str]): + pulumi.set(self, "host", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AkamaiArgs: + def __init__(__self__, *, + access_token_secret_ref: pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs'], + client_secret_secret_ref: pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs'], + client_token_secret_ref: pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs'], + service_consumer_domain: pulumi.Input[str]): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs'] access_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs'] client_secret_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs'] client_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "access_token_secret_ref", access_token_secret_ref) + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + pulumi.set(__self__, "client_token_secret_ref", client_token_secret_ref) + pulumi.set(__self__, "service_consumer_domain", service_consumer_domain) + + @property + @pulumi.getter(name="accessTokenSecretRef") + def access_token_secret_ref(self) -> pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "access_token_secret_ref") + + @access_token_secret_ref.setter + def access_token_secret_ref(self, value: pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs']): + pulumi.set(self, "access_token_secret_ref", value) + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @client_secret_secret_ref.setter + def client_secret_secret_ref(self, value: pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs']): + pulumi.set(self, "client_secret_secret_ref", value) + + @property + @pulumi.getter(name="clientTokenSecretRef") + def client_token_secret_ref(self) -> pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_token_secret_ref") + + @client_token_secret_ref.setter + def client_token_secret_ref(self, value: pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs']): + pulumi.set(self, "client_token_secret_ref", value) + + @property + @pulumi.getter(name="serviceConsumerDomain") + def service_consumer_domain(self) -> pulumi.Input[str]: + return pulumi.get(self, "service_consumer_domain") + + @service_consumer_domain.setter + def service_consumer_domain(self, value: pulumi.Input[str]): + pulumi.set(self, "service_consumer_domain", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs: + def __init__(__self__, *, + client_id: Optional[pulumi.Input[str]] = None, + resource_id: Optional[pulumi.Input[str]] = None): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param pulumi.Input[str] client_id: client ID of the managed identity, can not be used at the same time as resourceID + :param pulumi.Input[str] resource_id: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if resource_id is not None: + pulumi.set(__self__, "resource_id", resource_id) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + client ID of the managed identity, can not be used at the same time as resourceID + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="resourceID") + def resource_id(self) -> Optional[pulumi.Input[str]]: + """ + resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + return pulumi.get(self, "resource_id") + + @resource_id.setter + def resource_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_id", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01AzureDnsArgs: + def __init__(__self__, *, + resource_group_name: pulumi.Input[str], + subscription_id: pulumi.Input[str], + client_id: Optional[pulumi.Input[str]] = None, + client_secret_secret_ref: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs']] = None, + environment: Optional[pulumi.Input[str]] = None, + hosted_zone_name: Optional[pulumi.Input[str]] = None, + managed_identity: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs']] = None, + tenant_id: Optional[pulumi.Input[str]] = None): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param pulumi.Input[str] resource_group_name: resource group the DNS zone is located in + :param pulumi.Input[str] subscription_id: ID of the Azure subscription + :param pulumi.Input[str] client_id: Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs'] client_secret_secret_ref: Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param pulumi.Input[str] environment: name of the Azure environment (default AzurePublicCloud) + :param pulumi.Input[str] hosted_zone_name: name of the DNS zone that should be used + :param pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs'] managed_identity: Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param pulumi.Input[str] tenant_id: Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + pulumi.set(__self__, "resource_group_name", resource_group_name) + pulumi.set(__self__, "subscription_id", subscription_id) + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret_secret_ref is not None: + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + if environment is not None: + pulumi.set(__self__, "environment", environment) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if managed_identity is not None: + pulumi.set(__self__, "managed_identity", managed_identity) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + + @property + @pulumi.getter(name="resourceGroupName") + def resource_group_name(self) -> pulumi.Input[str]: + """ + resource group the DNS zone is located in + """ + return pulumi.get(self, "resource_group_name") + + @resource_group_name.setter + def resource_group_name(self, value: pulumi.Input[str]): + pulumi.set(self, "resource_group_name", value) + + @property + @pulumi.getter(name="subscriptionID") + def subscription_id(self) -> pulumi.Input[str]: + """ + ID of the Azure subscription + """ + return pulumi.get(self, "subscription_id") + + @subscription_id.setter + def subscription_id(self, value: pulumi.Input[str]): + pulumi.set(self, "subscription_id", value) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs']]: + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @client_secret_secret_ref.setter + def client_secret_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs']]): + pulumi.set(self, "client_secret_secret_ref", value) + + @property + @pulumi.getter + def environment(self) -> Optional[pulumi.Input[str]]: + """ + name of the Azure environment (default AzurePublicCloud) + """ + return pulumi.get(self, "environment") + + @environment.setter + def environment(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "environment", value) + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[pulumi.Input[str]]: + """ + name of the DNS zone that should be used + """ + return pulumi.get(self, "hosted_zone_name") + + @hosted_zone_name.setter + def hosted_zone_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_name", value) + + @property + @pulumi.getter(name="managedIdentity") + def managed_identity(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs']]: + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + return pulumi.get(self, "managed_identity") + + @managed_identity.setter + def managed_identity(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs']]): + pulumi.set(self, "managed_identity", value) + + @property + @pulumi.getter(name="tenantID") + def tenant_id(self) -> Optional[pulumi.Input[str]]: + """ + Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + return pulumi.get(self, "tenant_id") + + @tenant_id.setter + def tenant_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tenant_id", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01CloudDnsArgs: + def __init__(__self__, *, + project: pulumi.Input[str], + hosted_zone_name: Optional[pulumi.Input[str]] = None, + service_account_secret_ref: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs']] = None): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + :param pulumi.Input[str] hosted_zone_name: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + :param pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs'] service_account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "project", project) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if service_account_secret_ref is not None: + pulumi.set(__self__, "service_account_secret_ref", service_account_secret_ref) + + @property + @pulumi.getter + def project(self) -> pulumi.Input[str]: + return pulumi.get(self, "project") + + @project.setter + def project(self, value: pulumi.Input[str]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[pulumi.Input[str]]: + """ + HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + """ + return pulumi.get(self, "hosted_zone_name") + + @hosted_zone_name.setter + def hosted_zone_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_name", value) + + @property + @pulumi.getter(name="serviceAccountSecretRef") + def service_account_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs']]: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "service_account_secret_ref") + + @service_account_secret_ref.setter + def service_account_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs']]): + pulumi.set(self, "service_account_secret_ref", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + API token used to authenticate with Cloudflare. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01CloudflareArgs: + def __init__(__self__, *, + api_key_secret_ref: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs']] = None, + api_token_secret_ref: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs']] = None, + email: Optional[pulumi.Input[str]] = None): + """ + Use the Cloudflare API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs'] api_key_secret_ref: API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs'] api_token_secret_ref: API token used to authenticate with Cloudflare. + :param pulumi.Input[str] email: Email of the account, only required when using API key based authentication. + """ + if api_key_secret_ref is not None: + pulumi.set(__self__, "api_key_secret_ref", api_key_secret_ref) + if api_token_secret_ref is not None: + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if email is not None: + pulumi.set(__self__, "email", email) + + @property + @pulumi.getter(name="apiKeySecretRef") + def api_key_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs']]: + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + return pulumi.get(self, "api_key_secret_ref") + + @api_key_secret_ref.setter + def api_key_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs']]): + pulumi.set(self, "api_key_secret_ref", value) + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs']]: + """ + API token used to authenticate with Cloudflare. + """ + return pulumi.get(self, "api_token_secret_ref") + + @api_token_secret_ref.setter + def api_token_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs']]): + pulumi.set(self, "api_token_secret_ref", value) + + @property + @pulumi.getter + def email(self) -> Optional[pulumi.Input[str]]: + """ + Email of the account, only required when using API key based authentication. + """ + return pulumi.get(self, "email") + + @email.setter + def email(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "email", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01DigitaloceanArgs: + def __init__(__self__, *, + token_secret_ref: pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs']): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs'] token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "token_secret_ref") + + @token_secret_ref.setter + def token_secret_ref(self, value: pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs']): + pulumi.set(self, "token_secret_ref", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01Rfc2136Args: + def __init__(__self__, *, + nameserver: pulumi.Input[str], + tsig_algorithm: Optional[pulumi.Input[str]] = None, + tsig_key_name: Optional[pulumi.Input[str]] = None, + tsig_secret_secret_ref: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs']] = None): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param pulumi.Input[str] nameserver: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + :param pulumi.Input[str] tsig_algorithm: The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + :param pulumi.Input[str] tsig_key_name: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + :param pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs'] tsig_secret_secret_ref: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + pulumi.set(__self__, "nameserver", nameserver) + if tsig_algorithm is not None: + pulumi.set(__self__, "tsig_algorithm", tsig_algorithm) + if tsig_key_name is not None: + pulumi.set(__self__, "tsig_key_name", tsig_key_name) + if tsig_secret_secret_ref is not None: + pulumi.set(__self__, "tsig_secret_secret_ref", tsig_secret_secret_ref) + + @property + @pulumi.getter + def nameserver(self) -> pulumi.Input[str]: + """ + The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + """ + return pulumi.get(self, "nameserver") + + @nameserver.setter + def nameserver(self, value: pulumi.Input[str]): + pulumi.set(self, "nameserver", value) + + @property + @pulumi.getter(name="tsigAlgorithm") + def tsig_algorithm(self) -> Optional[pulumi.Input[str]]: + """ + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + """ + return pulumi.get(self, "tsig_algorithm") + + @tsig_algorithm.setter + def tsig_algorithm(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tsig_algorithm", value) + + @property + @pulumi.getter(name="tsigKeyName") + def tsig_key_name(self) -> Optional[pulumi.Input[str]]: + """ + The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_key_name") + + @tsig_key_name.setter + def tsig_key_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tsig_key_name", value) + + @property + @pulumi.getter(name="tsigSecretSecretRef") + def tsig_secret_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs']]: + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_secret_secret_ref") + + @tsig_secret_secret_ref.setter + def tsig_secret_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs']]): + pulumi.set(self, "tsig_secret_secret_ref", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01Route53Args: + def __init__(__self__, *, + region: pulumi.Input[str], + access_key_id: Optional[pulumi.Input[str]] = None, + access_key_id_secret_ref: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs']] = None, + hosted_zone_id: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + secret_access_key_secret_ref: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs']] = None): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + :param pulumi.Input[str] region: Always set the region when using AccessKeyID and SecretAccessKey + :param pulumi.Input[str] access_key_id: The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input['IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs'] access_key_id_secret_ref: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param pulumi.Input[str] hosted_zone_id: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + :param pulumi.Input[str] role: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + :param pulumi.Input['IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs'] secret_access_key_secret_ref: The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + pulumi.set(__self__, "region", region) + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if access_key_id_secret_ref is not None: + pulumi.set(__self__, "access_key_id_secret_ref", access_key_id_secret_ref) + if hosted_zone_id is not None: + pulumi.set(__self__, "hosted_zone_id", hosted_zone_id) + if role is not None: + pulumi.set(__self__, "role", role) + if secret_access_key_secret_ref is not None: + pulumi.set(__self__, "secret_access_key_secret_ref", secret_access_key_secret_ref) + + @property + @pulumi.getter + def region(self) -> pulumi.Input[str]: + """ + Always set the region when using AccessKeyID and SecretAccessKey + """ + return pulumi.get(self, "region") + + @region.setter + def region(self, value: pulumi.Input[str]): + pulumi.set(self, "region", value) + + @property + @pulumi.getter(name="accessKeyID") + def access_key_id(self) -> Optional[pulumi.Input[str]]: + """ + The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id") + + @access_key_id.setter + def access_key_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_key_id", value) + + @property + @pulumi.getter(name="accessKeyIDSecretRef") + def access_key_id_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs']]: + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id_secret_ref") + + @access_key_id_secret_ref.setter + def access_key_id_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs']]): + pulumi.set(self, "access_key_id_secret_ref", value) + + @property + @pulumi.getter(name="hostedZoneID") + def hosted_zone_id(self) -> Optional[pulumi.Input[str]]: + """ + If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + """ + return pulumi.get(self, "hosted_zone_id") + + @hosted_zone_id.setter + def hosted_zone_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "hosted_zone_id", value) + + @property + @pulumi.getter + def role(self) -> Optional[pulumi.Input[str]]: + """ + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter(name="secretAccessKeySecretRef") + def secret_access_key_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs']]: + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "secret_access_key_secret_ref") + + @secret_access_key_secret_ref.setter + def secret_access_key_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs']]): + pulumi.set(self, "secret_access_key_secret_ref", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01WebhookArgs: + def __init__(__self__, *, + group_name: pulumi.Input[str], + solver_name: pulumi.Input[str], + config: Optional[pulumi.Input[Mapping[str, Any]]] = None): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + :param pulumi.Input[str] group_name: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + :param pulumi.Input[str] solver_name: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + :param pulumi.Input[Mapping[str, Any]] config: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + pulumi.set(__self__, "group_name", group_name) + pulumi.set(__self__, "solver_name", solver_name) + if config is not None: + pulumi.set(__self__, "config", config) + + @property + @pulumi.getter(name="groupName") + def group_name(self) -> pulumi.Input[str]: + """ + The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + """ + return pulumi.get(self, "group_name") + + @group_name.setter + def group_name(self, value: pulumi.Input[str]): + pulumi.set(self, "group_name", value) + + @property + @pulumi.getter(name="solverName") + def solver_name(self) -> pulumi.Input[str]: + """ + The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + """ + return pulumi.get(self, "solver_name") + + @solver_name.setter + def solver_name(self, value: pulumi.Input[str]): + pulumi.set(self, "solver_name", value) + + @property + @pulumi.getter + def config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + return pulumi.get(self, "config") + + @config.setter + def config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "config", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversDns01Args: + def __init__(__self__, *, + acme_dns: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsArgs']] = None, + akamai: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiArgs']] = None, + azure_dns: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsArgs']] = None, + cloud_dns: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsArgs']] = None, + cloudflare: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareArgs']] = None, + cname_strategy: Optional[pulumi.Input[str]] = None, + digitalocean: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanArgs']] = None, + rfc2136: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136Args']] = None, + route53: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53Args']] = None, + webhook: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01WebhookArgs']] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsArgs'] acme_dns: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiArgs'] akamai: Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsArgs'] azure_dns: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsArgs'] cloud_dns: Use the Google Cloud DNS API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareArgs'] cloudflare: Use the Cloudflare API to manage DNS01 challenge records. + :param pulumi.Input[str] cname_strategy: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + :param pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanArgs'] digitalocean: Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136Args'] rfc2136: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01Route53Args'] route53: Use the AWS Route53 API to manage DNS01 challenge records. + :param pulumi.Input['IssuerSpecAcmeSolversDns01WebhookArgs'] webhook: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + if acme_dns is not None: + pulumi.set(__self__, "acme_dns", acme_dns) + if akamai is not None: + pulumi.set(__self__, "akamai", akamai) + if azure_dns is not None: + pulumi.set(__self__, "azure_dns", azure_dns) + if cloud_dns is not None: + pulumi.set(__self__, "cloud_dns", cloud_dns) + if cloudflare is not None: + pulumi.set(__self__, "cloudflare", cloudflare) + if cname_strategy is not None: + pulumi.set(__self__, "cname_strategy", cname_strategy) + if digitalocean is not None: + pulumi.set(__self__, "digitalocean", digitalocean) + if rfc2136 is not None: + pulumi.set(__self__, "rfc2136", rfc2136) + if route53 is not None: + pulumi.set(__self__, "route53", route53) + if webhook is not None: + pulumi.set(__self__, "webhook", webhook) + + @property + @pulumi.getter(name="acmeDNS") + def acme_dns(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsArgs']]: + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + return pulumi.get(self, "acme_dns") + + @acme_dns.setter + def acme_dns(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AcmeDnsArgs']]): + pulumi.set(self, "acme_dns", value) + + @property + @pulumi.getter + def akamai(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiArgs']]: + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + return pulumi.get(self, "akamai") + + @akamai.setter + def akamai(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AkamaiArgs']]): + pulumi.set(self, "akamai", value) + + @property + @pulumi.getter(name="azureDNS") + def azure_dns(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsArgs']]: + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "azure_dns") + + @azure_dns.setter + def azure_dns(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01AzureDnsArgs']]): + pulumi.set(self, "azure_dns", value) + + @property + @pulumi.getter(name="cloudDNS") + def cloud_dns(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsArgs']]: + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloud_dns") + + @cloud_dns.setter + def cloud_dns(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudDnsArgs']]): + pulumi.set(self, "cloud_dns", value) + + @property + @pulumi.getter + def cloudflare(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareArgs']]: + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloudflare") + + @cloudflare.setter + def cloudflare(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01CloudflareArgs']]): + pulumi.set(self, "cloudflare", value) + + @property + @pulumi.getter(name="cnameStrategy") + def cname_strategy(self) -> Optional[pulumi.Input[str]]: + """ + CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + """ + return pulumi.get(self, "cname_strategy") + + @cname_strategy.setter + def cname_strategy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cname_strategy", value) + + @property + @pulumi.getter + def digitalocean(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanArgs']]: + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "digitalocean") + + @digitalocean.setter + def digitalocean(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01DigitaloceanArgs']]): + pulumi.set(self, "digitalocean", value) + + @property + @pulumi.getter + def rfc2136(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136Args']]: + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + return pulumi.get(self, "rfc2136") + + @rfc2136.setter + def rfc2136(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Rfc2136Args']]): + pulumi.set(self, "rfc2136", value) + + @property + @pulumi.getter + def route53(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53Args']]: + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + return pulumi.get(self, "route53") + + @route53.setter + def route53(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Route53Args']]): + pulumi.set(self, "route53", value) + + @property + @pulumi.getter + def webhook(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01WebhookArgs']]: + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + return pulumi.get(self, "webhook") + + @webhook.setter + def webhook(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01WebhookArgs']]): + pulumi.set(self, "webhook", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + group: Optional[pulumi.Input[str]] = None, + kind: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + port: Optional[pulumi.Input[int]] = None, + section_name: Optional[pulumi.Input[str]] = None): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + :param pulumi.Input[str] name: Name is the name of the referent. + Support: Core + :param pulumi.Input[str] group: Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + :param pulumi.Input[str] kind: Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + :param pulumi.Input[str] namespace: Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + :param pulumi.Input[int] port: Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + :param pulumi.Input[str] section_name: SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + pulumi.set(__self__, "name", name) + if group is None: + group = 'gateway.networking.k8s.io' + if group is not None: + pulumi.set(__self__, "group", group) + if kind is None: + kind = 'Gateway' + if kind is not None: + pulumi.set(__self__, "kind", kind) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if port is not None: + pulumi.set(__self__, "port", port) + if section_name is not None: + pulumi.set(__self__, "section_name", section_name) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name is the name of the referent. + Support: Core + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def group(self) -> Optional[pulumi.Input[str]]: + """ + Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + """ + return pulumi.get(self, "group") + + @group.setter + def group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter + def port(self) -> Optional[pulumi.Input[int]]: + """ + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + """ + return pulumi.get(self, "port") + + @port.setter + def port(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "port", value) + + @property + @pulumi.getter(name="sectionName") + def section_name(self) -> Optional[pulumi.Input[str]]: + """ + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + return pulumi.get(self, "section_name") + + @section_name.setter + def section_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "section_name", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01GatewayHttprouteArgs: + def __init__(__self__, *, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + parent_refs: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]]] = None, + service_type: Optional[pulumi.Input[str]] = None): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]] parent_refs: When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + :param pulumi.Input[str] service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if labels is not None: + pulumi.set(__self__, "labels", labels) + if parent_refs is not None: + pulumi.set(__self__, "parent_refs", parent_refs) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter(name="parentRefs") + def parent_refs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]]]: + """ + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + """ + return pulumi.get(self, "parent_refs") + + @parent_refs.setter + def parent_refs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs']]]]): + pulumi.set(self, "parent_refs", value) + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[pulumi.Input[str]]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + @service_type.setter + def service_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_type", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] annotations: Annotations that should be added to the created ACME HTTP01 solver ingress. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels that should be added to the created ACME HTTP01 solver ingress. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Annotations that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Labels that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs: + def __init__(__self__, *, + metadata: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs']] = None): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs'] metadata: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs']]: + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs']]): + pulumi.set(self, "metadata", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] annotations: Annotations that should be added to the create ACME HTTP01 solver pods. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels that should be added to the created ACME HTTP01 solver pods. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Annotations that should be added to the create ACME HTTP01 solver pods. + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Labels that should be added to the created ACME HTTP01 solver pods. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]] = None, + match_fields: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]] = None): + """ + A node selector term, associated with the corresponding weight. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]] match_expressions: A list of node selector requirements by node's labels. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + @match_fields.setter + def match_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs']]]]): + pulumi.set(self, "match_fields", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + preference: pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs'], + weight: pulumi.Input[int]): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs'] preference: A node selector term, associated with the corresponding weight. + :param pulumi.Input[int] weight: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + pulumi.set(__self__, "preference", preference) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter + def preference(self) -> pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs']: + """ + A node selector term, associated with the corresponding weight. + """ + return pulumi.get(self, "preference") + + @preference.setter + def preference(self, value: pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs']): + pulumi.set(self, "preference", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: The label key that the selector applies to. + :param pulumi.Input[str] operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]] = None, + match_fields: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]] = None): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]] match_expressions: A list of node selector requirements by node's labels. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + @match_fields.setter + def match_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs']]]]): + pulumi.set(self, "match_fields", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + node_selector_terms: pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]] node_selector_terms: Required. A list of node selector terms. The terms are ORed. + """ + pulumi.set(__self__, "node_selector_terms", node_selector_terms) + + @property + @pulumi.getter(name="nodeSelectorTerms") + def node_selector_terms(self) -> pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]: + """ + Required. A list of node selector terms. The terms are ORed. + """ + return pulumi.get(self, "node_selector_terms") + + @node_selector_terms.setter + def node_selector_terms(self, value: pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs']]]): + pulumi.set(self, "node_selector_terms", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']] = None): + """ + Describes node affinity scheduling rules for the pod. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + pod_affinity_term: pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'], + weight: pulumi.Input[int]): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'] pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[int] weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']: + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @pod_affinity_term.setter + def pod_affinity_term(self, value: pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']): + pulumi.set(self, "pod_affinity_term", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + pod_affinity_term: pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'], + weight: pulumi.Input[int]): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs'] pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param pulumi.Input[int] weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']: + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @pod_affinity_term.setter + def pod_affinity_term(self, value: pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs']): + pulumi.set(self, "pod_affinity_term", value) + + @property + @pulumi.getter + def weight(self) -> pulumi.Input[int]: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + @weight.setter + def weight(self, value: pulumi.Input[int]): + pulumi.set(self, "weight", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + operator: pulumi.Input[str], + values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param pulumi.Input[str] key: key is the label key that the selector applies to. + :param pulumi.Input[str] operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> pulumi.Input[str]: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: pulumi.Input[str]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter + def values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "values", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs: + def __init__(__self__, *, + match_expressions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @match_expressions.setter + def match_expressions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs']]]]): + pulumi.set(self, "match_expressions", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs: + def __init__(__self__, *, + topology_key: pulumi.Input[str], + label_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']] = None, + match_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + mismatch_label_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + namespace_selector: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']] = None, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param pulumi.Input[str] topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs'] label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param pulumi.Input[Sequence[pulumi.Input[str]]] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input[Sequence[pulumi.Input[str]]] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs'] namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> pulumi.Input[str]: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @topology_key.setter + def topology_key(self, value: pulumi.Input[str]): + pulumi.set(self, "topology_key", value) + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @label_selector.setter + def label_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs']]): + pulumi.set(self, "label_selector", value) + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @match_label_keys.setter + def match_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "match_label_keys", value) + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @mismatch_label_keys.setter + def mismatch_label_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "mismatch_label_keys", value) + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @namespace_selector.setter + def namespace_selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs']]): + pulumi.set(self, "namespace_selector", value) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs: + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None, + required_during_scheduling_ignored_during_execution: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]] = None): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]] required_during_scheduling_ignored_during_execution: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @preferred_during_scheduling_ignored_during_execution.setter + def preferred_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "preferred_during_scheduling_ignored_during_execution", value) + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]: + """ + If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + @required_during_scheduling_ignored_during_execution.setter + def required_during_scheduling_ignored_during_execution(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs']]]]): + pulumi.set(self, "required_during_scheduling_ignored_during_execution", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs: + def __init__(__self__, *, + node_affinity: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']] = None, + pod_affinity: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']] = None, + pod_anti_affinity: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']] = None): + """ + If specified, the pod's scheduling constraints + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs'] node_affinity: Describes node affinity scheduling rules for the pod. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs'] pod_affinity: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs'] pod_anti_affinity: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + if node_affinity is not None: + pulumi.set(__self__, "node_affinity", node_affinity) + if pod_affinity is not None: + pulumi.set(__self__, "pod_affinity", pod_affinity) + if pod_anti_affinity is not None: + pulumi.set(__self__, "pod_anti_affinity", pod_anti_affinity) + + @property + @pulumi.getter(name="nodeAffinity") + def node_affinity(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']]: + """ + Describes node affinity scheduling rules for the pod. + """ + return pulumi.get(self, "node_affinity") + + @node_affinity.setter + def node_affinity(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs']]): + pulumi.set(self, "node_affinity", value) + + @property + @pulumi.getter(name="podAffinity") + def pod_affinity(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']]: + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_affinity") + + @pod_affinity.setter + def pod_affinity(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs']]): + pulumi.set(self, "pod_affinity", value) + + @property + @pulumi.getter(name="podAntiAffinity") + def pod_anti_affinity(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']]: + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_anti_affinity") + + @pod_anti_affinity.setter + def pod_anti_affinity(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs']]): + pulumi.set(self, "pod_anti_affinity", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs: + def __init__(__self__, *, + name: Optional[pulumi.Input[str]] = None): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + :param pulumi.Input[str] name: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs: + def __init__(__self__, *, + effect: Optional[pulumi.Input[str]] = None, + key: Optional[pulumi.Input[str]] = None, + operator: Optional[pulumi.Input[str]] = None, + toleration_seconds: Optional[pulumi.Input[int]] = None, + value: Optional[pulumi.Input[str]] = None): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + :param pulumi.Input[str] effect: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + :param pulumi.Input[str] key: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + :param pulumi.Input[str] operator: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + :param pulumi.Input[int] toleration_seconds: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + :param pulumi.Input[str] value: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + if effect is not None: + pulumi.set(__self__, "effect", effect) + if key is not None: + pulumi.set(__self__, "key", key) + if operator is not None: + pulumi.set(__self__, "operator", operator) + if toleration_seconds is not None: + pulumi.set(__self__, "toleration_seconds", toleration_seconds) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def effect(self) -> Optional[pulumi.Input[str]]: + """ + Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + """ + return pulumi.get(self, "effect") + + @effect.setter + def effect(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "effect", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def operator(self) -> Optional[pulumi.Input[str]]: + """ + Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + """ + return pulumi.get(self, "operator") + + @operator.setter + def operator(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "operator", value) + + @property + @pulumi.getter(name="tolerationSeconds") + def toleration_seconds(self) -> Optional[pulumi.Input[int]]: + """ + TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + """ + return pulumi.get(self, "toleration_seconds") + + @toleration_seconds.setter + def toleration_seconds(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "toleration_seconds", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + """ + Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs: + def __init__(__self__, *, + affinity: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs']] = None, + image_pull_secrets: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]] = None, + node_selector: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + priority_class_name: Optional[pulumi.Input[str]] = None, + service_account_name: Optional[pulumi.Input[str]] = None, + tolerations: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]]] = None): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs'] affinity: If specified, the pod's scheduling constraints + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]] image_pull_secrets: If specified, the pod's imagePullSecrets + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] node_selector: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + :param pulumi.Input[str] priority_class_name: If specified, the pod's priorityClassName. + :param pulumi.Input[str] service_account_name: If specified, the pod's service account + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]] tolerations: If specified, the pod's tolerations. + """ + if affinity is not None: + pulumi.set(__self__, "affinity", affinity) + if image_pull_secrets is not None: + pulumi.set(__self__, "image_pull_secrets", image_pull_secrets) + if node_selector is not None: + pulumi.set(__self__, "node_selector", node_selector) + if priority_class_name is not None: + pulumi.set(__self__, "priority_class_name", priority_class_name) + if service_account_name is not None: + pulumi.set(__self__, "service_account_name", service_account_name) + if tolerations is not None: + pulumi.set(__self__, "tolerations", tolerations) + + @property + @pulumi.getter + def affinity(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs']]: + """ + If specified, the pod's scheduling constraints + """ + return pulumi.get(self, "affinity") + + @affinity.setter + def affinity(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs']]): + pulumi.set(self, "affinity", value) + + @property + @pulumi.getter(name="imagePullSecrets") + def image_pull_secrets(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]]: + """ + If specified, the pod's imagePullSecrets + """ + return pulumi.get(self, "image_pull_secrets") + + @image_pull_secrets.setter + def image_pull_secrets(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs']]]]): + pulumi.set(self, "image_pull_secrets", value) + + @property + @pulumi.getter(name="nodeSelector") + def node_selector(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + """ + return pulumi.get(self, "node_selector") + + @node_selector.setter + def node_selector(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "node_selector", value) + + @property + @pulumi.getter(name="priorityClassName") + def priority_class_name(self) -> Optional[pulumi.Input[str]]: + """ + If specified, the pod's priorityClassName. + """ + return pulumi.get(self, "priority_class_name") + + @priority_class_name.setter + def priority_class_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "priority_class_name", value) + + @property + @pulumi.getter(name="serviceAccountName") + def service_account_name(self) -> Optional[pulumi.Input[str]]: + """ + If specified, the pod's service account + """ + return pulumi.get(self, "service_account_name") + + @service_account_name.setter + def service_account_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_account_name", value) + + @property + @pulumi.getter + def tolerations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]]]: + """ + If specified, the pod's tolerations. + """ + return pulumi.get(self, "tolerations") + + @tolerations.setter + def tolerations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs']]]]): + pulumi.set(self, "tolerations", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateArgs: + def __init__(__self__, *, + metadata: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs']] = None, + spec: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs']] = None): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs'] metadata: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs'] spec: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs']]: + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs']]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def spec(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs']]: + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + return pulumi.get(self, "spec") + + @spec.setter + def spec(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs']]): + pulumi.set(self, "spec", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01IngressArgs: + def __init__(__self__, *, + class_: Optional[pulumi.Input[str]] = None, + ingress_class_name: Optional[pulumi.Input[str]] = None, + ingress_template: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs']] = None, + name: Optional[pulumi.Input[str]] = None, + pod_template: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateArgs']] = None, + service_type: Optional[pulumi.Input[str]] = None): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + :param pulumi.Input[str] class_: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input[str] ingress_class_name: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs'] ingress_template: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param pulumi.Input[str] name: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateArgs'] pod_template: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param pulumi.Input[str] service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if class_ is not None: + pulumi.set(__self__, "class_", class_) + if ingress_class_name is not None: + pulumi.set(__self__, "ingress_class_name", ingress_class_name) + if ingress_template is not None: + pulumi.set(__self__, "ingress_template", ingress_template) + if name is not None: + pulumi.set(__self__, "name", name) + if pod_template is not None: + pulumi.set(__self__, "pod_template", pod_template) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter(name="class") + def class_(self) -> Optional[pulumi.Input[str]]: + """ + This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "class_") + + @class_.setter + def class_(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "class_", value) + + @property + @pulumi.getter(name="ingressClassName") + def ingress_class_name(self) -> Optional[pulumi.Input[str]]: + """ + This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "ingress_class_name") + + @ingress_class_name.setter + def ingress_class_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ingress_class_name", value) + + @property + @pulumi.getter(name="ingressTemplate") + def ingress_template(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs']]: + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + return pulumi.get(self, "ingress_template") + + @ingress_template.setter + def ingress_template(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs']]): + pulumi.set(self, "ingress_template", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="podTemplate") + def pod_template(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateArgs']]: + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + return pulumi.get(self, "pod_template") + + @pod_template.setter + def pod_template(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressPodTemplateArgs']]): + pulumi.set(self, "pod_template", value) + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[pulumi.Input[str]]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + @service_type.setter + def service_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_type", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversHttp01Args: + def __init__(__self__, *, + gateway_http_route: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteArgs']] = None, + ingress: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressArgs']] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteArgs'] gateway_http_route: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01IngressArgs'] ingress: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + if gateway_http_route is not None: + pulumi.set(__self__, "gateway_http_route", gateway_http_route) + if ingress is not None: + pulumi.set(__self__, "ingress", ingress) + + @property + @pulumi.getter(name="gatewayHTTPRoute") + def gateway_http_route(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteArgs']]: + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + return pulumi.get(self, "gateway_http_route") + + @gateway_http_route.setter + def gateway_http_route(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01GatewayHttprouteArgs']]): + pulumi.set(self, "gateway_http_route", value) + + @property + @pulumi.getter + def ingress(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressArgs']]: + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + return pulumi.get(self, "ingress") + + @ingress.setter + def ingress(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01IngressArgs']]): + pulumi.set(self, "ingress", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversSelectorArgs: + def __init__(__self__, *, + dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + dns_zones: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + match_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_zones: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] match_labels: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if dns_zones is not None: + pulumi.set(__self__, "dns_zones", dns_zones) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_names") + + @dns_names.setter + def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_names", value) + + @property + @pulumi.getter(name="dnsZones") + def dns_zones(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_zones") + + @dns_zones.setter + def dns_zones(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "dns_zones", value) + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + return pulumi.get(self, "match_labels") + + @match_labels.setter + def match_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "match_labels", value) + + +@pulumi.input_type +class IssuerSpecAcmeSolversArgs: + def __init__(__self__, *, + dns01: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Args']] = None, + http01: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01Args']] = None, + selector: Optional[pulumi.Input['IssuerSpecAcmeSolversSelectorArgs']] = None): + """ + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + :param pulumi.Input['IssuerSpecAcmeSolversDns01Args'] dns01: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param pulumi.Input['IssuerSpecAcmeSolversHttp01Args'] http01: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param pulumi.Input['IssuerSpecAcmeSolversSelectorArgs'] selector: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + if dns01 is not None: + pulumi.set(__self__, "dns01", dns01) + if http01 is not None: + pulumi.set(__self__, "http01", http01) + if selector is not None: + pulumi.set(__self__, "selector", selector) + + @property + @pulumi.getter + def dns01(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Args']]: + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + return pulumi.get(self, "dns01") + + @dns01.setter + def dns01(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversDns01Args']]): + pulumi.set(self, "dns01", value) + + @property + @pulumi.getter + def http01(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01Args']]: + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + return pulumi.get(self, "http01") + + @http01.setter + def http01(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversHttp01Args']]): + pulumi.set(self, "http01", value) + + @property + @pulumi.getter + def selector(self) -> Optional[pulumi.Input['IssuerSpecAcmeSolversSelectorArgs']]: + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + return pulumi.get(self, "selector") + + @selector.setter + def selector(self, value: Optional[pulumi.Input['IssuerSpecAcmeSolversSelectorArgs']]): + pulumi.set(self, "selector", value) + + +@pulumi.input_type +class IssuerSpecAcmeArgs: + def __init__(__self__, *, + private_key_secret_ref: pulumi.Input['IssuerSpecAcmePrivateKeySecretRefArgs'], + server: pulumi.Input[str], + ca_bundle: Optional[pulumi.Input[str]] = None, + disable_account_key_generation: Optional[pulumi.Input[bool]] = None, + email: Optional[pulumi.Input[str]] = None, + enable_duration_feature: Optional[pulumi.Input[bool]] = None, + external_account_binding: Optional[pulumi.Input['IssuerSpecAcmeExternalAccountBindingArgs']] = None, + preferred_chain: Optional[pulumi.Input[str]] = None, + skip_tls_verify: Optional[pulumi.Input[bool]] = None, + solvers: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversArgs']]]] = None): + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param pulumi.Input['IssuerSpecAcmePrivateKeySecretRefArgs'] private_key_secret_ref: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param pulumi.Input[str] server: Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + :param pulumi.Input[str] ca_bundle: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + :param pulumi.Input[bool] disable_account_key_generation: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + :param pulumi.Input[str] email: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + :param pulumi.Input[bool] enable_duration_feature: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + :param pulumi.Input['IssuerSpecAcmeExternalAccountBindingArgs'] external_account_binding: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param pulumi.Input[str] preferred_chain: PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + :param pulumi.Input[bool] skip_tls_verify: INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + :param pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversArgs']]] solvers: Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + pulumi.set(__self__, "private_key_secret_ref", private_key_secret_ref) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if disable_account_key_generation is not None: + pulumi.set(__self__, "disable_account_key_generation", disable_account_key_generation) + if email is not None: + pulumi.set(__self__, "email", email) + if enable_duration_feature is not None: + pulumi.set(__self__, "enable_duration_feature", enable_duration_feature) + if external_account_binding is not None: + pulumi.set(__self__, "external_account_binding", external_account_binding) + if preferred_chain is not None: + pulumi.set(__self__, "preferred_chain", preferred_chain) + if skip_tls_verify is not None: + pulumi.set(__self__, "skip_tls_verify", skip_tls_verify) + if solvers is not None: + pulumi.set(__self__, "solvers", solvers) + + @property + @pulumi.getter(name="privateKeySecretRef") + def private_key_secret_ref(self) -> pulumi.Input['IssuerSpecAcmePrivateKeySecretRefArgs']: + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + """ + return pulumi.get(self, "private_key_secret_ref") + + @private_key_secret_ref.setter + def private_key_secret_ref(self, value: pulumi.Input['IssuerSpecAcmePrivateKeySecretRefArgs']): + pulumi.set(self, "private_key_secret_ref", value) + + @property + @pulumi.getter + def server(self) -> pulumi.Input[str]: + """ + Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + """ + return pulumi.get(self, "server") + + @server.setter + def server(self, value: pulumi.Input[str]): + pulumi.set(self, "server", value) + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[pulumi.Input[str]]: + """ + Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @ca_bundle.setter + def ca_bundle(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ca_bundle", value) + + @property + @pulumi.getter(name="disableAccountKeyGeneration") + def disable_account_key_generation(self) -> Optional[pulumi.Input[bool]]: + """ + Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + """ + return pulumi.get(self, "disable_account_key_generation") + + @disable_account_key_generation.setter + def disable_account_key_generation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disable_account_key_generation", value) + + @property + @pulumi.getter + def email(self) -> Optional[pulumi.Input[str]]: + """ + Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + """ + return pulumi.get(self, "email") + + @email.setter + def email(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "email", value) + + @property + @pulumi.getter(name="enableDurationFeature") + def enable_duration_feature(self) -> Optional[pulumi.Input[bool]]: + """ + Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + """ + return pulumi.get(self, "enable_duration_feature") + + @enable_duration_feature.setter + def enable_duration_feature(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_duration_feature", value) + + @property + @pulumi.getter(name="externalAccountBinding") + def external_account_binding(self) -> Optional[pulumi.Input['IssuerSpecAcmeExternalAccountBindingArgs']]: + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + """ + return pulumi.get(self, "external_account_binding") + + @external_account_binding.setter + def external_account_binding(self, value: Optional[pulumi.Input['IssuerSpecAcmeExternalAccountBindingArgs']]): + pulumi.set(self, "external_account_binding", value) + + @property + @pulumi.getter(name="preferredChain") + def preferred_chain(self) -> Optional[pulumi.Input[str]]: + """ + PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + """ + return pulumi.get(self, "preferred_chain") + + @preferred_chain.setter + def preferred_chain(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "preferred_chain", value) + + @property + @pulumi.getter(name="skipTLSVerify") + def skip_tls_verify(self) -> Optional[pulumi.Input[bool]]: + """ + INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + """ + return pulumi.get(self, "skip_tls_verify") + + @skip_tls_verify.setter + def skip_tls_verify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "skip_tls_verify", value) + + @property + @pulumi.getter + def solvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversArgs']]]]: + """ + Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + return pulumi.get(self, "solvers") + + @solvers.setter + def solvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerSpecAcmeSolversArgs']]]]): + pulumi.set(self, "solvers", value) + + +@pulumi.input_type +class IssuerSpecCaArgs: + def __init__(__self__, *, + secret_name: pulumi.Input[str], + crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + issuing_certificate_urls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param pulumi.Input[str] secret_name: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificate_urls: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + pulumi.set(__self__, "secret_name", secret_name) + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + if issuing_certificate_urls is not None: + pulumi.set(__self__, "issuing_certificate_urls", issuing_certificate_urls) + if ocsp_servers is not None: + pulumi.set(__self__, "ocsp_servers", ocsp_servers) + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> pulumi.Input[str]: + """ + SecretName is the name of the secret used to sign Certificates issued by this Issuer. + """ + return pulumi.get(self, "secret_name") + + @secret_name.setter + def secret_name(self, value: pulumi.Input[str]): + pulumi.set(self, "secret_name", value) + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + """ + return pulumi.get(self, "crl_distribution_points") + + @crl_distribution_points.setter + def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "crl_distribution_points", value) + + @property + @pulumi.getter(name="issuingCertificateURLs") + def issuing_certificate_urls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + """ + return pulumi.get(self, "issuing_certificate_urls") + + @issuing_certificate_urls.setter + def issuing_certificate_urls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "issuing_certificate_urls", value) + + @property + @pulumi.getter(name="ocspServers") + def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + return pulumi.get(self, "ocsp_servers") + + @ocsp_servers.setter + def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ocsp_servers", value) + + +@pulumi.input_type +class IssuerSpecSelfSignedArgs: + def __init__(__self__, *, + crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + return pulumi.get(self, "crl_distribution_points") + + @crl_distribution_points.setter + def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "crl_distribution_points", value) + + +@pulumi.input_type +class IssuerSpecVaultAuthAppRoleSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecVaultAuthAppRoleArgs: + def __init__(__self__, *, + path: pulumi.Input[str], + role_id: pulumi.Input[str], + secret_ref: pulumi.Input['IssuerSpecVaultAuthAppRoleSecretRefArgs']): + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param pulumi.Input[str] path: Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + :param pulumi.Input[str] role_id: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + :param pulumi.Input['IssuerSpecVaultAuthAppRoleSecretRefArgs'] secret_ref: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "role_id", role_id) + pulumi.set(__self__, "secret_ref", secret_ref) + + @property + @pulumi.getter + def path(self) -> pulumi.Input[str]: + """ + Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + """ + return pulumi.get(self, "path") + + @path.setter + def path(self, value: pulumi.Input[str]): + pulumi.set(self, "path", value) + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> pulumi.Input[str]: + """ + RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + """ + return pulumi.get(self, "role_id") + + @role_id.setter + def role_id(self, value: pulumi.Input[str]): + pulumi.set(self, "role_id", value) + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> pulumi.Input['IssuerSpecVaultAuthAppRoleSecretRefArgs']: + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + return pulumi.get(self, "secret_ref") + + @secret_ref.setter + def secret_ref(self, value: pulumi.Input['IssuerSpecVaultAuthAppRoleSecretRefArgs']): + pulumi.set(self, "secret_ref", value) + + +@pulumi.input_type +class IssuerSpecVaultAuthKubernetesSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecVaultAuthKubernetesServiceAccountRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str]): + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + :param pulumi.Input[str] name: Name of the ServiceAccount used to request a token. + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the ServiceAccount used to request a token. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class IssuerSpecVaultAuthKubernetesArgs: + def __init__(__self__, *, + role: pulumi.Input[str], + mount_path: Optional[pulumi.Input[str]] = None, + secret_ref: Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesSecretRefArgs']] = None, + service_account_ref: Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesServiceAccountRefArgs']] = None): + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param pulumi.Input[str] role: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + :param pulumi.Input[str] mount_path: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + :param pulumi.Input['IssuerSpecVaultAuthKubernetesSecretRefArgs'] secret_ref: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param pulumi.Input['IssuerSpecVaultAuthKubernetesServiceAccountRefArgs'] service_account_ref: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + pulumi.set(__self__, "role", role) + if mount_path is not None: + pulumi.set(__self__, "mount_path", mount_path) + if secret_ref is not None: + pulumi.set(__self__, "secret_ref", secret_ref) + if service_account_ref is not None: + pulumi.set(__self__, "service_account_ref", service_account_ref) + + @property + @pulumi.getter + def role(self) -> pulumi.Input[str]: + """ + A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: pulumi.Input[str]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter(name="mountPath") + def mount_path(self) -> Optional[pulumi.Input[str]]: + """ + The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + """ + return pulumi.get(self, "mount_path") + + @mount_path.setter + def mount_path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "mount_path", value) + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesSecretRefArgs']]: + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + """ + return pulumi.get(self, "secret_ref") + + @secret_ref.setter + def secret_ref(self, value: Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesSecretRefArgs']]): + pulumi.set(self, "secret_ref", value) + + @property + @pulumi.getter(name="serviceAccountRef") + def service_account_ref(self) -> Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesServiceAccountRefArgs']]: + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + return pulumi.get(self, "service_account_ref") + + @service_account_ref.setter + def service_account_ref(self, value: Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesServiceAccountRefArgs']]): + pulumi.set(self, "service_account_ref", value) + + +@pulumi.input_type +class IssuerSpecVaultAuthTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + TokenSecretRef authenticates with Vault by presenting a token. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecVaultAuthArgs: + def __init__(__self__, *, + app_role: Optional[pulumi.Input['IssuerSpecVaultAuthAppRoleArgs']] = None, + kubernetes: Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesArgs']] = None, + token_secret_ref: Optional[pulumi.Input['IssuerSpecVaultAuthTokenSecretRefArgs']] = None): + """ + Auth configures how cert-manager authenticates with the Vault server. + :param pulumi.Input['IssuerSpecVaultAuthAppRoleArgs'] app_role: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param pulumi.Input['IssuerSpecVaultAuthKubernetesArgs'] kubernetes: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param pulumi.Input['IssuerSpecVaultAuthTokenSecretRefArgs'] token_secret_ref: TokenSecretRef authenticates with Vault by presenting a token. + """ + if app_role is not None: + pulumi.set(__self__, "app_role", app_role) + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if token_secret_ref is not None: + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="appRole") + def app_role(self) -> Optional[pulumi.Input['IssuerSpecVaultAuthAppRoleArgs']]: + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + """ + return pulumi.get(self, "app_role") + + @app_role.setter + def app_role(self, value: Optional[pulumi.Input['IssuerSpecVaultAuthAppRoleArgs']]): + pulumi.set(self, "app_role", value) + + @property + @pulumi.getter + def kubernetes(self) -> Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesArgs']]: + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + """ + return pulumi.get(self, "kubernetes") + + @kubernetes.setter + def kubernetes(self, value: Optional[pulumi.Input['IssuerSpecVaultAuthKubernetesArgs']]): + pulumi.set(self, "kubernetes", value) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecVaultAuthTokenSecretRefArgs']]: + """ + TokenSecretRef authenticates with Vault by presenting a token. + """ + return pulumi.get(self, "token_secret_ref") + + @token_secret_ref.setter + def token_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecVaultAuthTokenSecretRefArgs']]): + pulumi.set(self, "token_secret_ref", value) + + +@pulumi.input_type +class IssuerSpecVaultCaBundleSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecVaultArgs: + def __init__(__self__, *, + auth: pulumi.Input['IssuerSpecVaultAuthArgs'], + path: pulumi.Input[str], + server: pulumi.Input[str], + ca_bundle: Optional[pulumi.Input[str]] = None, + ca_bundle_secret_ref: Optional[pulumi.Input['IssuerSpecVaultCaBundleSecretRefArgs']] = None, + namespace: Optional[pulumi.Input[str]] = None): + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param pulumi.Input['IssuerSpecVaultAuthArgs'] auth: Auth configures how cert-manager authenticates with the Vault server. + :param pulumi.Input[str] path: Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + :param pulumi.Input[str] server: Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + :param pulumi.Input[str] ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + :param pulumi.Input['IssuerSpecVaultCaBundleSecretRefArgs'] ca_bundle_secret_ref: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param pulumi.Input[str] namespace: Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + pulumi.set(__self__, "auth", auth) + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if ca_bundle_secret_ref is not None: + pulumi.set(__self__, "ca_bundle_secret_ref", ca_bundle_secret_ref) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + + @property + @pulumi.getter + def auth(self) -> pulumi.Input['IssuerSpecVaultAuthArgs']: + """ + Auth configures how cert-manager authenticates with the Vault server. + """ + return pulumi.get(self, "auth") + + @auth.setter + def auth(self, value: pulumi.Input['IssuerSpecVaultAuthArgs']): + pulumi.set(self, "auth", value) + + @property + @pulumi.getter + def path(self) -> pulumi.Input[str]: + """ + Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + """ + return pulumi.get(self, "path") + + @path.setter + def path(self, value: pulumi.Input[str]): + pulumi.set(self, "path", value) + + @property + @pulumi.getter + def server(self) -> pulumi.Input[str]: + """ + Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + """ + return pulumi.get(self, "server") + + @server.setter + def server(self, value: pulumi.Input[str]): + pulumi.set(self, "server", value) + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[pulumi.Input[str]]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @ca_bundle.setter + def ca_bundle(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ca_bundle", value) + + @property + @pulumi.getter(name="caBundleSecretRef") + def ca_bundle_secret_ref(self) -> Optional[pulumi.Input['IssuerSpecVaultCaBundleSecretRefArgs']]: + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + """ + return pulumi.get(self, "ca_bundle_secret_ref") + + @ca_bundle_secret_ref.setter + def ca_bundle_secret_ref(self, value: Optional[pulumi.Input['IssuerSpecVaultCaBundleSecretRefArgs']]): + pulumi.set(self, "ca_bundle_secret_ref", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + +@pulumi.input_type +class IssuerSpecVenafiCloudApiTokenSecretRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str], + key: Optional[pulumi.Input[str]] = None): + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param pulumi.Input[str] key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + +@pulumi.input_type +class IssuerSpecVenafiCloudArgs: + def __init__(__self__, *, + api_token_secret_ref: pulumi.Input['IssuerSpecVenafiCloudApiTokenSecretRefArgs'], + url: Optional[pulumi.Input[str]] = None): + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param pulumi.Input['IssuerSpecVenafiCloudApiTokenSecretRefArgs'] api_token_secret_ref: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param pulumi.Input[str] url: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> pulumi.Input['IssuerSpecVenafiCloudApiTokenSecretRefArgs']: + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + """ + return pulumi.get(self, "api_token_secret_ref") + + @api_token_secret_ref.setter + def api_token_secret_ref(self, value: pulumi.Input['IssuerSpecVenafiCloudApiTokenSecretRefArgs']): + pulumi.set(self, "api_token_secret_ref", value) + + @property + @pulumi.getter + def url(self) -> Optional[pulumi.Input[str]]: + """ + URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "url", value) + + +@pulumi.input_type +class IssuerSpecVenafiTppCredentialsRefArgs: + def __init__(__self__, *, + name: pulumi.Input[str]): + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param pulumi.Input[str] name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> pulumi.Input[str]: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: pulumi.Input[str]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class IssuerSpecVenafiTppArgs: + def __init__(__self__, *, + credentials_ref: pulumi.Input['IssuerSpecVenafiTppCredentialsRefArgs'], + url: pulumi.Input[str], + ca_bundle: Optional[pulumi.Input[str]] = None): + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + :param pulumi.Input['IssuerSpecVenafiTppCredentialsRefArgs'] credentials_ref: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param pulumi.Input[str] url: URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + :param pulumi.Input[str] ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + pulumi.set(__self__, "credentials_ref", credentials_ref) + pulumi.set(__self__, "url", url) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + + @property + @pulumi.getter(name="credentialsRef") + def credentials_ref(self) -> pulumi.Input['IssuerSpecVenafiTppCredentialsRefArgs']: + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + """ + return pulumi.get(self, "credentials_ref") + + @credentials_ref.setter + def credentials_ref(self, value: pulumi.Input['IssuerSpecVenafiTppCredentialsRefArgs']): + pulumi.set(self, "credentials_ref", value) + + @property + @pulumi.getter + def url(self) -> pulumi.Input[str]: + """ + URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + """ + return pulumi.get(self, "url") + + @url.setter + def url(self, value: pulumi.Input[str]): + pulumi.set(self, "url", value) + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[pulumi.Input[str]]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + return pulumi.get(self, "ca_bundle") + + @ca_bundle.setter + def ca_bundle(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ca_bundle", value) + + +@pulumi.input_type +class IssuerSpecVenafiArgs: + def __init__(__self__, *, + zone: pulumi.Input[str], + cloud: Optional[pulumi.Input['IssuerSpecVenafiCloudArgs']] = None, + tpp: Optional[pulumi.Input['IssuerSpecVenafiTppArgs']] = None): + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + :param pulumi.Input[str] zone: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + :param pulumi.Input['IssuerSpecVenafiCloudArgs'] cloud: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param pulumi.Input['IssuerSpecVenafiTppArgs'] tpp: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + pulumi.set(__self__, "zone", zone) + if cloud is not None: + pulumi.set(__self__, "cloud", cloud) + if tpp is not None: + pulumi.set(__self__, "tpp", tpp) + + @property + @pulumi.getter + def zone(self) -> pulumi.Input[str]: + """ + Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + """ + return pulumi.get(self, "zone") + + @zone.setter + def zone(self, value: pulumi.Input[str]): + pulumi.set(self, "zone", value) + + @property + @pulumi.getter + def cloud(self) -> Optional[pulumi.Input['IssuerSpecVenafiCloudArgs']]: + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "cloud") + + @cloud.setter + def cloud(self, value: Optional[pulumi.Input['IssuerSpecVenafiCloudArgs']]): + pulumi.set(self, "cloud", value) + + @property + @pulumi.getter + def tpp(self) -> Optional[pulumi.Input['IssuerSpecVenafiTppArgs']]: + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "tpp") + + @tpp.setter + def tpp(self, value: Optional[pulumi.Input['IssuerSpecVenafiTppArgs']]): + pulumi.set(self, "tpp", value) + + +@pulumi.input_type +class IssuerSpecArgs: + def __init__(__self__, *, + acme: Optional[pulumi.Input['IssuerSpecAcmeArgs']] = None, + ca: Optional[pulumi.Input['IssuerSpecCaArgs']] = None, + self_signed: Optional[pulumi.Input['IssuerSpecSelfSignedArgs']] = None, + vault: Optional[pulumi.Input['IssuerSpecVaultArgs']] = None, + venafi: Optional[pulumi.Input['IssuerSpecVenafiArgs']] = None): + """ + Desired state of the Issuer resource. + :param pulumi.Input['IssuerSpecAcmeArgs'] acme: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param pulumi.Input['IssuerSpecCaArgs'] ca: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param pulumi.Input['IssuerSpecSelfSignedArgs'] self_signed: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param pulumi.Input['IssuerSpecVaultArgs'] vault: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param pulumi.Input['IssuerSpecVenafiArgs'] venafi: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if ca is not None: + pulumi.set(__self__, "ca", ca) + if self_signed is not None: + pulumi.set(__self__, "self_signed", self_signed) + if vault is not None: + pulumi.set(__self__, "vault", vault) + if venafi is not None: + pulumi.set(__self__, "venafi", venafi) + + @property + @pulumi.getter + def acme(self) -> Optional[pulumi.Input['IssuerSpecAcmeArgs']]: + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + """ + return pulumi.get(self, "acme") + + @acme.setter + def acme(self, value: Optional[pulumi.Input['IssuerSpecAcmeArgs']]): + pulumi.set(self, "acme", value) + + @property + @pulumi.getter + def ca(self) -> Optional[pulumi.Input['IssuerSpecCaArgs']]: + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + """ + return pulumi.get(self, "ca") + + @ca.setter + def ca(self, value: Optional[pulumi.Input['IssuerSpecCaArgs']]): + pulumi.set(self, "ca", value) + + @property + @pulumi.getter(name="selfSigned") + def self_signed(self) -> Optional[pulumi.Input['IssuerSpecSelfSignedArgs']]: + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + """ + return pulumi.get(self, "self_signed") + + @self_signed.setter + def self_signed(self, value: Optional[pulumi.Input['IssuerSpecSelfSignedArgs']]): + pulumi.set(self, "self_signed", value) + + @property + @pulumi.getter + def vault(self) -> Optional[pulumi.Input['IssuerSpecVaultArgs']]: + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + """ + return pulumi.get(self, "vault") + + @vault.setter + def vault(self, value: Optional[pulumi.Input['IssuerSpecVaultArgs']]): + pulumi.set(self, "vault", value) + + @property + @pulumi.getter + def venafi(self) -> Optional[pulumi.Input['IssuerSpecVenafiArgs']]: + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + return pulumi.get(self, "venafi") + + @venafi.setter + def venafi(self, value: Optional[pulumi.Input['IssuerSpecVenafiArgs']]): + pulumi.set(self, "venafi", value) + + +@pulumi.input_type +class IssuerStatusAcmeArgs: + def __init__(__self__, *, + last_private_key_hash: Optional[pulumi.Input[str]] = None, + last_registered_email: Optional[pulumi.Input[str]] = None, + uri: Optional[pulumi.Input[str]] = None): + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param pulumi.Input[str] last_private_key_hash: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param pulumi.Input[str] last_registered_email: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param pulumi.Input[str] uri: URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + if last_private_key_hash is not None: + pulumi.set(__self__, "last_private_key_hash", last_private_key_hash) + if last_registered_email is not None: + pulumi.set(__self__, "last_registered_email", last_registered_email) + if uri is not None: + pulumi.set(__self__, "uri", uri) + + @property + @pulumi.getter(name="lastPrivateKeyHash") + def last_private_key_hash(self) -> Optional[pulumi.Input[str]]: + """ + LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_private_key_hash") + + @last_private_key_hash.setter + def last_private_key_hash(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_private_key_hash", value) + + @property + @pulumi.getter(name="lastRegisteredEmail") + def last_registered_email(self) -> Optional[pulumi.Input[str]]: + """ + LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_registered_email") + + @last_registered_email.setter + def last_registered_email(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_registered_email", value) + + @property + @pulumi.getter + def uri(self) -> Optional[pulumi.Input[str]]: + """ + URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + return pulumi.get(self, "uri") + + @uri.setter + def uri(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "uri", value) + + +@pulumi.input_type +class IssuerStatusConditionsArgs: + def __init__(__self__, *, + status: pulumi.Input[str], + type: pulumi.Input[str], + last_transition_time: Optional[pulumi.Input[str]] = None, + message: Optional[pulumi.Input[str]] = None, + observed_generation: Optional[pulumi.Input[int]] = None, + reason: Optional[pulumi.Input[str]] = None): + """ + IssuerCondition contains condition information for an Issuer. + :param pulumi.Input[str] status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param pulumi.Input[str] type: Type of the condition, known values are (`Ready`). + :param pulumi.Input[str] last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param pulumi.Input[str] message: Message is a human readable description of the details of the last transition, complementing reason. + :param pulumi.Input[int] observed_generation: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + :param pulumi.Input[str] reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if observed_generation is not None: + pulumi.set(__self__, "observed_generation", observed_generation) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> pulumi.Input[str]: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: pulumi.Input[str]): + pulumi.set(self, "status", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + Type of the condition, known values are (`Ready`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[pulumi.Input[str]]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @last_transition_time.setter + def last_transition_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_transition_time", value) + + @property + @pulumi.getter + def message(self) -> Optional[pulumi.Input[str]]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @message.setter + def message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "message", value) + + @property + @pulumi.getter(name="observedGeneration") + def observed_generation(self) -> Optional[pulumi.Input[int]]: + """ + If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + """ + return pulumi.get(self, "observed_generation") + + @observed_generation.setter + def observed_generation(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "observed_generation", value) + + @property + @pulumi.getter + def reason(self) -> Optional[pulumi.Input[str]]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + @reason.setter + def reason(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "reason", value) + + +@pulumi.input_type +class IssuerStatusArgs: + def __init__(__self__, *, + acme: Optional[pulumi.Input['IssuerStatusAcmeArgs']] = None, + conditions: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerStatusConditionsArgs']]]] = None): + """ + Status of the Issuer. This is set and managed automatically. + :param pulumi.Input['IssuerStatusAcmeArgs'] acme: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param pulumi.Input[Sequence[pulumi.Input['IssuerStatusConditionsArgs']]] conditions: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + + @property + @pulumi.getter + def acme(self) -> Optional[pulumi.Input['IssuerStatusAcmeArgs']]: + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + """ + return pulumi.get(self, "acme") + + @acme.setter + def acme(self, value: Optional[pulumi.Input['IssuerStatusAcmeArgs']]): + pulumi.set(self, "acme", value) + + @property + @pulumi.getter + def conditions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['IssuerStatusConditionsArgs']]]]: + """ + List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + return pulumi.get(self, "conditions") + + @conditions.setter + def conditions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['IssuerStatusConditionsArgs']]]]): + pulumi.set(self, "conditions", value) + + diff --git a/sdk/python/pulumi_cert_manager_resources/certmanager/v1/outputs.py b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/outputs.py new file mode 100644 index 0000000..797cb69 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/certmanager/v1/outputs.py @@ -0,0 +1,12777 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from ... import _utilities +from . import outputs + +__all__ = [ + 'CertificateRequestSpec', + 'CertificateRequestSpecIssuerRef', + 'CertificateRequestStatus', + 'CertificateRequestStatusConditions', + 'CertificateSpec', + 'CertificateSpecAdditionalOutputFormats', + 'CertificateSpecIssuerRef', + 'CertificateSpecKeystores', + 'CertificateSpecKeystoresJks', + 'CertificateSpecKeystoresJksPasswordSecretRef', + 'CertificateSpecKeystoresPkcs12', + 'CertificateSpecKeystoresPkcs12PasswordSecretRef', + 'CertificateSpecNameConstraints', + 'CertificateSpecNameConstraintsExcluded', + 'CertificateSpecNameConstraintsPermitted', + 'CertificateSpecOtherNames', + 'CertificateSpecPrivateKey', + 'CertificateSpecSecretTemplate', + 'CertificateSpecSubject', + 'CertificateStatus', + 'CertificateStatusConditions', + 'ClusterIssuerSpec', + 'ClusterIssuerSpecAcme', + 'ClusterIssuerSpecAcmeExternalAccountBinding', + 'ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef', + 'ClusterIssuerSpecAcmePrivateKeySecretRef', + 'ClusterIssuerSpecAcmeSolvers', + 'ClusterIssuerSpecAcmeSolversDns01', + 'ClusterIssuerSpecAcmeSolversDns01AcmeDns', + 'ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01Akamai', + 'ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01AzureDns', + 'ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity', + 'ClusterIssuerSpecAcmeSolversDns01CloudDns', + 'ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01Cloudflare', + 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef', + 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01Digitalocean', + 'ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01Rfc2136', + 'ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef', + 'ClusterIssuerSpecAcmeSolversDns01Route53', + 'ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef', + 'ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef', + 'ClusterIssuerSpecAcmeSolversDns01Webhook', + 'ClusterIssuerSpecAcmeSolversHttp01', + 'ClusterIssuerSpecAcmeSolversHttp01GatewayHttproute', + 'ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs', + 'ClusterIssuerSpecAcmeSolversHttp01Ingress', + 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate', + 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets', + 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations', + 'ClusterIssuerSpecAcmeSolversSelector', + 'ClusterIssuerSpecCa', + 'ClusterIssuerSpecSelfSigned', + 'ClusterIssuerSpecVault', + 'ClusterIssuerSpecVaultAuth', + 'ClusterIssuerSpecVaultAuthAppRole', + 'ClusterIssuerSpecVaultAuthAppRoleSecretRef', + 'ClusterIssuerSpecVaultAuthKubernetes', + 'ClusterIssuerSpecVaultAuthKubernetesSecretRef', + 'ClusterIssuerSpecVaultAuthKubernetesServiceAccountRef', + 'ClusterIssuerSpecVaultAuthTokenSecretRef', + 'ClusterIssuerSpecVaultCaBundleSecretRef', + 'ClusterIssuerSpecVenafi', + 'ClusterIssuerSpecVenafiCloud', + 'ClusterIssuerSpecVenafiCloudApiTokenSecretRef', + 'ClusterIssuerSpecVenafiTpp', + 'ClusterIssuerSpecVenafiTppCredentialsRef', + 'ClusterIssuerStatus', + 'ClusterIssuerStatusAcme', + 'ClusterIssuerStatusConditions', + 'IssuerSpec', + 'IssuerSpecAcme', + 'IssuerSpecAcmeExternalAccountBinding', + 'IssuerSpecAcmeExternalAccountBindingKeySecretRef', + 'IssuerSpecAcmePrivateKeySecretRef', + 'IssuerSpecAcmeSolvers', + 'IssuerSpecAcmeSolversDns01', + 'IssuerSpecAcmeSolversDns01AcmeDns', + 'IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef', + 'IssuerSpecAcmeSolversDns01Akamai', + 'IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef', + 'IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef', + 'IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef', + 'IssuerSpecAcmeSolversDns01AzureDns', + 'IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef', + 'IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity', + 'IssuerSpecAcmeSolversDns01CloudDns', + 'IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef', + 'IssuerSpecAcmeSolversDns01Cloudflare', + 'IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef', + 'IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef', + 'IssuerSpecAcmeSolversDns01Digitalocean', + 'IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef', + 'IssuerSpecAcmeSolversDns01Rfc2136', + 'IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef', + 'IssuerSpecAcmeSolversDns01Route53', + 'IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef', + 'IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef', + 'IssuerSpecAcmeSolversDns01Webhook', + 'IssuerSpecAcmeSolversHttp01', + 'IssuerSpecAcmeSolversHttp01GatewayHttproute', + 'IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs', + 'IssuerSpecAcmeSolversHttp01Ingress', + 'IssuerSpecAcmeSolversHttp01IngressIngressTemplate', + 'IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplate', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets', + 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations', + 'IssuerSpecAcmeSolversSelector', + 'IssuerSpecCa', + 'IssuerSpecSelfSigned', + 'IssuerSpecVault', + 'IssuerSpecVaultAuth', + 'IssuerSpecVaultAuthAppRole', + 'IssuerSpecVaultAuthAppRoleSecretRef', + 'IssuerSpecVaultAuthKubernetes', + 'IssuerSpecVaultAuthKubernetesSecretRef', + 'IssuerSpecVaultAuthKubernetesServiceAccountRef', + 'IssuerSpecVaultAuthTokenSecretRef', + 'IssuerSpecVaultCaBundleSecretRef', + 'IssuerSpecVenafi', + 'IssuerSpecVenafiCloud', + 'IssuerSpecVenafiCloudApiTokenSecretRef', + 'IssuerSpecVenafiTpp', + 'IssuerSpecVenafiTppCredentialsRef', + 'IssuerStatus', + 'IssuerStatusAcme', + 'IssuerStatusConditions', +] + +@pulumi.output_type +class CertificateRequestSpec(dict): + """ + Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "issuerRef": + suggest = "issuer_ref" + elif key == "isCA": + suggest = "is_ca" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateRequestSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateRequestSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateRequestSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + issuer_ref: 'outputs.CertificateRequestSpecIssuerRef', + request: str, + duration: Optional[str] = None, + extra: Optional[Mapping[str, Sequence[str]]] = None, + groups: Optional[Sequence[str]] = None, + is_ca: Optional[bool] = None, + uid: Optional[str] = None, + usages: Optional[Sequence[str]] = None, + username: Optional[str] = None): + """ + Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param 'CertificateRequestSpecIssuerRefArgs' issuer_ref: Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param str request: The PEM-encoded X.509 certificate signing request to be submitted to the issuer for signing. + If the CSR has a BasicConstraints extension, its isCA attribute must match the `isCA` value of this CertificateRequest. If the CSR has a KeyUsage extension, its key usages must match the key usages in the `usages` field of this CertificateRequest. If the CSR has a ExtKeyUsage extension, its extended key usages must match the extended key usages in the `usages` field of this CertificateRequest. + :param str duration: Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + :param Mapping[str, Sequence[str]] extra: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + :param Sequence[str] groups: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + :param bool is_ca: Requested basic constraints isCA value. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + NOTE: If the CSR in the `Request` field has a BasicConstraints extension, it must have the same isCA value as specified here. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + :param str uid: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + :param Sequence[str] usages: Requested key usages and extended key usages. + NOTE: If the CSR in the `Request` field has uses the KeyUsage or ExtKeyUsage extension, these extensions must have the same values as specified here without any additional values. + If unset, defaults to `digital signature` and `key encipherment`. + :param str username: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "request", request) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if extra is not None: + pulumi.set(__self__, "extra", extra) + if groups is not None: + pulumi.set(__self__, "groups", groups) + if is_ca is not None: + pulumi.set(__self__, "is_ca", is_ca) + if uid is not None: + pulumi.set(__self__, "uid", uid) + if usages is not None: + pulumi.set(__self__, "usages", usages) + if username is not None: + pulumi.set(__self__, "username", username) + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> 'outputs.CertificateRequestSpecIssuerRef': + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + """ + return pulumi.get(self, "issuer_ref") + + @property + @pulumi.getter + def request(self) -> str: + """ + The PEM-encoded X.509 certificate signing request to be submitted to the issuer for signing. + If the CSR has a BasicConstraints extension, its isCA attribute must match the `isCA` value of this CertificateRequest. If the CSR has a KeyUsage extension, its key usages must match the key usages in the `usages` field of this CertificateRequest. If the CSR has a ExtKeyUsage extension, its extended key usages must match the extended key usages in the `usages` field of this CertificateRequest. + """ + return pulumi.get(self, "request") + + @property + @pulumi.getter + def duration(self) -> Optional[str]: + """ + Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + """ + return pulumi.get(self, "duration") + + @property + @pulumi.getter + def extra(self) -> Optional[Mapping[str, Sequence[str]]]: + """ + Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "extra") + + @property + @pulumi.getter + def groups(self) -> Optional[Sequence[str]]: + """ + Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "groups") + + @property + @pulumi.getter(name="isCA") + def is_ca(self) -> Optional[bool]: + """ + Requested basic constraints isCA value. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + NOTE: If the CSR in the `Request` field has a BasicConstraints extension, it must have the same isCA value as specified here. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + """ + return pulumi.get(self, "is_ca") + + @property + @pulumi.getter + def uid(self) -> Optional[str]: + """ + UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "uid") + + @property + @pulumi.getter + def usages(self) -> Optional[Sequence[str]]: + """ + Requested key usages and extended key usages. + NOTE: If the CSR in the `Request` field has uses the KeyUsage or ExtKeyUsage extension, these extensions must have the same values as specified here without any additional values. + If unset, defaults to `digital signature` and `key encipherment`. + """ + return pulumi.get(self, "usages") + + @property + @pulumi.getter + def username(self) -> Optional[str]: + """ + Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + """ + return pulumi.get(self, "username") + + +@pulumi.output_type +class CertificateRequestSpecIssuerRef(dict): + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + """ + def __init__(__self__, *, + name: str, + group: Optional[str] = None, + kind: Optional[str] = None): + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param str name: Name of the resource being referred to. + :param str group: Group of the resource being referred to. + :param str kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def group(self) -> Optional[str]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + +@pulumi.output_type +class CertificateRequestStatus(dict): + """ + Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "failureTime": + suggest = "failure_time" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateRequestStatus. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateRequestStatus.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateRequestStatus.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + ca: Optional[str] = None, + certificate: Optional[str] = None, + conditions: Optional[Sequence['outputs.CertificateRequestStatusConditions']] = None, + failure_time: Optional[str] = None): + """ + Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param str ca: The PEM encoded X.509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. + :param str certificate: The PEM encoded X.509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. + :param Sequence['CertificateRequestStatusConditionsArgs'] conditions: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + :param str failure_time: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. + """ + if ca is not None: + pulumi.set(__self__, "ca", ca) + if certificate is not None: + pulumi.set(__self__, "certificate", certificate) + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + if failure_time is not None: + pulumi.set(__self__, "failure_time", failure_time) + + @property + @pulumi.getter + def ca(self) -> Optional[str]: + """ + The PEM encoded X.509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. + """ + return pulumi.get(self, "ca") + + @property + @pulumi.getter + def certificate(self) -> Optional[str]: + """ + The PEM encoded X.509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. + """ + return pulumi.get(self, "certificate") + + @property + @pulumi.getter + def conditions(self) -> Optional[Sequence['outputs.CertificateRequestStatusConditions']]: + """ + List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + """ + return pulumi.get(self, "conditions") + + @property + @pulumi.getter(name="failureTime") + def failure_time(self) -> Optional[str]: + """ + FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. + """ + return pulumi.get(self, "failure_time") + + +@pulumi.output_type +class CertificateRequestStatusConditions(dict): + """ + CertificateRequestCondition contains condition information for a CertificateRequest. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastTransitionTime": + suggest = "last_transition_time" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateRequestStatusConditions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateRequestStatusConditions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateRequestStatusConditions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + status: str, + type: str, + last_transition_time: Optional[str] = None, + message: Optional[str] = None, + reason: Optional[str] = None): + """ + CertificateRequestCondition contains condition information for a CertificateRequest. + :param str status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param str type: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). + :param str last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param str message: Message is a human readable description of the details of the last transition, complementing reason. + :param str reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> str: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @property + @pulumi.getter + def type(self) -> str: + """ + Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[str]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @property + @pulumi.getter + def message(self) -> Optional[str]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @property + @pulumi.getter + def reason(self) -> Optional[str]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + +@pulumi.output_type +class CertificateSpec(dict): + """ + Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "issuerRef": + suggest = "issuer_ref" + elif key == "secretName": + suggest = "secret_name" + elif key == "additionalOutputFormats": + suggest = "additional_output_formats" + elif key == "commonName": + suggest = "common_name" + elif key == "dnsNames": + suggest = "dns_names" + elif key == "emailAddresses": + suggest = "email_addresses" + elif key == "encodeUsagesInRequest": + suggest = "encode_usages_in_request" + elif key == "ipAddresses": + suggest = "ip_addresses" + elif key == "isCA": + suggest = "is_ca" + elif key == "literalSubject": + suggest = "literal_subject" + elif key == "nameConstraints": + suggest = "name_constraints" + elif key == "otherNames": + suggest = "other_names" + elif key == "privateKey": + suggest = "private_key" + elif key == "renewBefore": + suggest = "renew_before" + elif key == "revisionHistoryLimit": + suggest = "revision_history_limit" + elif key == "secretTemplate": + suggest = "secret_template" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + issuer_ref: 'outputs.CertificateSpecIssuerRef', + secret_name: str, + additional_output_formats: Optional[Sequence['outputs.CertificateSpecAdditionalOutputFormats']] = None, + common_name: Optional[str] = None, + dns_names: Optional[Sequence[str]] = None, + duration: Optional[str] = None, + email_addresses: Optional[Sequence[str]] = None, + encode_usages_in_request: Optional[bool] = None, + ip_addresses: Optional[Sequence[str]] = None, + is_ca: Optional[bool] = None, + keystores: Optional['outputs.CertificateSpecKeystores'] = None, + literal_subject: Optional[str] = None, + name_constraints: Optional['outputs.CertificateSpecNameConstraints'] = None, + other_names: Optional[Sequence['outputs.CertificateSpecOtherNames']] = None, + private_key: Optional['outputs.CertificateSpecPrivateKey'] = None, + renew_before: Optional[str] = None, + revision_history_limit: Optional[int] = None, + secret_template: Optional['outputs.CertificateSpecSecretTemplate'] = None, + subject: Optional['outputs.CertificateSpecSubject'] = None, + uris: Optional[Sequence[str]] = None, + usages: Optional[Sequence[str]] = None): + """ + Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param 'CertificateSpecIssuerRefArgs' issuer_ref: Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param str secret_name: Name of the Secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. The Secret resource lives in the same namespace as the Certificate resource. + :param Sequence['CertificateSpecAdditionalOutputFormatsArgs'] additional_output_formats: Defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. + This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both the controller and webhook components. + :param str common_name: Requested common name X509 certificate subject attribute. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 NOTE: TLS clients will ignore this value when any subject alternative name is set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + Should have a length of 64 characters or fewer to avoid generating invalid CSRs. Cannot be set if the `literalSubject` field is set. + :param Sequence[str] dns_names: Requested DNS subject alternative names. + :param str duration: Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + If unset, this defaults to 90 days. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + :param Sequence[str] email_addresses: Requested email subject alternative names. + :param bool encode_usages_in_request: Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + This option defaults to true, and should only be disabled if the target issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. + :param Sequence[str] ip_addresses: Requested IP address subject alternative names. + :param bool is_ca: Requested basic constraints isCA value. The isCA value is used to set the `isCA` field on the created CertificateRequest resources. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + :param 'CertificateSpecKeystoresArgs' keystores: Additional keystore output formats to be stored in the Certificate's Secret. + :param str literal_subject: Requested X.509 certificate subject, represented using the LDAP "String Representation of a Distinguished Name" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 + Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components. + :param 'CertificateSpecNameConstraintsArgs' name_constraints: x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components. + :param Sequence['CertificateSpecOtherNamesArgs'] other_names: `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this. + :param 'CertificateSpecPrivateKeyArgs' private_key: Private key options. These include the key algorithm and size, the used encoding and the rotation policy. + :param str renew_before: How long before the currently issued certificate's expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). + NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate. + If unset, this defaults to 1/3 of the issued certificate's lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + :param int revision_history_limit: The maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. + If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + :param 'CertificateSpecSecretTemplateArgs' secret_template: Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + :param 'CertificateSpecSubjectArgs' subject: Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set. + :param Sequence[str] uris: Requested URI subject alternative names. + :param Sequence[str] usages: Requested key usages and extended key usages. These usages are used to set the `usages` field on the created CertificateRequest resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages will additionally be encoded in the `request` field which contains the CSR blob. + If unset, defaults to `digital signature` and `key encipherment`. + """ + pulumi.set(__self__, "issuer_ref", issuer_ref) + pulumi.set(__self__, "secret_name", secret_name) + if additional_output_formats is not None: + pulumi.set(__self__, "additional_output_formats", additional_output_formats) + if common_name is not None: + pulumi.set(__self__, "common_name", common_name) + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if email_addresses is not None: + pulumi.set(__self__, "email_addresses", email_addresses) + if encode_usages_in_request is not None: + pulumi.set(__self__, "encode_usages_in_request", encode_usages_in_request) + if ip_addresses is not None: + pulumi.set(__self__, "ip_addresses", ip_addresses) + if is_ca is not None: + pulumi.set(__self__, "is_ca", is_ca) + if keystores is not None: + pulumi.set(__self__, "keystores", keystores) + if literal_subject is not None: + pulumi.set(__self__, "literal_subject", literal_subject) + if name_constraints is not None: + pulumi.set(__self__, "name_constraints", name_constraints) + if other_names is not None: + pulumi.set(__self__, "other_names", other_names) + if private_key is not None: + pulumi.set(__self__, "private_key", private_key) + if renew_before is not None: + pulumi.set(__self__, "renew_before", renew_before) + if revision_history_limit is not None: + pulumi.set(__self__, "revision_history_limit", revision_history_limit) + if secret_template is not None: + pulumi.set(__self__, "secret_template", secret_template) + if subject is not None: + pulumi.set(__self__, "subject", subject) + if uris is not None: + pulumi.set(__self__, "uris", uris) + if usages is not None: + pulumi.set(__self__, "usages", usages) + + @property + @pulumi.getter(name="issuerRef") + def issuer_ref(self) -> 'outputs.CertificateSpecIssuerRef': + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + """ + return pulumi.get(self, "issuer_ref") + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> str: + """ + Name of the Secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. The Secret resource lives in the same namespace as the Certificate resource. + """ + return pulumi.get(self, "secret_name") + + @property + @pulumi.getter(name="additionalOutputFormats") + def additional_output_formats(self) -> Optional[Sequence['outputs.CertificateSpecAdditionalOutputFormats']]: + """ + Defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. + This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both the controller and webhook components. + """ + return pulumi.get(self, "additional_output_formats") + + @property + @pulumi.getter(name="commonName") + def common_name(self) -> Optional[str]: + """ + Requested common name X509 certificate subject attribute. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 NOTE: TLS clients will ignore this value when any subject alternative name is set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + Should have a length of 64 characters or fewer to avoid generating invalid CSRs. Cannot be set if the `literalSubject` field is set. + """ + return pulumi.get(self, "common_name") + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[Sequence[str]]: + """ + Requested DNS subject alternative names. + """ + return pulumi.get(self, "dns_names") + + @property + @pulumi.getter + def duration(self) -> Optional[str]: + """ + Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. + If unset, this defaults to 90 days. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + """ + return pulumi.get(self, "duration") + + @property + @pulumi.getter(name="emailAddresses") + def email_addresses(self) -> Optional[Sequence[str]]: + """ + Requested email subject alternative names. + """ + return pulumi.get(self, "email_addresses") + + @property + @pulumi.getter(name="encodeUsagesInRequest") + def encode_usages_in_request(self) -> Optional[bool]: + """ + Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + This option defaults to true, and should only be disabled if the target issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. + """ + return pulumi.get(self, "encode_usages_in_request") + + @property + @pulumi.getter(name="ipAddresses") + def ip_addresses(self) -> Optional[Sequence[str]]: + """ + Requested IP address subject alternative names. + """ + return pulumi.get(self, "ip_addresses") + + @property + @pulumi.getter(name="isCA") + def is_ca(self) -> Optional[bool]: + """ + Requested basic constraints isCA value. The isCA value is used to set the `isCA` field on the created CertificateRequest resources. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. + If true, this will automatically add the `cert sign` usage to the list of requested `usages`. + """ + return pulumi.get(self, "is_ca") + + @property + @pulumi.getter + def keystores(self) -> Optional['outputs.CertificateSpecKeystores']: + """ + Additional keystore output formats to be stored in the Certificate's Secret. + """ + return pulumi.get(self, "keystores") + + @property + @pulumi.getter(name="literalSubject") + def literal_subject(self) -> Optional[str]: + """ + Requested X.509 certificate subject, represented using the LDAP "String Representation of a Distinguished Name" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 + Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components. + """ + return pulumi.get(self, "literal_subject") + + @property + @pulumi.getter(name="nameConstraints") + def name_constraints(self) -> Optional['outputs.CertificateSpecNameConstraints']: + """ + x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components. + """ + return pulumi.get(self, "name_constraints") + + @property + @pulumi.getter(name="otherNames") + def other_names(self) -> Optional[Sequence['outputs.CertificateSpecOtherNames']]: + """ + `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this. + """ + return pulumi.get(self, "other_names") + + @property + @pulumi.getter(name="privateKey") + def private_key(self) -> Optional['outputs.CertificateSpecPrivateKey']: + """ + Private key options. These include the key algorithm and size, the used encoding and the rotation policy. + """ + return pulumi.get(self, "private_key") + + @property + @pulumi.getter(name="renewBefore") + def renew_before(self) -> Optional[str]: + """ + How long before the currently issued certificate's expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). + NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate. + If unset, this defaults to 1/3 of the issued certificate's lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + """ + return pulumi.get(self, "renew_before") + + @property + @pulumi.getter(name="revisionHistoryLimit") + def revision_history_limit(self) -> Optional[int]: + """ + The maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. + If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + """ + return pulumi.get(self, "revision_history_limit") + + @property + @pulumi.getter(name="secretTemplate") + def secret_template(self) -> Optional['outputs.CertificateSpecSecretTemplate']: + """ + Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + """ + return pulumi.get(self, "secret_template") + + @property + @pulumi.getter + def subject(self) -> Optional['outputs.CertificateSpecSubject']: + """ + Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set. + """ + return pulumi.get(self, "subject") + + @property + @pulumi.getter + def uris(self) -> Optional[Sequence[str]]: + """ + Requested URI subject alternative names. + """ + return pulumi.get(self, "uris") + + @property + @pulumi.getter + def usages(self) -> Optional[Sequence[str]]: + """ + Requested key usages and extended key usages. These usages are used to set the `usages` field on the created CertificateRequest resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages will additionally be encoded in the `request` field which contains the CSR blob. + If unset, defaults to `digital signature` and `key encipherment`. + """ + return pulumi.get(self, "usages") + + +@pulumi.output_type +class CertificateSpecAdditionalOutputFormats(dict): + """ + CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. + """ + def __init__(__self__, *, + type: str): + """ + CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. + :param str type: Type is the name of the format type that should be written to the Certificate's target Secret. + """ + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def type(self) -> str: + """ + Type is the name of the format type that should be written to the Certificate's target Secret. + """ + return pulumi.get(self, "type") + + +@pulumi.output_type +class CertificateSpecIssuerRef(dict): + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + """ + def __init__(__self__, *, + name: str, + group: Optional[str] = None, + kind: Optional[str] = None): + """ + Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. + The `name` field of the reference must always be specified. + :param str name: Name of the resource being referred to. + :param str group: Group of the resource being referred to. + :param str kind: Kind of the resource being referred to. + """ + pulumi.set(__self__, "name", name) + if group is not None: + pulumi.set(__self__, "group", group) + if kind is not None: + pulumi.set(__self__, "kind", kind) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def group(self) -> Optional[str]: + """ + Group of the resource being referred to. + """ + return pulumi.get(self, "group") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind of the resource being referred to. + """ + return pulumi.get(self, "kind") + + +@pulumi.output_type +class CertificateSpecKeystores(dict): + """ + Additional keystore output formats to be stored in the Certificate's Secret. + """ + def __init__(__self__, *, + jks: Optional['outputs.CertificateSpecKeystoresJks'] = None, + pkcs12: Optional['outputs.CertificateSpecKeystoresPkcs12'] = None): + """ + Additional keystore output formats to be stored in the Certificate's Secret. + :param 'CertificateSpecKeystoresJksArgs' jks: JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + :param 'CertificateSpecKeystoresPkcs12Args' pkcs12: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + """ + if jks is not None: + pulumi.set(__self__, "jks", jks) + if pkcs12 is not None: + pulumi.set(__self__, "pkcs12", pkcs12) + + @property + @pulumi.getter + def jks(self) -> Optional['outputs.CertificateSpecKeystoresJks']: + """ + JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + """ + return pulumi.get(self, "jks") + + @property + @pulumi.getter + def pkcs12(self) -> Optional['outputs.CertificateSpecKeystoresPkcs12']: + """ + PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + """ + return pulumi.get(self, "pkcs12") + + +@pulumi.output_type +class CertificateSpecKeystoresJks(dict): + """ + JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "passwordSecretRef": + suggest = "password_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpecKeystoresJks. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpecKeystoresJks.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpecKeystoresJks.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + create: bool, + password_secret_ref: 'outputs.CertificateSpecKeystoresJksPasswordSecretRef'): + """ + JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + :param bool create: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + :param 'CertificateSpecKeystoresJksPasswordSecretRefArgs' password_secret_ref: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + """ + pulumi.set(__self__, "create", create) + pulumi.set(__self__, "password_secret_ref", password_secret_ref) + + @property + @pulumi.getter + def create(self) -> bool: + """ + Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + """ + return pulumi.get(self, "create") + + @property + @pulumi.getter(name="passwordSecretRef") + def password_secret_ref(self) -> 'outputs.CertificateSpecKeystoresJksPasswordSecretRef': + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + """ + return pulumi.get(self, "password_secret_ref") + + +@pulumi.output_type +class CertificateSpecKeystoresJksPasswordSecretRef(dict): + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class CertificateSpecKeystoresPkcs12(dict): + """ + PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "passwordSecretRef": + suggest = "password_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpecKeystoresPkcs12. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpecKeystoresPkcs12.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpecKeystoresPkcs12.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + create: bool, + password_secret_ref: 'outputs.CertificateSpecKeystoresPkcs12PasswordSecretRef', + profile: Optional[str] = None): + """ + PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + :param bool create: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + :param 'CertificateSpecKeystoresPkcs12PasswordSecretRefArgs' password_secret_ref: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + :param str profile: Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. + If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret. + """ + pulumi.set(__self__, "create", create) + pulumi.set(__self__, "password_secret_ref", password_secret_ref) + if profile is not None: + pulumi.set(__self__, "profile", profile) + + @property + @pulumi.getter + def create(self) -> bool: + """ + Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + """ + return pulumi.get(self, "create") + + @property + @pulumi.getter(name="passwordSecretRef") + def password_secret_ref(self) -> 'outputs.CertificateSpecKeystoresPkcs12PasswordSecretRef': + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + """ + return pulumi.get(self, "password_secret_ref") + + @property + @pulumi.getter + def profile(self) -> Optional[str]: + """ + Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. + If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret. + """ + return pulumi.get(self, "profile") + + +@pulumi.output_type +class CertificateSpecKeystoresPkcs12PasswordSecretRef(dict): + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class CertificateSpecNameConstraints(dict): + """ + x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components. + """ + def __init__(__self__, *, + critical: Optional[bool] = None, + excluded: Optional['outputs.CertificateSpecNameConstraintsExcluded'] = None, + permitted: Optional['outputs.CertificateSpecNameConstraintsPermitted'] = None): + """ + x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components. + :param bool critical: if true then the name constraints are marked critical. + :param 'CertificateSpecNameConstraintsExcludedArgs' excluded: Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + :param 'CertificateSpecNameConstraintsPermittedArgs' permitted: Permitted contains the constraints in which the names must be located. + """ + if critical is not None: + pulumi.set(__self__, "critical", critical) + if excluded is not None: + pulumi.set(__self__, "excluded", excluded) + if permitted is not None: + pulumi.set(__self__, "permitted", permitted) + + @property + @pulumi.getter + def critical(self) -> Optional[bool]: + """ + if true then the name constraints are marked critical. + """ + return pulumi.get(self, "critical") + + @property + @pulumi.getter + def excluded(self) -> Optional['outputs.CertificateSpecNameConstraintsExcluded']: + """ + Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + """ + return pulumi.get(self, "excluded") + + @property + @pulumi.getter + def permitted(self) -> Optional['outputs.CertificateSpecNameConstraintsPermitted']: + """ + Permitted contains the constraints in which the names must be located. + """ + return pulumi.get(self, "permitted") + + +@pulumi.output_type +class CertificateSpecNameConstraintsExcluded(dict): + """ + Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "dnsDomains": + suggest = "dns_domains" + elif key == "emailAddresses": + suggest = "email_addresses" + elif key == "ipRanges": + suggest = "ip_ranges" + elif key == "uriDomains": + suggest = "uri_domains" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpecNameConstraintsExcluded. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpecNameConstraintsExcluded.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpecNameConstraintsExcluded.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + dns_domains: Optional[Sequence[str]] = None, + email_addresses: Optional[Sequence[str]] = None, + ip_ranges: Optional[Sequence[str]] = None, + uri_domains: Optional[Sequence[str]] = None): + """ + Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + :param Sequence[str] dns_domains: DNSDomains is a list of DNS domains that are permitted or excluded. + :param Sequence[str] email_addresses: EmailAddresses is a list of Email Addresses that are permitted or excluded. + :param Sequence[str] ip_ranges: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + :param Sequence[str] uri_domains: URIDomains is a list of URI domains that are permitted or excluded. + """ + if dns_domains is not None: + pulumi.set(__self__, "dns_domains", dns_domains) + if email_addresses is not None: + pulumi.set(__self__, "email_addresses", email_addresses) + if ip_ranges is not None: + pulumi.set(__self__, "ip_ranges", ip_ranges) + if uri_domains is not None: + pulumi.set(__self__, "uri_domains", uri_domains) + + @property + @pulumi.getter(name="dnsDomains") + def dns_domains(self) -> Optional[Sequence[str]]: + """ + DNSDomains is a list of DNS domains that are permitted or excluded. + """ + return pulumi.get(self, "dns_domains") + + @property + @pulumi.getter(name="emailAddresses") + def email_addresses(self) -> Optional[Sequence[str]]: + """ + EmailAddresses is a list of Email Addresses that are permitted or excluded. + """ + return pulumi.get(self, "email_addresses") + + @property + @pulumi.getter(name="ipRanges") + def ip_ranges(self) -> Optional[Sequence[str]]: + """ + IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + """ + return pulumi.get(self, "ip_ranges") + + @property + @pulumi.getter(name="uriDomains") + def uri_domains(self) -> Optional[Sequence[str]]: + """ + URIDomains is a list of URI domains that are permitted or excluded. + """ + return pulumi.get(self, "uri_domains") + + +@pulumi.output_type +class CertificateSpecNameConstraintsPermitted(dict): + """ + Permitted contains the constraints in which the names must be located. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "dnsDomains": + suggest = "dns_domains" + elif key == "emailAddresses": + suggest = "email_addresses" + elif key == "ipRanges": + suggest = "ip_ranges" + elif key == "uriDomains": + suggest = "uri_domains" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpecNameConstraintsPermitted. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpecNameConstraintsPermitted.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpecNameConstraintsPermitted.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + dns_domains: Optional[Sequence[str]] = None, + email_addresses: Optional[Sequence[str]] = None, + ip_ranges: Optional[Sequence[str]] = None, + uri_domains: Optional[Sequence[str]] = None): + """ + Permitted contains the constraints in which the names must be located. + :param Sequence[str] dns_domains: DNSDomains is a list of DNS domains that are permitted or excluded. + :param Sequence[str] email_addresses: EmailAddresses is a list of Email Addresses that are permitted or excluded. + :param Sequence[str] ip_ranges: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + :param Sequence[str] uri_domains: URIDomains is a list of URI domains that are permitted or excluded. + """ + if dns_domains is not None: + pulumi.set(__self__, "dns_domains", dns_domains) + if email_addresses is not None: + pulumi.set(__self__, "email_addresses", email_addresses) + if ip_ranges is not None: + pulumi.set(__self__, "ip_ranges", ip_ranges) + if uri_domains is not None: + pulumi.set(__self__, "uri_domains", uri_domains) + + @property + @pulumi.getter(name="dnsDomains") + def dns_domains(self) -> Optional[Sequence[str]]: + """ + DNSDomains is a list of DNS domains that are permitted or excluded. + """ + return pulumi.get(self, "dns_domains") + + @property + @pulumi.getter(name="emailAddresses") + def email_addresses(self) -> Optional[Sequence[str]]: + """ + EmailAddresses is a list of Email Addresses that are permitted or excluded. + """ + return pulumi.get(self, "email_addresses") + + @property + @pulumi.getter(name="ipRanges") + def ip_ranges(self) -> Optional[Sequence[str]]: + """ + IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + """ + return pulumi.get(self, "ip_ranges") + + @property + @pulumi.getter(name="uriDomains") + def uri_domains(self) -> Optional[Sequence[str]]: + """ + URIDomains is a list of URI domains that are permitted or excluded. + """ + return pulumi.get(self, "uri_domains") + + +@pulumi.output_type +class CertificateSpecOtherNames(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "utf8Value": + suggest = "utf8_value" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpecOtherNames. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpecOtherNames.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpecOtherNames.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + oid: Optional[str] = None, + utf8_value: Optional[str] = None): + """ + :param str oid: OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113556.1.4.221". + :param str utf8_value: utf8Value is the string value of the otherName SAN. The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + """ + if oid is not None: + pulumi.set(__self__, "oid", oid) + if utf8_value is not None: + pulumi.set(__self__, "utf8_value", utf8_value) + + @property + @pulumi.getter + def oid(self) -> Optional[str]: + """ + OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113556.1.4.221". + """ + return pulumi.get(self, "oid") + + @property + @pulumi.getter(name="utf8Value") + def utf8_value(self) -> Optional[str]: + """ + utf8Value is the string value of the otherName SAN. The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + """ + return pulumi.get(self, "utf8_value") + + +@pulumi.output_type +class CertificateSpecPrivateKey(dict): + """ + Private key options. These include the key algorithm and size, the used encoding and the rotation policy. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "rotationPolicy": + suggest = "rotation_policy" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpecPrivateKey. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpecPrivateKey.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpecPrivateKey.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + algorithm: Optional[str] = None, + encoding: Optional[str] = None, + rotation_policy: Optional[str] = None, + size: Optional[int] = None): + """ + Private key options. These include the key algorithm and size, the used encoding and the rotation policy. + :param str algorithm: Algorithm is the private key algorithm of the corresponding private key for this certificate. + If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. If `algorithm` is specified and `size` is not provided, key size of 2048 will be used for `RSA` key algorithm and key size of 256 will be used for `ECDSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + :param str encoding: The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. + If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + :param str rotation_policy: RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. + If set to `Never`, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to `Always`, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is `Never` for backward compatibility. + :param int size: Size is the key bit size of the corresponding private key for this certificate. + If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + """ + if algorithm is not None: + pulumi.set(__self__, "algorithm", algorithm) + if encoding is not None: + pulumi.set(__self__, "encoding", encoding) + if rotation_policy is not None: + pulumi.set(__self__, "rotation_policy", rotation_policy) + if size is not None: + pulumi.set(__self__, "size", size) + + @property + @pulumi.getter + def algorithm(self) -> Optional[str]: + """ + Algorithm is the private key algorithm of the corresponding private key for this certificate. + If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. If `algorithm` is specified and `size` is not provided, key size of 2048 will be used for `RSA` key algorithm and key size of 256 will be used for `ECDSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + """ + return pulumi.get(self, "algorithm") + + @property + @pulumi.getter + def encoding(self) -> Optional[str]: + """ + The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. + If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + """ + return pulumi.get(self, "encoding") + + @property + @pulumi.getter(name="rotationPolicy") + def rotation_policy(self) -> Optional[str]: + """ + RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. + If set to `Never`, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to `Always`, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is `Never` for backward compatibility. + """ + return pulumi.get(self, "rotation_policy") + + @property + @pulumi.getter + def size(self) -> Optional[int]: + """ + Size is the key bit size of the corresponding private key for this certificate. + If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + """ + return pulumi.get(self, "size") + + +@pulumi.output_type +class CertificateSpecSecretTemplate(dict): + """ + Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + """ + def __init__(__self__, *, + annotations: Optional[Mapping[str, str]] = None, + labels: Optional[Mapping[str, str]] = None): + """ + Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + :param Mapping[str, str] annotations: Annotations is a key value map to be copied to the target Kubernetes Secret. + :param Mapping[str, str] labels: Labels is a key value map to be copied to the target Kubernetes Secret. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[Mapping[str, str]]: + """ + Annotations is a key value map to be copied to the target Kubernetes Secret. + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Labels is a key value map to be copied to the target Kubernetes Secret. + """ + return pulumi.get(self, "labels") + + +@pulumi.output_type +class CertificateSpecSubject(dict): + """ + Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "organizationalUnits": + suggest = "organizational_units" + elif key == "postalCodes": + suggest = "postal_codes" + elif key == "serialNumber": + suggest = "serial_number" + elif key == "streetAddresses": + suggest = "street_addresses" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateSpecSubject. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateSpecSubject.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateSpecSubject.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + countries: Optional[Sequence[str]] = None, + localities: Optional[Sequence[str]] = None, + organizational_units: Optional[Sequence[str]] = None, + organizations: Optional[Sequence[str]] = None, + postal_codes: Optional[Sequence[str]] = None, + provinces: Optional[Sequence[str]] = None, + serial_number: Optional[str] = None, + street_addresses: Optional[Sequence[str]] = None): + """ + Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set. + :param Sequence[str] countries: Countries to be used on the Certificate. + :param Sequence[str] localities: Cities to be used on the Certificate. + :param Sequence[str] organizational_units: Organizational Units to be used on the Certificate. + :param Sequence[str] organizations: Organizations to be used on the Certificate. + :param Sequence[str] postal_codes: Postal codes to be used on the Certificate. + :param Sequence[str] provinces: State/Provinces to be used on the Certificate. + :param str serial_number: Serial number to be used on the Certificate. + :param Sequence[str] street_addresses: Street addresses to be used on the Certificate. + """ + if countries is not None: + pulumi.set(__self__, "countries", countries) + if localities is not None: + pulumi.set(__self__, "localities", localities) + if organizational_units is not None: + pulumi.set(__self__, "organizational_units", organizational_units) + if organizations is not None: + pulumi.set(__self__, "organizations", organizations) + if postal_codes is not None: + pulumi.set(__self__, "postal_codes", postal_codes) + if provinces is not None: + pulumi.set(__self__, "provinces", provinces) + if serial_number is not None: + pulumi.set(__self__, "serial_number", serial_number) + if street_addresses is not None: + pulumi.set(__self__, "street_addresses", street_addresses) + + @property + @pulumi.getter + def countries(self) -> Optional[Sequence[str]]: + """ + Countries to be used on the Certificate. + """ + return pulumi.get(self, "countries") + + @property + @pulumi.getter + def localities(self) -> Optional[Sequence[str]]: + """ + Cities to be used on the Certificate. + """ + return pulumi.get(self, "localities") + + @property + @pulumi.getter(name="organizationalUnits") + def organizational_units(self) -> Optional[Sequence[str]]: + """ + Organizational Units to be used on the Certificate. + """ + return pulumi.get(self, "organizational_units") + + @property + @pulumi.getter + def organizations(self) -> Optional[Sequence[str]]: + """ + Organizations to be used on the Certificate. + """ + return pulumi.get(self, "organizations") + + @property + @pulumi.getter(name="postalCodes") + def postal_codes(self) -> Optional[Sequence[str]]: + """ + Postal codes to be used on the Certificate. + """ + return pulumi.get(self, "postal_codes") + + @property + @pulumi.getter + def provinces(self) -> Optional[Sequence[str]]: + """ + State/Provinces to be used on the Certificate. + """ + return pulumi.get(self, "provinces") + + @property + @pulumi.getter(name="serialNumber") + def serial_number(self) -> Optional[str]: + """ + Serial number to be used on the Certificate. + """ + return pulumi.get(self, "serial_number") + + @property + @pulumi.getter(name="streetAddresses") + def street_addresses(self) -> Optional[Sequence[str]]: + """ + Street addresses to be used on the Certificate. + """ + return pulumi.get(self, "street_addresses") + + +@pulumi.output_type +class CertificateStatus(dict): + """ + Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "failedIssuanceAttempts": + suggest = "failed_issuance_attempts" + elif key == "lastFailureTime": + suggest = "last_failure_time" + elif key == "nextPrivateKeySecretName": + suggest = "next_private_key_secret_name" + elif key == "notAfter": + suggest = "not_after" + elif key == "notBefore": + suggest = "not_before" + elif key == "renewalTime": + suggest = "renewal_time" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateStatus. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateStatus.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateStatus.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + conditions: Optional[Sequence['outputs.CertificateStatusConditions']] = None, + failed_issuance_attempts: Optional[int] = None, + last_failure_time: Optional[str] = None, + next_private_key_secret_name: Optional[str] = None, + not_after: Optional[str] = None, + not_before: Optional[str] = None, + renewal_time: Optional[str] = None, + revision: Optional[int] = None): + """ + Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + :param Sequence['CertificateStatusConditionsArgs'] conditions: List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`. + :param int failed_issuance_attempts: The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). + :param str last_failure_time: LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset. + :param str next_private_key_secret_name: The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False. + :param str not_after: The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`. + :param str not_before: The time after which the certificate stored in the secret named by this resource in `spec.secretName` is valid. + :param str renewal_time: RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled. + :param int revision: The current 'revision' of the certificate as issued. + When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. + Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. + Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field. + """ + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + if failed_issuance_attempts is not None: + pulumi.set(__self__, "failed_issuance_attempts", failed_issuance_attempts) + if last_failure_time is not None: + pulumi.set(__self__, "last_failure_time", last_failure_time) + if next_private_key_secret_name is not None: + pulumi.set(__self__, "next_private_key_secret_name", next_private_key_secret_name) + if not_after is not None: + pulumi.set(__self__, "not_after", not_after) + if not_before is not None: + pulumi.set(__self__, "not_before", not_before) + if renewal_time is not None: + pulumi.set(__self__, "renewal_time", renewal_time) + if revision is not None: + pulumi.set(__self__, "revision", revision) + + @property + @pulumi.getter + def conditions(self) -> Optional[Sequence['outputs.CertificateStatusConditions']]: + """ + List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`. + """ + return pulumi.get(self, "conditions") + + @property + @pulumi.getter(name="failedIssuanceAttempts") + def failed_issuance_attempts(self) -> Optional[int]: + """ + The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). + """ + return pulumi.get(self, "failed_issuance_attempts") + + @property + @pulumi.getter(name="lastFailureTime") + def last_failure_time(self) -> Optional[str]: + """ + LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset. + """ + return pulumi.get(self, "last_failure_time") + + @property + @pulumi.getter(name="nextPrivateKeySecretName") + def next_private_key_secret_name(self) -> Optional[str]: + """ + The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False. + """ + return pulumi.get(self, "next_private_key_secret_name") + + @property + @pulumi.getter(name="notAfter") + def not_after(self) -> Optional[str]: + """ + The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`. + """ + return pulumi.get(self, "not_after") + + @property + @pulumi.getter(name="notBefore") + def not_before(self) -> Optional[str]: + """ + The time after which the certificate stored in the secret named by this resource in `spec.secretName` is valid. + """ + return pulumi.get(self, "not_before") + + @property + @pulumi.getter(name="renewalTime") + def renewal_time(self) -> Optional[str]: + """ + RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled. + """ + return pulumi.get(self, "renewal_time") + + @property + @pulumi.getter + def revision(self) -> Optional[int]: + """ + The current 'revision' of the certificate as issued. + When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. + Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. + Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field. + """ + return pulumi.get(self, "revision") + + +@pulumi.output_type +class CertificateStatusConditions(dict): + """ + CertificateCondition contains condition information for an Certificate. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastTransitionTime": + suggest = "last_transition_time" + elif key == "observedGeneration": + suggest = "observed_generation" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CertificateStatusConditions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CertificateStatusConditions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CertificateStatusConditions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + status: str, + type: str, + last_transition_time: Optional[str] = None, + message: Optional[str] = None, + observed_generation: Optional[int] = None, + reason: Optional[str] = None): + """ + CertificateCondition contains condition information for an Certificate. + :param str status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param str type: Type of the condition, known values are (`Ready`, `Issuing`). + :param str last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param str message: Message is a human readable description of the details of the last transition, complementing reason. + :param int observed_generation: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate. + :param str reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if observed_generation is not None: + pulumi.set(__self__, "observed_generation", observed_generation) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> str: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @property + @pulumi.getter + def type(self) -> str: + """ + Type of the condition, known values are (`Ready`, `Issuing`). + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[str]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @property + @pulumi.getter + def message(self) -> Optional[str]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @property + @pulumi.getter(name="observedGeneration") + def observed_generation(self) -> Optional[int]: + """ + If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate. + """ + return pulumi.get(self, "observed_generation") + + @property + @pulumi.getter + def reason(self) -> Optional[str]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + +@pulumi.output_type +class ClusterIssuerSpec(dict): + """ + Desired state of the ClusterIssuer resource. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "selfSigned": + suggest = "self_signed" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + acme: Optional['outputs.ClusterIssuerSpecAcme'] = None, + ca: Optional['outputs.ClusterIssuerSpecCa'] = None, + self_signed: Optional['outputs.ClusterIssuerSpecSelfSigned'] = None, + vault: Optional['outputs.ClusterIssuerSpecVault'] = None, + venafi: Optional['outputs.ClusterIssuerSpecVenafi'] = None): + """ + Desired state of the ClusterIssuer resource. + :param 'ClusterIssuerSpecAcmeArgs' acme: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param 'ClusterIssuerSpecCaArgs' ca: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param 'ClusterIssuerSpecSelfSignedArgs' self_signed: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param 'ClusterIssuerSpecVaultArgs' vault: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param 'ClusterIssuerSpecVenafiArgs' venafi: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if ca is not None: + pulumi.set(__self__, "ca", ca) + if self_signed is not None: + pulumi.set(__self__, "self_signed", self_signed) + if vault is not None: + pulumi.set(__self__, "vault", vault) + if venafi is not None: + pulumi.set(__self__, "venafi", venafi) + + @property + @pulumi.getter + def acme(self) -> Optional['outputs.ClusterIssuerSpecAcme']: + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + """ + return pulumi.get(self, "acme") + + @property + @pulumi.getter + def ca(self) -> Optional['outputs.ClusterIssuerSpecCa']: + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + """ + return pulumi.get(self, "ca") + + @property + @pulumi.getter(name="selfSigned") + def self_signed(self) -> Optional['outputs.ClusterIssuerSpecSelfSigned']: + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + """ + return pulumi.get(self, "self_signed") + + @property + @pulumi.getter + def vault(self) -> Optional['outputs.ClusterIssuerSpecVault']: + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + """ + return pulumi.get(self, "vault") + + @property + @pulumi.getter + def venafi(self) -> Optional['outputs.ClusterIssuerSpecVenafi']: + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + return pulumi.get(self, "venafi") + + +@pulumi.output_type +class ClusterIssuerSpecAcme(dict): + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "privateKeySecretRef": + suggest = "private_key_secret_ref" + elif key == "caBundle": + suggest = "ca_bundle" + elif key == "disableAccountKeyGeneration": + suggest = "disable_account_key_generation" + elif key == "enableDurationFeature": + suggest = "enable_duration_feature" + elif key == "externalAccountBinding": + suggest = "external_account_binding" + elif key == "preferredChain": + suggest = "preferred_chain" + elif key == "skipTLSVerify": + suggest = "skip_tls_verify" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcme. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcme.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcme.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + private_key_secret_ref: 'outputs.ClusterIssuerSpecAcmePrivateKeySecretRef', + server: str, + ca_bundle: Optional[str] = None, + disable_account_key_generation: Optional[bool] = None, + email: Optional[str] = None, + enable_duration_feature: Optional[bool] = None, + external_account_binding: Optional['outputs.ClusterIssuerSpecAcmeExternalAccountBinding'] = None, + preferred_chain: Optional[str] = None, + skip_tls_verify: Optional[bool] = None, + solvers: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolvers']] = None): + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param 'ClusterIssuerSpecAcmePrivateKeySecretRefArgs' private_key_secret_ref: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param str server: Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + :param str ca_bundle: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + :param bool disable_account_key_generation: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + :param str email: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + :param bool enable_duration_feature: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + :param 'ClusterIssuerSpecAcmeExternalAccountBindingArgs' external_account_binding: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param str preferred_chain: PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + :param bool skip_tls_verify: INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + :param Sequence['ClusterIssuerSpecAcmeSolversArgs'] solvers: Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + pulumi.set(__self__, "private_key_secret_ref", private_key_secret_ref) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if disable_account_key_generation is not None: + pulumi.set(__self__, "disable_account_key_generation", disable_account_key_generation) + if email is not None: + pulumi.set(__self__, "email", email) + if enable_duration_feature is not None: + pulumi.set(__self__, "enable_duration_feature", enable_duration_feature) + if external_account_binding is not None: + pulumi.set(__self__, "external_account_binding", external_account_binding) + if preferred_chain is not None: + pulumi.set(__self__, "preferred_chain", preferred_chain) + if skip_tls_verify is not None: + pulumi.set(__self__, "skip_tls_verify", skip_tls_verify) + if solvers is not None: + pulumi.set(__self__, "solvers", solvers) + + @property + @pulumi.getter(name="privateKeySecretRef") + def private_key_secret_ref(self) -> 'outputs.ClusterIssuerSpecAcmePrivateKeySecretRef': + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + """ + return pulumi.get(self, "private_key_secret_ref") + + @property + @pulumi.getter + def server(self) -> str: + """ + Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + """ + return pulumi.get(self, "server") + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[str]: + """ + Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @property + @pulumi.getter(name="disableAccountKeyGeneration") + def disable_account_key_generation(self) -> Optional[bool]: + """ + Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + """ + return pulumi.get(self, "disable_account_key_generation") + + @property + @pulumi.getter + def email(self) -> Optional[str]: + """ + Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + """ + return pulumi.get(self, "email") + + @property + @pulumi.getter(name="enableDurationFeature") + def enable_duration_feature(self) -> Optional[bool]: + """ + Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + """ + return pulumi.get(self, "enable_duration_feature") + + @property + @pulumi.getter(name="externalAccountBinding") + def external_account_binding(self) -> Optional['outputs.ClusterIssuerSpecAcmeExternalAccountBinding']: + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + """ + return pulumi.get(self, "external_account_binding") + + @property + @pulumi.getter(name="preferredChain") + def preferred_chain(self) -> Optional[str]: + """ + PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + """ + return pulumi.get(self, "preferred_chain") + + @property + @pulumi.getter(name="skipTLSVerify") + def skip_tls_verify(self) -> Optional[bool]: + """ + INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + """ + return pulumi.get(self, "skip_tls_verify") + + @property + @pulumi.getter + def solvers(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolvers']]: + """ + Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + return pulumi.get(self, "solvers") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeExternalAccountBinding(dict): + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "keyID": + suggest = "key_id" + elif key == "keySecretRef": + suggest = "key_secret_ref" + elif key == "keyAlgorithm": + suggest = "key_algorithm" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeExternalAccountBinding. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeExternalAccountBinding.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeExternalAccountBinding.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + key_id: str, + key_secret_ref: 'outputs.ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef', + key_algorithm: Optional[str] = None): + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param str key_id: keyID is the ID of the CA key that the External Account is bound to. + :param 'ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRefArgs' key_secret_ref: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param str key_algorithm: Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + pulumi.set(__self__, "key_id", key_id) + pulumi.set(__self__, "key_secret_ref", key_secret_ref) + if key_algorithm is not None: + pulumi.set(__self__, "key_algorithm", key_algorithm) + + @property + @pulumi.getter(name="keyID") + def key_id(self) -> str: + """ + keyID is the ID of the CA key that the External Account is bound to. + """ + return pulumi.get(self, "key_id") + + @property + @pulumi.getter(name="keySecretRef") + def key_secret_ref(self) -> 'outputs.ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef': + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + """ + return pulumi.get(self, "key_secret_ref") + + @property + @pulumi.getter(name="keyAlgorithm") + def key_algorithm(self) -> Optional[str]: + """ + Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + return pulumi.get(self, "key_algorithm") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef(dict): + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmePrivateKeySecretRef(dict): + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolvers(dict): + """ + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + """ + def __init__(__self__, *, + dns01: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01'] = None, + http01: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01'] = None, + selector: Optional['outputs.ClusterIssuerSpecAcmeSolversSelector'] = None): + """ + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + :param 'ClusterIssuerSpecAcmeSolversDns01Args' dns01: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param 'ClusterIssuerSpecAcmeSolversHttp01Args' http01: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param 'ClusterIssuerSpecAcmeSolversSelectorArgs' selector: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + if dns01 is not None: + pulumi.set(__self__, "dns01", dns01) + if http01 is not None: + pulumi.set(__self__, "http01", http01) + if selector is not None: + pulumi.set(__self__, "selector", selector) + + @property + @pulumi.getter + def dns01(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01']: + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + return pulumi.get(self, "dns01") + + @property + @pulumi.getter + def http01(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01']: + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + return pulumi.get(self, "http01") + + @property + @pulumi.getter + def selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversSelector']: + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + return pulumi.get(self, "selector") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01(dict): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "acmeDNS": + suggest = "acme_dns" + elif key == "azureDNS": + suggest = "azure_dns" + elif key == "cloudDNS": + suggest = "cloud_dns" + elif key == "cnameStrategy": + suggest = "cname_strategy" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + acme_dns: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AcmeDns'] = None, + akamai: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Akamai'] = None, + azure_dns: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AzureDns'] = None, + cloud_dns: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudDns'] = None, + cloudflare: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Cloudflare'] = None, + cname_strategy: Optional[str] = None, + digitalocean: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Digitalocean'] = None, + rfc2136: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Rfc2136'] = None, + route53: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Route53'] = None, + webhook: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Webhook'] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param 'ClusterIssuerSpecAcmeSolversDns01AcmeDnsArgs' acme_dns: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01AkamaiArgs' akamai: Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01AzureDnsArgs' azure_dns: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01CloudDnsArgs' cloud_dns: Use the Google Cloud DNS API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01CloudflareArgs' cloudflare: Use the Cloudflare API to manage DNS01 challenge records. + :param str cname_strategy: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + :param 'ClusterIssuerSpecAcmeSolversDns01DigitaloceanArgs' digitalocean: Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01Rfc2136Args' rfc2136: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01Route53Args' route53: Use the AWS Route53 API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01WebhookArgs' webhook: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + if acme_dns is not None: + pulumi.set(__self__, "acme_dns", acme_dns) + if akamai is not None: + pulumi.set(__self__, "akamai", akamai) + if azure_dns is not None: + pulumi.set(__self__, "azure_dns", azure_dns) + if cloud_dns is not None: + pulumi.set(__self__, "cloud_dns", cloud_dns) + if cloudflare is not None: + pulumi.set(__self__, "cloudflare", cloudflare) + if cname_strategy is not None: + pulumi.set(__self__, "cname_strategy", cname_strategy) + if digitalocean is not None: + pulumi.set(__self__, "digitalocean", digitalocean) + if rfc2136 is not None: + pulumi.set(__self__, "rfc2136", rfc2136) + if route53 is not None: + pulumi.set(__self__, "route53", route53) + if webhook is not None: + pulumi.set(__self__, "webhook", webhook) + + @property + @pulumi.getter(name="acmeDNS") + def acme_dns(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AcmeDns']: + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + return pulumi.get(self, "acme_dns") + + @property + @pulumi.getter + def akamai(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Akamai']: + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + return pulumi.get(self, "akamai") + + @property + @pulumi.getter(name="azureDNS") + def azure_dns(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AzureDns']: + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "azure_dns") + + @property + @pulumi.getter(name="cloudDNS") + def cloud_dns(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudDns']: + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloud_dns") + + @property + @pulumi.getter + def cloudflare(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Cloudflare']: + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloudflare") + + @property + @pulumi.getter(name="cnameStrategy") + def cname_strategy(self) -> Optional[str]: + """ + CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + """ + return pulumi.get(self, "cname_strategy") + + @property + @pulumi.getter + def digitalocean(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Digitalocean']: + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "digitalocean") + + @property + @pulumi.getter + def rfc2136(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Rfc2136']: + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + return pulumi.get(self, "rfc2136") + + @property + @pulumi.getter + def route53(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Route53']: + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + return pulumi.get(self, "route53") + + @property + @pulumi.getter + def webhook(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Webhook']: + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + return pulumi.get(self, "webhook") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AcmeDns(dict): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accountSecretRef": + suggest = "account_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01AcmeDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01AcmeDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01AcmeDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + account_secret_ref: 'outputs.ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef', + host: str): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs' account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "account_secret_ref", account_secret_ref) + pulumi.set(__self__, "host", host) + + @property + @pulumi.getter(name="accountSecretRef") + def account_secret_ref(self) -> 'outputs.ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "account_secret_ref") + + @property + @pulumi.getter + def host(self) -> str: + return pulumi.get(self, "host") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Akamai(dict): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessTokenSecretRef": + suggest = "access_token_secret_ref" + elif key == "clientSecretSecretRef": + suggest = "client_secret_secret_ref" + elif key == "clientTokenSecretRef": + suggest = "client_token_secret_ref" + elif key == "serviceConsumerDomain": + suggest = "service_consumer_domain" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01Akamai. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01Akamai.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01Akamai.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + access_token_secret_ref: 'outputs.ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef', + client_secret_secret_ref: 'outputs.ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef', + client_token_secret_ref: 'outputs.ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef', + service_consumer_domain: str): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs' access_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs' client_secret_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs' client_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "access_token_secret_ref", access_token_secret_ref) + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + pulumi.set(__self__, "client_token_secret_ref", client_token_secret_ref) + pulumi.set(__self__, "service_consumer_domain", service_consumer_domain) + + @property + @pulumi.getter(name="accessTokenSecretRef") + def access_token_secret_ref(self) -> 'outputs.ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "access_token_secret_ref") + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> 'outputs.ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @property + @pulumi.getter(name="clientTokenSecretRef") + def client_token_secret_ref(self) -> 'outputs.ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_token_secret_ref") + + @property + @pulumi.getter(name="serviceConsumerDomain") + def service_consumer_domain(self) -> str: + return pulumi.get(self, "service_consumer_domain") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AzureDns(dict): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "resourceGroupName": + suggest = "resource_group_name" + elif key == "subscriptionID": + suggest = "subscription_id" + elif key == "clientID": + suggest = "client_id" + elif key == "clientSecretSecretRef": + suggest = "client_secret_secret_ref" + elif key == "hostedZoneName": + suggest = "hosted_zone_name" + elif key == "managedIdentity": + suggest = "managed_identity" + elif key == "tenantID": + suggest = "tenant_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01AzureDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01AzureDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01AzureDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + resource_group_name: str, + subscription_id: str, + client_id: Optional[str] = None, + client_secret_secret_ref: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef'] = None, + environment: Optional[str] = None, + hosted_zone_name: Optional[str] = None, + managed_identity: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity'] = None, + tenant_id: Optional[str] = None): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param str resource_group_name: resource group the DNS zone is located in + :param str subscription_id: ID of the Azure subscription + :param str client_id: Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + :param 'ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs' client_secret_secret_ref: Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param str environment: name of the Azure environment (default AzurePublicCloud) + :param str hosted_zone_name: name of the DNS zone that should be used + :param 'ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs' managed_identity: Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param str tenant_id: Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + pulumi.set(__self__, "resource_group_name", resource_group_name) + pulumi.set(__self__, "subscription_id", subscription_id) + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret_secret_ref is not None: + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + if environment is not None: + pulumi.set(__self__, "environment", environment) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if managed_identity is not None: + pulumi.set(__self__, "managed_identity", managed_identity) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + + @property + @pulumi.getter(name="resourceGroupName") + def resource_group_name(self) -> str: + """ + resource group the DNS zone is located in + """ + return pulumi.get(self, "resource_group_name") + + @property + @pulumi.getter(name="subscriptionID") + def subscription_id(self) -> str: + """ + ID of the Azure subscription + """ + return pulumi.get(self, "subscription_id") + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[str]: + """ + Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + """ + return pulumi.get(self, "client_id") + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef']: + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @property + @pulumi.getter + def environment(self) -> Optional[str]: + """ + name of the Azure environment (default AzurePublicCloud) + """ + return pulumi.get(self, "environment") + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[str]: + """ + name of the DNS zone that should be used + """ + return pulumi.get(self, "hosted_zone_name") + + @property + @pulumi.getter(name="managedIdentity") + def managed_identity(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity']: + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + return pulumi.get(self, "managed_identity") + + @property + @pulumi.getter(name="tenantID") + def tenant_id(self) -> Optional[str]: + """ + Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + return pulumi.get(self, "tenant_id") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef(dict): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity(dict): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "clientID": + suggest = "client_id" + elif key == "resourceID": + suggest = "resource_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + client_id: Optional[str] = None, + resource_id: Optional[str] = None): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param str client_id: client ID of the managed identity, can not be used at the same time as resourceID + :param str resource_id: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if resource_id is not None: + pulumi.set(__self__, "resource_id", resource_id) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[str]: + """ + client ID of the managed identity, can not be used at the same time as resourceID + """ + return pulumi.get(self, "client_id") + + @property + @pulumi.getter(name="resourceID") + def resource_id(self) -> Optional[str]: + """ + resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + return pulumi.get(self, "resource_id") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01CloudDns(dict): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "hostedZoneName": + suggest = "hosted_zone_name" + elif key == "serviceAccountSecretRef": + suggest = "service_account_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01CloudDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01CloudDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01CloudDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + project: str, + hosted_zone_name: Optional[str] = None, + service_account_secret_ref: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef'] = None): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + :param str hosted_zone_name: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + :param 'ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs' service_account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "project", project) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if service_account_secret_ref is not None: + pulumi.set(__self__, "service_account_secret_ref", service_account_secret_ref) + + @property + @pulumi.getter + def project(self) -> str: + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[str]: + """ + HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + """ + return pulumi.get(self, "hosted_zone_name") + + @property + @pulumi.getter(name="serviceAccountSecretRef") + def service_account_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "service_account_secret_ref") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Cloudflare(dict): + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "apiKeySecretRef": + suggest = "api_key_secret_ref" + elif key == "apiTokenSecretRef": + suggest = "api_token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01Cloudflare. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01Cloudflare.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01Cloudflare.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + api_key_secret_ref: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef'] = None, + api_token_secret_ref: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef'] = None, + email: Optional[str] = None): + """ + Use the Cloudflare API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs' api_key_secret_ref: API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs' api_token_secret_ref: API token used to authenticate with Cloudflare. + :param str email: Email of the account, only required when using API key based authentication. + """ + if api_key_secret_ref is not None: + pulumi.set(__self__, "api_key_secret_ref", api_key_secret_ref) + if api_token_secret_ref is not None: + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if email is not None: + pulumi.set(__self__, "email", email) + + @property + @pulumi.getter(name="apiKeySecretRef") + def api_key_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef']: + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + return pulumi.get(self, "api_key_secret_ref") + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef']: + """ + API token used to authenticate with Cloudflare. + """ + return pulumi.get(self, "api_token_secret_ref") + + @property + @pulumi.getter + def email(self) -> Optional[str]: + """ + Email of the account, only required when using API key based authentication. + """ + return pulumi.get(self, "email") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef(dict): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef(dict): + """ + API token used to authenticate with Cloudflare. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + API token used to authenticate with Cloudflare. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Digitalocean(dict): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tokenSecretRef": + suggest = "token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01Digitalocean. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01Digitalocean.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01Digitalocean.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + token_secret_ref: 'outputs.ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef'): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param 'ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs' token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> 'outputs.ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "token_secret_ref") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Rfc2136(dict): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tsigAlgorithm": + suggest = "tsig_algorithm" + elif key == "tsigKeyName": + suggest = "tsig_key_name" + elif key == "tsigSecretSecretRef": + suggest = "tsig_secret_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01Rfc2136. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01Rfc2136.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01Rfc2136.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + nameserver: str, + tsig_algorithm: Optional[str] = None, + tsig_key_name: Optional[str] = None, + tsig_secret_secret_ref: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef'] = None): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param str nameserver: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + :param str tsig_algorithm: The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + :param str tsig_key_name: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + :param 'ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs' tsig_secret_secret_ref: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + pulumi.set(__self__, "nameserver", nameserver) + if tsig_algorithm is not None: + pulumi.set(__self__, "tsig_algorithm", tsig_algorithm) + if tsig_key_name is not None: + pulumi.set(__self__, "tsig_key_name", tsig_key_name) + if tsig_secret_secret_ref is not None: + pulumi.set(__self__, "tsig_secret_secret_ref", tsig_secret_secret_ref) + + @property + @pulumi.getter + def nameserver(self) -> str: + """ + The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + """ + return pulumi.get(self, "nameserver") + + @property + @pulumi.getter(name="tsigAlgorithm") + def tsig_algorithm(self) -> Optional[str]: + """ + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + """ + return pulumi.get(self, "tsig_algorithm") + + @property + @pulumi.getter(name="tsigKeyName") + def tsig_key_name(self) -> Optional[str]: + """ + The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_key_name") + + @property + @pulumi.getter(name="tsigSecretSecretRef") + def tsig_secret_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef']: + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_secret_secret_ref") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef(dict): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Route53(dict): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessKeyID": + suggest = "access_key_id" + elif key == "accessKeyIDSecretRef": + suggest = "access_key_id_secret_ref" + elif key == "hostedZoneID": + suggest = "hosted_zone_id" + elif key == "secretAccessKeySecretRef": + suggest = "secret_access_key_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01Route53. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01Route53.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01Route53.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + region: str, + access_key_id: Optional[str] = None, + access_key_id_secret_ref: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef'] = None, + hosted_zone_id: Optional[str] = None, + role: Optional[str] = None, + secret_access_key_secret_ref: Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef'] = None): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + :param str region: Always set the region when using AccessKeyID and SecretAccessKey + :param str access_key_id: The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param 'ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs' access_key_id_secret_ref: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str hosted_zone_id: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + :param str role: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + :param 'ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs' secret_access_key_secret_ref: The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + pulumi.set(__self__, "region", region) + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if access_key_id_secret_ref is not None: + pulumi.set(__self__, "access_key_id_secret_ref", access_key_id_secret_ref) + if hosted_zone_id is not None: + pulumi.set(__self__, "hosted_zone_id", hosted_zone_id) + if role is not None: + pulumi.set(__self__, "role", role) + if secret_access_key_secret_ref is not None: + pulumi.set(__self__, "secret_access_key_secret_ref", secret_access_key_secret_ref) + + @property + @pulumi.getter + def region(self) -> str: + """ + Always set the region when using AccessKeyID and SecretAccessKey + """ + return pulumi.get(self, "region") + + @property + @pulumi.getter(name="accessKeyID") + def access_key_id(self) -> Optional[str]: + """ + The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id") + + @property + @pulumi.getter(name="accessKeyIDSecretRef") + def access_key_id_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef']: + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id_secret_ref") + + @property + @pulumi.getter(name="hostedZoneID") + def hosted_zone_id(self) -> Optional[str]: + """ + If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + """ + return pulumi.get(self, "hosted_zone_id") + + @property + @pulumi.getter + def role(self) -> Optional[str]: + """ + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + """ + return pulumi.get(self, "role") + + @property + @pulumi.getter(name="secretAccessKeySecretRef") + def secret_access_key_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef']: + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "secret_access_key_secret_ref") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef(dict): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef(dict): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversDns01Webhook(dict): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupName": + suggest = "group_name" + elif key == "solverName": + suggest = "solver_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversDns01Webhook. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversDns01Webhook.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversDns01Webhook.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + group_name: str, + solver_name: str, + config: Optional[Mapping[str, Any]] = None): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + :param str group_name: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + :param str solver_name: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + :param Mapping[str, Any] config: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + pulumi.set(__self__, "group_name", group_name) + pulumi.set(__self__, "solver_name", solver_name) + if config is not None: + pulumi.set(__self__, "config", config) + + @property + @pulumi.getter(name="groupName") + def group_name(self) -> str: + """ + The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + """ + return pulumi.get(self, "group_name") + + @property + @pulumi.getter(name="solverName") + def solver_name(self) -> str: + """ + The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + """ + return pulumi.get(self, "solver_name") + + @property + @pulumi.getter + def config(self) -> Optional[Mapping[str, Any]]: + """ + Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + return pulumi.get(self, "config") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01(dict): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "gatewayHTTPRoute": + suggest = "gateway_http_route" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + gateway_http_route: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01GatewayHttproute'] = None, + ingress: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01Ingress'] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param 'ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteArgs' gateway_http_route: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressArgs' ingress: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + if gateway_http_route is not None: + pulumi.set(__self__, "gateway_http_route", gateway_http_route) + if ingress is not None: + pulumi.set(__self__, "ingress", ingress) + + @property + @pulumi.getter(name="gatewayHTTPRoute") + def gateway_http_route(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01GatewayHttproute']: + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + return pulumi.get(self, "gateway_http_route") + + @property + @pulumi.getter + def ingress(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01Ingress']: + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + return pulumi.get(self, "ingress") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01GatewayHttproute(dict): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "parentRefs": + suggest = "parent_refs" + elif key == "serviceType": + suggest = "service_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01GatewayHttproute. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01GatewayHttproute.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01GatewayHttproute.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + labels: Optional[Mapping[str, str]] = None, + parent_refs: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs']] = None, + service_type: Optional[str] = None): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param Mapping[str, str] labels: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs'] parent_refs: When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + :param str service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if labels is not None: + pulumi.set(__self__, "labels", labels) + if parent_refs is not None: + pulumi.set(__self__, "parent_refs", parent_refs) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter(name="parentRefs") + def parent_refs(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs']]: + """ + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + """ + return pulumi.get(self, "parent_refs") + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[str]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs(dict): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "sectionName": + suggest = "section_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + name: str, + group: Optional[str] = None, + kind: Optional[str] = None, + namespace: Optional[str] = None, + port: Optional[int] = None, + section_name: Optional[str] = None): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + :param str name: Name is the name of the referent. + Support: Core + :param str group: Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + :param str kind: Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + :param str namespace: Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + :param int port: Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + :param str section_name: SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + pulumi.set(__self__, "name", name) + if group is None: + group = 'gateway.networking.k8s.io' + if group is not None: + pulumi.set(__self__, "group", group) + if kind is None: + kind = 'Gateway' + if kind is not None: + pulumi.set(__self__, "kind", kind) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if port is not None: + pulumi.set(__self__, "port", port) + if section_name is not None: + pulumi.set(__self__, "section_name", section_name) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name is the name of the referent. + Support: Core + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def group(self) -> Optional[str]: + """ + Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + """ + return pulumi.get(self, "group") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + """ + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def namespace(self) -> Optional[str]: + """ + Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter + def port(self) -> Optional[int]: + """ + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + """ + return pulumi.get(self, "port") + + @property + @pulumi.getter(name="sectionName") + def section_name(self) -> Optional[str]: + """ + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + return pulumi.get(self, "section_name") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01Ingress(dict): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "class": + suggest = "class_" + elif key == "ingressClassName": + suggest = "ingress_class_name" + elif key == "ingressTemplate": + suggest = "ingress_template" + elif key == "podTemplate": + suggest = "pod_template" + elif key == "serviceType": + suggest = "service_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01Ingress. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01Ingress.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01Ingress.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + class_: Optional[str] = None, + ingress_class_name: Optional[str] = None, + ingress_template: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate'] = None, + name: Optional[str] = None, + pod_template: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate'] = None, + service_type: Optional[str] = None): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + :param str class_: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + :param str ingress_class_name: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs' ingress_template: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param str name: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateArgs' pod_template: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param str service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if class_ is not None: + pulumi.set(__self__, "class_", class_) + if ingress_class_name is not None: + pulumi.set(__self__, "ingress_class_name", ingress_class_name) + if ingress_template is not None: + pulumi.set(__self__, "ingress_template", ingress_template) + if name is not None: + pulumi.set(__self__, "name", name) + if pod_template is not None: + pulumi.set(__self__, "pod_template", pod_template) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter(name="class") + def class_(self) -> Optional[str]: + """ + This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "class_") + + @property + @pulumi.getter(name="ingressClassName") + def ingress_class_name(self) -> Optional[str]: + """ + This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "ingress_class_name") + + @property + @pulumi.getter(name="ingressTemplate") + def ingress_template(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate']: + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + return pulumi.get(self, "ingress_template") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="podTemplate") + def pod_template(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate']: + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + return pulumi.get(self, "pod_template") + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[str]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate(dict): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + def __init__(__self__, *, + metadata: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata'] = None): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs' metadata: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + + @property + @pulumi.getter + def metadata(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata']: + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata(dict): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + def __init__(__self__, *, + annotations: Optional[Mapping[str, str]] = None, + labels: Optional[Mapping[str, str]] = None): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param Mapping[str, str] annotations: Annotations that should be added to the created ACME HTTP01 solver ingress. + :param Mapping[str, str] labels: Labels that should be added to the created ACME HTTP01 solver ingress. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[Mapping[str, str]]: + """ + Annotations that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Labels that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate(dict): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + def __init__(__self__, *, + metadata: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata'] = None, + spec: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec'] = None): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs' metadata: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs' spec: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + + @property + @pulumi.getter + def metadata(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata']: + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec']: + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + return pulumi.get(self, "spec") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata(dict): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + def __init__(__self__, *, + annotations: Optional[Mapping[str, str]] = None, + labels: Optional[Mapping[str, str]] = None): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param Mapping[str, str] annotations: Annotations that should be added to the create ACME HTTP01 solver pods. + :param Mapping[str, str] labels: Labels that should be added to the created ACME HTTP01 solver pods. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[Mapping[str, str]]: + """ + Annotations that should be added to the create ACME HTTP01 solver pods. + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Labels that should be added to the created ACME HTTP01 solver pods. + """ + return pulumi.get(self, "labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec(dict): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "imagePullSecrets": + suggest = "image_pull_secrets" + elif key == "nodeSelector": + suggest = "node_selector" + elif key == "priorityClassName": + suggest = "priority_class_name" + elif key == "serviceAccountName": + suggest = "service_account_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + affinity: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity'] = None, + image_pull_secrets: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets']] = None, + node_selector: Optional[Mapping[str, str]] = None, + priority_class_name: Optional[str] = None, + service_account_name: Optional[str] = None, + tolerations: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations']] = None): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs' affinity: If specified, the pod's scheduling constraints + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs'] image_pull_secrets: If specified, the pod's imagePullSecrets + :param Mapping[str, str] node_selector: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + :param str priority_class_name: If specified, the pod's priorityClassName. + :param str service_account_name: If specified, the pod's service account + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs'] tolerations: If specified, the pod's tolerations. + """ + if affinity is not None: + pulumi.set(__self__, "affinity", affinity) + if image_pull_secrets is not None: + pulumi.set(__self__, "image_pull_secrets", image_pull_secrets) + if node_selector is not None: + pulumi.set(__self__, "node_selector", node_selector) + if priority_class_name is not None: + pulumi.set(__self__, "priority_class_name", priority_class_name) + if service_account_name is not None: + pulumi.set(__self__, "service_account_name", service_account_name) + if tolerations is not None: + pulumi.set(__self__, "tolerations", tolerations) + + @property + @pulumi.getter + def affinity(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity']: + """ + If specified, the pod's scheduling constraints + """ + return pulumi.get(self, "affinity") + + @property + @pulumi.getter(name="imagePullSecrets") + def image_pull_secrets(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets']]: + """ + If specified, the pod's imagePullSecrets + """ + return pulumi.get(self, "image_pull_secrets") + + @property + @pulumi.getter(name="nodeSelector") + def node_selector(self) -> Optional[Mapping[str, str]]: + """ + NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + """ + return pulumi.get(self, "node_selector") + + @property + @pulumi.getter(name="priorityClassName") + def priority_class_name(self) -> Optional[str]: + """ + If specified, the pod's priorityClassName. + """ + return pulumi.get(self, "priority_class_name") + + @property + @pulumi.getter(name="serviceAccountName") + def service_account_name(self) -> Optional[str]: + """ + If specified, the pod's service account + """ + return pulumi.get(self, "service_account_name") + + @property + @pulumi.getter + def tolerations(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations']]: + """ + If specified, the pod's tolerations. + """ + return pulumi.get(self, "tolerations") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity(dict): + """ + If specified, the pod's scheduling constraints + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "nodeAffinity": + suggest = "node_affinity" + elif key == "podAffinity": + suggest = "pod_affinity" + elif key == "podAntiAffinity": + suggest = "pod_anti_affinity" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + node_affinity: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity'] = None, + pod_affinity: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity'] = None, + pod_anti_affinity: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity'] = None): + """ + If specified, the pod's scheduling constraints + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs' node_affinity: Describes node affinity scheduling rules for the pod. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs' pod_affinity: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs' pod_anti_affinity: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + if node_affinity is not None: + pulumi.set(__self__, "node_affinity", node_affinity) + if pod_affinity is not None: + pulumi.set(__self__, "pod_affinity", pod_affinity) + if pod_anti_affinity is not None: + pulumi.set(__self__, "pod_anti_affinity", pod_anti_affinity) + + @property + @pulumi.getter(name="nodeAffinity") + def node_affinity(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity']: + """ + Describes node affinity scheduling rules for the pod. + """ + return pulumi.get(self, "node_affinity") + + @property + @pulumi.getter(name="podAffinity") + def pod_affinity(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity']: + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_affinity") + + @property + @pulumi.getter(name="podAntiAffinity") + def pod_anti_affinity(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity']: + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_anti_affinity") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity(dict): + """ + Describes node affinity scheduling rules for the pod. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution'] = None): + """ + Describes node affinity scheduling rules for the pod. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs' required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution']: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + """ + def __init__(__self__, *, + preference: 'outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference', + weight: int): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs' preference: A node selector term, associated with the corresponding weight. + :param int weight: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + pulumi.set(__self__, "preference", preference) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter + def preference(self) -> 'outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference': + """ + A node selector term, associated with the corresponding weight. + """ + return pulumi.get(self, "preference") + + @property + @pulumi.getter + def weight(self) -> int: + """ + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(dict): + """ + A node selector term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchFields": + suggest = "match_fields" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions']] = None, + match_fields: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields']] = None): + """ + A node selector term, associated with the corresponding weight. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs'] match_expressions: A list of node selector requirements by node's labels. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs'] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions']]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields']]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "nodeSelectorTerms": + suggest = "node_selector_terms" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + node_selector_terms: Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms']): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs'] node_selector_terms: Required. A list of node selector terms. The terms are ORed. + """ + pulumi.set(__self__, "node_selector_terms", node_selector_terms) + + @property + @pulumi.getter(name="nodeSelectorTerms") + def node_selector_terms(self) -> Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms']: + """ + Required. A list of node selector terms. The terms are ORed. + """ + return pulumi.get(self, "node_selector_terms") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(dict): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchFields": + suggest = "match_fields" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions']] = None, + match_fields: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields']] = None): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs'] match_expressions: A list of node selector requirements by node's labels. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs'] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions']]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields']]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity(dict): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution']] = None): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution']]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "podAffinityTerm": + suggest = "pod_affinity_term" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + pod_affinity_term: 'outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + weight: int): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs' pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param int weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> 'outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm': + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @property + @pulumi.getter + def weight(self) -> int: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(dict): + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(dict): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution']] = None): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution']]: + """ + If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "podAffinityTerm": + suggest = "pod_affinity_term" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + pod_affinity_term: 'outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + weight: int): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs' pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param int weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> 'outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm': + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @property + @pulumi.getter + def weight(self) -> int: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(dict): + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets(dict): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + """ + def __init__(__self__, *, + name: Optional[str] = None): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + :param str name: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations(dict): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tolerationSeconds": + suggest = "toleration_seconds" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + effect: Optional[str] = None, + key: Optional[str] = None, + operator: Optional[str] = None, + toleration_seconds: Optional[int] = None, + value: Optional[str] = None): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + :param str effect: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + :param str key: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + :param str operator: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + :param int toleration_seconds: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + :param str value: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + if effect is not None: + pulumi.set(__self__, "effect", effect) + if key is not None: + pulumi.set(__self__, "key", key) + if operator is not None: + pulumi.set(__self__, "operator", operator) + if toleration_seconds is not None: + pulumi.set(__self__, "toleration_seconds", toleration_seconds) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def effect(self) -> Optional[str]: + """ + Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + """ + return pulumi.get(self, "effect") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> Optional[str]: + """ + Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter(name="tolerationSeconds") + def toleration_seconds(self) -> Optional[int]: + """ + TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + """ + return pulumi.get(self, "toleration_seconds") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + """ + Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + return pulumi.get(self, "value") + + +@pulumi.output_type +class ClusterIssuerSpecAcmeSolversSelector(dict): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "dnsNames": + suggest = "dns_names" + elif key == "dnsZones": + suggest = "dns_zones" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecAcmeSolversSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecAcmeSolversSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecAcmeSolversSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + dns_names: Optional[Sequence[str]] = None, + dns_zones: Optional[Sequence[str]] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + :param Sequence[str] dns_names: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param Sequence[str] dns_zones: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param Mapping[str, str] match_labels: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if dns_zones is not None: + pulumi.set(__self__, "dns_zones", dns_zones) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[Sequence[str]]: + """ + List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_names") + + @property + @pulumi.getter(name="dnsZones") + def dns_zones(self) -> Optional[Sequence[str]]: + """ + List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_zones") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class ClusterIssuerSpecCa(dict): + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "secretName": + suggest = "secret_name" + elif key == "crlDistributionPoints": + suggest = "crl_distribution_points" + elif key == "issuingCertificateURLs": + suggest = "issuing_certificate_urls" + elif key == "ocspServers": + suggest = "ocsp_servers" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecCa. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecCa.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecCa.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + secret_name: str, + crl_distribution_points: Optional[Sequence[str]] = None, + issuing_certificate_urls: Optional[Sequence[str]] = None, + ocsp_servers: Optional[Sequence[str]] = None): + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param str secret_name: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + :param Sequence[str] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + :param Sequence[str] issuing_certificate_urls: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + :param Sequence[str] ocsp_servers: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + pulumi.set(__self__, "secret_name", secret_name) + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + if issuing_certificate_urls is not None: + pulumi.set(__self__, "issuing_certificate_urls", issuing_certificate_urls) + if ocsp_servers is not None: + pulumi.set(__self__, "ocsp_servers", ocsp_servers) + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> str: + """ + SecretName is the name of the secret used to sign Certificates issued by this Issuer. + """ + return pulumi.get(self, "secret_name") + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[Sequence[str]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + """ + return pulumi.get(self, "crl_distribution_points") + + @property + @pulumi.getter(name="issuingCertificateURLs") + def issuing_certificate_urls(self) -> Optional[Sequence[str]]: + """ + IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + """ + return pulumi.get(self, "issuing_certificate_urls") + + @property + @pulumi.getter(name="ocspServers") + def ocsp_servers(self) -> Optional[Sequence[str]]: + """ + The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + return pulumi.get(self, "ocsp_servers") + + +@pulumi.output_type +class ClusterIssuerSpecSelfSigned(dict): + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "crlDistributionPoints": + suggest = "crl_distribution_points" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecSelfSigned. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecSelfSigned.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecSelfSigned.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + crl_distribution_points: Optional[Sequence[str]] = None): + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param Sequence[str] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[Sequence[str]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + return pulumi.get(self, "crl_distribution_points") + + +@pulumi.output_type +class ClusterIssuerSpecVault(dict): + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "caBundle": + suggest = "ca_bundle" + elif key == "caBundleSecretRef": + suggest = "ca_bundle_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecVault. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecVault.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecVault.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + auth: 'outputs.ClusterIssuerSpecVaultAuth', + path: str, + server: str, + ca_bundle: Optional[str] = None, + ca_bundle_secret_ref: Optional['outputs.ClusterIssuerSpecVaultCaBundleSecretRef'] = None, + namespace: Optional[str] = None): + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param 'ClusterIssuerSpecVaultAuthArgs' auth: Auth configures how cert-manager authenticates with the Vault server. + :param str path: Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + :param str server: Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + :param str ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + :param 'ClusterIssuerSpecVaultCaBundleSecretRefArgs' ca_bundle_secret_ref: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param str namespace: Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + pulumi.set(__self__, "auth", auth) + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if ca_bundle_secret_ref is not None: + pulumi.set(__self__, "ca_bundle_secret_ref", ca_bundle_secret_ref) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + + @property + @pulumi.getter + def auth(self) -> 'outputs.ClusterIssuerSpecVaultAuth': + """ + Auth configures how cert-manager authenticates with the Vault server. + """ + return pulumi.get(self, "auth") + + @property + @pulumi.getter + def path(self) -> str: + """ + Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + """ + return pulumi.get(self, "path") + + @property + @pulumi.getter + def server(self) -> str: + """ + Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + """ + return pulumi.get(self, "server") + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[str]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @property + @pulumi.getter(name="caBundleSecretRef") + def ca_bundle_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecVaultCaBundleSecretRef']: + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + """ + return pulumi.get(self, "ca_bundle_secret_ref") + + @property + @pulumi.getter + def namespace(self) -> Optional[str]: + """ + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + return pulumi.get(self, "namespace") + + +@pulumi.output_type +class ClusterIssuerSpecVaultAuth(dict): + """ + Auth configures how cert-manager authenticates with the Vault server. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "appRole": + suggest = "app_role" + elif key == "tokenSecretRef": + suggest = "token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecVaultAuth. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecVaultAuth.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecVaultAuth.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + app_role: Optional['outputs.ClusterIssuerSpecVaultAuthAppRole'] = None, + kubernetes: Optional['outputs.ClusterIssuerSpecVaultAuthKubernetes'] = None, + token_secret_ref: Optional['outputs.ClusterIssuerSpecVaultAuthTokenSecretRef'] = None): + """ + Auth configures how cert-manager authenticates with the Vault server. + :param 'ClusterIssuerSpecVaultAuthAppRoleArgs' app_role: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param 'ClusterIssuerSpecVaultAuthKubernetesArgs' kubernetes: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param 'ClusterIssuerSpecVaultAuthTokenSecretRefArgs' token_secret_ref: TokenSecretRef authenticates with Vault by presenting a token. + """ + if app_role is not None: + pulumi.set(__self__, "app_role", app_role) + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if token_secret_ref is not None: + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="appRole") + def app_role(self) -> Optional['outputs.ClusterIssuerSpecVaultAuthAppRole']: + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + """ + return pulumi.get(self, "app_role") + + @property + @pulumi.getter + def kubernetes(self) -> Optional['outputs.ClusterIssuerSpecVaultAuthKubernetes']: + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + """ + return pulumi.get(self, "kubernetes") + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> Optional['outputs.ClusterIssuerSpecVaultAuthTokenSecretRef']: + """ + TokenSecretRef authenticates with Vault by presenting a token. + """ + return pulumi.get(self, "token_secret_ref") + + +@pulumi.output_type +class ClusterIssuerSpecVaultAuthAppRole(dict): + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "roleId": + suggest = "role_id" + elif key == "secretRef": + suggest = "secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecVaultAuthAppRole. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecVaultAuthAppRole.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecVaultAuthAppRole.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + path: str, + role_id: str, + secret_ref: 'outputs.ClusterIssuerSpecVaultAuthAppRoleSecretRef'): + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param str path: Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + :param str role_id: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + :param 'ClusterIssuerSpecVaultAuthAppRoleSecretRefArgs' secret_ref: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "role_id", role_id) + pulumi.set(__self__, "secret_ref", secret_ref) + + @property + @pulumi.getter + def path(self) -> str: + """ + Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + """ + return pulumi.get(self, "path") + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> str: + """ + RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + """ + return pulumi.get(self, "role_id") + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> 'outputs.ClusterIssuerSpecVaultAuthAppRoleSecretRef': + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + return pulumi.get(self, "secret_ref") + + +@pulumi.output_type +class ClusterIssuerSpecVaultAuthAppRoleSecretRef(dict): + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecVaultAuthKubernetes(dict): + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "mountPath": + suggest = "mount_path" + elif key == "secretRef": + suggest = "secret_ref" + elif key == "serviceAccountRef": + suggest = "service_account_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecVaultAuthKubernetes. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecVaultAuthKubernetes.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecVaultAuthKubernetes.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + role: str, + mount_path: Optional[str] = None, + secret_ref: Optional['outputs.ClusterIssuerSpecVaultAuthKubernetesSecretRef'] = None, + service_account_ref: Optional['outputs.ClusterIssuerSpecVaultAuthKubernetesServiceAccountRef'] = None): + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param str role: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + :param str mount_path: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + :param 'ClusterIssuerSpecVaultAuthKubernetesSecretRefArgs' secret_ref: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param 'ClusterIssuerSpecVaultAuthKubernetesServiceAccountRefArgs' service_account_ref: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + pulumi.set(__self__, "role", role) + if mount_path is not None: + pulumi.set(__self__, "mount_path", mount_path) + if secret_ref is not None: + pulumi.set(__self__, "secret_ref", secret_ref) + if service_account_ref is not None: + pulumi.set(__self__, "service_account_ref", service_account_ref) + + @property + @pulumi.getter + def role(self) -> str: + """ + A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + """ + return pulumi.get(self, "role") + + @property + @pulumi.getter(name="mountPath") + def mount_path(self) -> Optional[str]: + """ + The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + """ + return pulumi.get(self, "mount_path") + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> Optional['outputs.ClusterIssuerSpecVaultAuthKubernetesSecretRef']: + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + """ + return pulumi.get(self, "secret_ref") + + @property + @pulumi.getter(name="serviceAccountRef") + def service_account_ref(self) -> Optional['outputs.ClusterIssuerSpecVaultAuthKubernetesServiceAccountRef']: + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + return pulumi.get(self, "service_account_ref") + + +@pulumi.output_type +class ClusterIssuerSpecVaultAuthKubernetesSecretRef(dict): + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecVaultAuthKubernetesServiceAccountRef(dict): + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + def __init__(__self__, *, + name: str): + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + :param str name: Name of the ServiceAccount used to request a token. + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the ServiceAccount used to request a token. + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class ClusterIssuerSpecVaultAuthTokenSecretRef(dict): + """ + TokenSecretRef authenticates with Vault by presenting a token. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + TokenSecretRef authenticates with Vault by presenting a token. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecVaultCaBundleSecretRef(dict): + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecVenafi(dict): + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + def __init__(__self__, *, + zone: str, + cloud: Optional['outputs.ClusterIssuerSpecVenafiCloud'] = None, + tpp: Optional['outputs.ClusterIssuerSpecVenafiTpp'] = None): + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + :param str zone: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + :param 'ClusterIssuerSpecVenafiCloudArgs' cloud: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param 'ClusterIssuerSpecVenafiTppArgs' tpp: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + pulumi.set(__self__, "zone", zone) + if cloud is not None: + pulumi.set(__self__, "cloud", cloud) + if tpp is not None: + pulumi.set(__self__, "tpp", tpp) + + @property + @pulumi.getter + def zone(self) -> str: + """ + Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + """ + return pulumi.get(self, "zone") + + @property + @pulumi.getter + def cloud(self) -> Optional['outputs.ClusterIssuerSpecVenafiCloud']: + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "cloud") + + @property + @pulumi.getter + def tpp(self) -> Optional['outputs.ClusterIssuerSpecVenafiTpp']: + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "tpp") + + +@pulumi.output_type +class ClusterIssuerSpecVenafiCloud(dict): + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "apiTokenSecretRef": + suggest = "api_token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecVenafiCloud. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecVenafiCloud.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecVenafiCloud.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + api_token_secret_ref: 'outputs.ClusterIssuerSpecVenafiCloudApiTokenSecretRef', + url: Optional[str] = None): + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param 'ClusterIssuerSpecVenafiCloudApiTokenSecretRefArgs' api_token_secret_ref: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param str url: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> 'outputs.ClusterIssuerSpecVenafiCloudApiTokenSecretRef': + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + """ + return pulumi.get(self, "api_token_secret_ref") + + @property + @pulumi.getter + def url(self) -> Optional[str]: + """ + URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + return pulumi.get(self, "url") + + +@pulumi.output_type +class ClusterIssuerSpecVenafiCloudApiTokenSecretRef(dict): + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class ClusterIssuerSpecVenafiTpp(dict): + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "credentialsRef": + suggest = "credentials_ref" + elif key == "caBundle": + suggest = "ca_bundle" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerSpecVenafiTpp. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerSpecVenafiTpp.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerSpecVenafiTpp.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + credentials_ref: 'outputs.ClusterIssuerSpecVenafiTppCredentialsRef', + url: str, + ca_bundle: Optional[str] = None): + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + :param 'ClusterIssuerSpecVenafiTppCredentialsRefArgs' credentials_ref: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param str url: URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + :param str ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + pulumi.set(__self__, "credentials_ref", credentials_ref) + pulumi.set(__self__, "url", url) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + + @property + @pulumi.getter(name="credentialsRef") + def credentials_ref(self) -> 'outputs.ClusterIssuerSpecVenafiTppCredentialsRef': + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + """ + return pulumi.get(self, "credentials_ref") + + @property + @pulumi.getter + def url(self) -> str: + """ + URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + """ + return pulumi.get(self, "url") + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[str]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + return pulumi.get(self, "ca_bundle") + + +@pulumi.output_type +class ClusterIssuerSpecVenafiTppCredentialsRef(dict): + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + """ + def __init__(__self__, *, + name: str): + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class ClusterIssuerStatus(dict): + """ + Status of the ClusterIssuer. This is set and managed automatically. + """ + def __init__(__self__, *, + acme: Optional['outputs.ClusterIssuerStatusAcme'] = None, + conditions: Optional[Sequence['outputs.ClusterIssuerStatusConditions']] = None): + """ + Status of the ClusterIssuer. This is set and managed automatically. + :param 'ClusterIssuerStatusAcmeArgs' acme: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param Sequence['ClusterIssuerStatusConditionsArgs'] conditions: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + + @property + @pulumi.getter + def acme(self) -> Optional['outputs.ClusterIssuerStatusAcme']: + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + """ + return pulumi.get(self, "acme") + + @property + @pulumi.getter + def conditions(self) -> Optional[Sequence['outputs.ClusterIssuerStatusConditions']]: + """ + List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + return pulumi.get(self, "conditions") + + +@pulumi.output_type +class ClusterIssuerStatusAcme(dict): + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastPrivateKeyHash": + suggest = "last_private_key_hash" + elif key == "lastRegisteredEmail": + suggest = "last_registered_email" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerStatusAcme. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerStatusAcme.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerStatusAcme.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + last_private_key_hash: Optional[str] = None, + last_registered_email: Optional[str] = None, + uri: Optional[str] = None): + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param str last_private_key_hash: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param str last_registered_email: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param str uri: URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + if last_private_key_hash is not None: + pulumi.set(__self__, "last_private_key_hash", last_private_key_hash) + if last_registered_email is not None: + pulumi.set(__self__, "last_registered_email", last_registered_email) + if uri is not None: + pulumi.set(__self__, "uri", uri) + + @property + @pulumi.getter(name="lastPrivateKeyHash") + def last_private_key_hash(self) -> Optional[str]: + """ + LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_private_key_hash") + + @property + @pulumi.getter(name="lastRegisteredEmail") + def last_registered_email(self) -> Optional[str]: + """ + LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_registered_email") + + @property + @pulumi.getter + def uri(self) -> Optional[str]: + """ + URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + return pulumi.get(self, "uri") + + +@pulumi.output_type +class ClusterIssuerStatusConditions(dict): + """ + IssuerCondition contains condition information for an Issuer. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastTransitionTime": + suggest = "last_transition_time" + elif key == "observedGeneration": + suggest = "observed_generation" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ClusterIssuerStatusConditions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ClusterIssuerStatusConditions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ClusterIssuerStatusConditions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + status: str, + type: str, + last_transition_time: Optional[str] = None, + message: Optional[str] = None, + observed_generation: Optional[int] = None, + reason: Optional[str] = None): + """ + IssuerCondition contains condition information for an Issuer. + :param str status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param str type: Type of the condition, known values are (`Ready`). + :param str last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param str message: Message is a human readable description of the details of the last transition, complementing reason. + :param int observed_generation: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + :param str reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if observed_generation is not None: + pulumi.set(__self__, "observed_generation", observed_generation) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> str: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @property + @pulumi.getter + def type(self) -> str: + """ + Type of the condition, known values are (`Ready`). + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[str]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @property + @pulumi.getter + def message(self) -> Optional[str]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @property + @pulumi.getter(name="observedGeneration") + def observed_generation(self) -> Optional[int]: + """ + If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + """ + return pulumi.get(self, "observed_generation") + + @property + @pulumi.getter + def reason(self) -> Optional[str]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + +@pulumi.output_type +class IssuerSpec(dict): + """ + Desired state of the Issuer resource. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "selfSigned": + suggest = "self_signed" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + acme: Optional['outputs.IssuerSpecAcme'] = None, + ca: Optional['outputs.IssuerSpecCa'] = None, + self_signed: Optional['outputs.IssuerSpecSelfSigned'] = None, + vault: Optional['outputs.IssuerSpecVault'] = None, + venafi: Optional['outputs.IssuerSpecVenafi'] = None): + """ + Desired state of the Issuer resource. + :param 'IssuerSpecAcmeArgs' acme: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param 'IssuerSpecCaArgs' ca: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param 'IssuerSpecSelfSignedArgs' self_signed: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param 'IssuerSpecVaultArgs' vault: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param 'IssuerSpecVenafiArgs' venafi: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if ca is not None: + pulumi.set(__self__, "ca", ca) + if self_signed is not None: + pulumi.set(__self__, "self_signed", self_signed) + if vault is not None: + pulumi.set(__self__, "vault", vault) + if venafi is not None: + pulumi.set(__self__, "venafi", venafi) + + @property + @pulumi.getter + def acme(self) -> Optional['outputs.IssuerSpecAcme']: + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + """ + return pulumi.get(self, "acme") + + @property + @pulumi.getter + def ca(self) -> Optional['outputs.IssuerSpecCa']: + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + """ + return pulumi.get(self, "ca") + + @property + @pulumi.getter(name="selfSigned") + def self_signed(self) -> Optional['outputs.IssuerSpecSelfSigned']: + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + """ + return pulumi.get(self, "self_signed") + + @property + @pulumi.getter + def vault(self) -> Optional['outputs.IssuerSpecVault']: + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + """ + return pulumi.get(self, "vault") + + @property + @pulumi.getter + def venafi(self) -> Optional['outputs.IssuerSpecVenafi']: + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + return pulumi.get(self, "venafi") + + +@pulumi.output_type +class IssuerSpecAcme(dict): + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "privateKeySecretRef": + suggest = "private_key_secret_ref" + elif key == "caBundle": + suggest = "ca_bundle" + elif key == "disableAccountKeyGeneration": + suggest = "disable_account_key_generation" + elif key == "enableDurationFeature": + suggest = "enable_duration_feature" + elif key == "externalAccountBinding": + suggest = "external_account_binding" + elif key == "preferredChain": + suggest = "preferred_chain" + elif key == "skipTLSVerify": + suggest = "skip_tls_verify" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcme. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcme.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcme.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + private_key_secret_ref: 'outputs.IssuerSpecAcmePrivateKeySecretRef', + server: str, + ca_bundle: Optional[str] = None, + disable_account_key_generation: Optional[bool] = None, + email: Optional[str] = None, + enable_duration_feature: Optional[bool] = None, + external_account_binding: Optional['outputs.IssuerSpecAcmeExternalAccountBinding'] = None, + preferred_chain: Optional[str] = None, + skip_tls_verify: Optional[bool] = None, + solvers: Optional[Sequence['outputs.IssuerSpecAcmeSolvers']] = None): + """ + ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + :param 'IssuerSpecAcmePrivateKeySecretRefArgs' private_key_secret_ref: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param str server: Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + :param str ca_bundle: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + :param bool disable_account_key_generation: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + :param str email: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + :param bool enable_duration_feature: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + :param 'IssuerSpecAcmeExternalAccountBindingArgs' external_account_binding: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param str preferred_chain: PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + :param bool skip_tls_verify: INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + :param Sequence['IssuerSpecAcmeSolversArgs'] solvers: Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + pulumi.set(__self__, "private_key_secret_ref", private_key_secret_ref) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if disable_account_key_generation is not None: + pulumi.set(__self__, "disable_account_key_generation", disable_account_key_generation) + if email is not None: + pulumi.set(__self__, "email", email) + if enable_duration_feature is not None: + pulumi.set(__self__, "enable_duration_feature", enable_duration_feature) + if external_account_binding is not None: + pulumi.set(__self__, "external_account_binding", external_account_binding) + if preferred_chain is not None: + pulumi.set(__self__, "preferred_chain", preferred_chain) + if skip_tls_verify is not None: + pulumi.set(__self__, "skip_tls_verify", skip_tls_verify) + if solvers is not None: + pulumi.set(__self__, "solvers", solvers) + + @property + @pulumi.getter(name="privateKeySecretRef") + def private_key_secret_ref(self) -> 'outputs.IssuerSpecAcmePrivateKeySecretRef': + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + """ + return pulumi.get(self, "private_key_secret_ref") + + @property + @pulumi.getter + def server(self) -> str: + """ + Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + """ + return pulumi.get(self, "server") + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[str]: + """ + Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @property + @pulumi.getter(name="disableAccountKeyGeneration") + def disable_account_key_generation(self) -> Optional[bool]: + """ + Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + """ + return pulumi.get(self, "disable_account_key_generation") + + @property + @pulumi.getter + def email(self) -> Optional[str]: + """ + Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + """ + return pulumi.get(self, "email") + + @property + @pulumi.getter(name="enableDurationFeature") + def enable_duration_feature(self) -> Optional[bool]: + """ + Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + """ + return pulumi.get(self, "enable_duration_feature") + + @property + @pulumi.getter(name="externalAccountBinding") + def external_account_binding(self) -> Optional['outputs.IssuerSpecAcmeExternalAccountBinding']: + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + """ + return pulumi.get(self, "external_account_binding") + + @property + @pulumi.getter(name="preferredChain") + def preferred_chain(self) -> Optional[str]: + """ + PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + """ + return pulumi.get(self, "preferred_chain") + + @property + @pulumi.getter(name="skipTLSVerify") + def skip_tls_verify(self) -> Optional[bool]: + """ + INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false. + """ + return pulumi.get(self, "skip_tls_verify") + + @property + @pulumi.getter + def solvers(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolvers']]: + """ + Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + """ + return pulumi.get(self, "solvers") + + +@pulumi.output_type +class IssuerSpecAcmeExternalAccountBinding(dict): + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "keyID": + suggest = "key_id" + elif key == "keySecretRef": + suggest = "key_secret_ref" + elif key == "keyAlgorithm": + suggest = "key_algorithm" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeExternalAccountBinding. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeExternalAccountBinding.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeExternalAccountBinding.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + key_id: str, + key_secret_ref: 'outputs.IssuerSpecAcmeExternalAccountBindingKeySecretRef', + key_algorithm: Optional[str] = None): + """ + ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + :param str key_id: keyID is the ID of the CA key that the External Account is bound to. + :param 'IssuerSpecAcmeExternalAccountBindingKeySecretRefArgs' key_secret_ref: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param str key_algorithm: Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + pulumi.set(__self__, "key_id", key_id) + pulumi.set(__self__, "key_secret_ref", key_secret_ref) + if key_algorithm is not None: + pulumi.set(__self__, "key_algorithm", key_algorithm) + + @property + @pulumi.getter(name="keyID") + def key_id(self) -> str: + """ + keyID is the ID of the CA key that the External Account is bound to. + """ + return pulumi.get(self, "key_id") + + @property + @pulumi.getter(name="keySecretRef") + def key_secret_ref(self) -> 'outputs.IssuerSpecAcmeExternalAccountBindingKeySecretRef': + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + """ + return pulumi.get(self, "key_secret_ref") + + @property + @pulumi.getter(name="keyAlgorithm") + def key_algorithm(self) -> Optional[str]: + """ + Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + """ + return pulumi.get(self, "key_algorithm") + + +@pulumi.output_type +class IssuerSpecAcmeExternalAccountBindingKeySecretRef(dict): + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmePrivateKeySecretRef(dict): + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolvers(dict): + """ + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + """ + def __init__(__self__, *, + dns01: Optional['outputs.IssuerSpecAcmeSolversDns01'] = None, + http01: Optional['outputs.IssuerSpecAcmeSolversHttp01'] = None, + selector: Optional['outputs.IssuerSpecAcmeSolversSelector'] = None): + """ + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + :param 'IssuerSpecAcmeSolversDns01Args' dns01: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param 'IssuerSpecAcmeSolversHttp01Args' http01: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param 'IssuerSpecAcmeSolversSelectorArgs' selector: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + if dns01 is not None: + pulumi.set(__self__, "dns01", dns01) + if http01 is not None: + pulumi.set(__self__, "http01", http01) + if selector is not None: + pulumi.set(__self__, "selector", selector) + + @property + @pulumi.getter + def dns01(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01']: + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + return pulumi.get(self, "dns01") + + @property + @pulumi.getter + def http01(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01']: + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + return pulumi.get(self, "http01") + + @property + @pulumi.getter + def selector(self) -> Optional['outputs.IssuerSpecAcmeSolversSelector']: + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + return pulumi.get(self, "selector") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01(dict): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "acmeDNS": + suggest = "acme_dns" + elif key == "azureDNS": + suggest = "azure_dns" + elif key == "cloudDNS": + suggest = "cloud_dns" + elif key == "cnameStrategy": + suggest = "cname_strategy" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + acme_dns: Optional['outputs.IssuerSpecAcmeSolversDns01AcmeDns'] = None, + akamai: Optional['outputs.IssuerSpecAcmeSolversDns01Akamai'] = None, + azure_dns: Optional['outputs.IssuerSpecAcmeSolversDns01AzureDns'] = None, + cloud_dns: Optional['outputs.IssuerSpecAcmeSolversDns01CloudDns'] = None, + cloudflare: Optional['outputs.IssuerSpecAcmeSolversDns01Cloudflare'] = None, + cname_strategy: Optional[str] = None, + digitalocean: Optional['outputs.IssuerSpecAcmeSolversDns01Digitalocean'] = None, + rfc2136: Optional['outputs.IssuerSpecAcmeSolversDns01Rfc2136'] = None, + route53: Optional['outputs.IssuerSpecAcmeSolversDns01Route53'] = None, + webhook: Optional['outputs.IssuerSpecAcmeSolversDns01Webhook'] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + :param 'IssuerSpecAcmeSolversDns01AcmeDnsArgs' acme_dns: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01AkamaiArgs' akamai: Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01AzureDnsArgs' azure_dns: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01CloudDnsArgs' cloud_dns: Use the Google Cloud DNS API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01CloudflareArgs' cloudflare: Use the Cloudflare API to manage DNS01 challenge records. + :param str cname_strategy: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + :param 'IssuerSpecAcmeSolversDns01DigitaloceanArgs' digitalocean: Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01Rfc2136Args' rfc2136: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01Route53Args' route53: Use the AWS Route53 API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01WebhookArgs' webhook: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + if acme_dns is not None: + pulumi.set(__self__, "acme_dns", acme_dns) + if akamai is not None: + pulumi.set(__self__, "akamai", akamai) + if azure_dns is not None: + pulumi.set(__self__, "azure_dns", azure_dns) + if cloud_dns is not None: + pulumi.set(__self__, "cloud_dns", cloud_dns) + if cloudflare is not None: + pulumi.set(__self__, "cloudflare", cloudflare) + if cname_strategy is not None: + pulumi.set(__self__, "cname_strategy", cname_strategy) + if digitalocean is not None: + pulumi.set(__self__, "digitalocean", digitalocean) + if rfc2136 is not None: + pulumi.set(__self__, "rfc2136", rfc2136) + if route53 is not None: + pulumi.set(__self__, "route53", route53) + if webhook is not None: + pulumi.set(__self__, "webhook", webhook) + + @property + @pulumi.getter(name="acmeDNS") + def acme_dns(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01AcmeDns']: + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + return pulumi.get(self, "acme_dns") + + @property + @pulumi.getter + def akamai(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Akamai']: + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + return pulumi.get(self, "akamai") + + @property + @pulumi.getter(name="azureDNS") + def azure_dns(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01AzureDns']: + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "azure_dns") + + @property + @pulumi.getter(name="cloudDNS") + def cloud_dns(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01CloudDns']: + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloud_dns") + + @property + @pulumi.getter + def cloudflare(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Cloudflare']: + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + return pulumi.get(self, "cloudflare") + + @property + @pulumi.getter(name="cnameStrategy") + def cname_strategy(self) -> Optional[str]: + """ + CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + """ + return pulumi.get(self, "cname_strategy") + + @property + @pulumi.getter + def digitalocean(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Digitalocean']: + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + return pulumi.get(self, "digitalocean") + + @property + @pulumi.getter + def rfc2136(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Rfc2136']: + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + return pulumi.get(self, "rfc2136") + + @property + @pulumi.getter + def route53(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Route53']: + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + return pulumi.get(self, "route53") + + @property + @pulumi.getter + def webhook(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Webhook']: + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + return pulumi.get(self, "webhook") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AcmeDns(dict): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accountSecretRef": + suggest = "account_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01AcmeDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01AcmeDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01AcmeDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + account_secret_ref: 'outputs.IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef', + host: str): + """ + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRefArgs' account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "account_secret_ref", account_secret_ref) + pulumi.set(__self__, "host", host) + + @property + @pulumi.getter(name="accountSecretRef") + def account_secret_ref(self) -> 'outputs.IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "account_secret_ref") + + @property + @pulumi.getter + def host(self) -> str: + return pulumi.get(self, "host") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Akamai(dict): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessTokenSecretRef": + suggest = "access_token_secret_ref" + elif key == "clientSecretSecretRef": + suggest = "client_secret_secret_ref" + elif key == "clientTokenSecretRef": + suggest = "client_token_secret_ref" + elif key == "serviceConsumerDomain": + suggest = "service_consumer_domain" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01Akamai. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01Akamai.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01Akamai.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + access_token_secret_ref: 'outputs.IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef', + client_secret_secret_ref: 'outputs.IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef', + client_token_secret_ref: 'outputs.IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef', + service_consumer_domain: str): + """ + Use the Akamai DNS zone management API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRefArgs' access_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param 'IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRefArgs' client_secret_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param 'IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRefArgs' client_token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "access_token_secret_ref", access_token_secret_ref) + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + pulumi.set(__self__, "client_token_secret_ref", client_token_secret_ref) + pulumi.set(__self__, "service_consumer_domain", service_consumer_domain) + + @property + @pulumi.getter(name="accessTokenSecretRef") + def access_token_secret_ref(self) -> 'outputs.IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "access_token_secret_ref") + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> 'outputs.IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @property + @pulumi.getter(name="clientTokenSecretRef") + def client_token_secret_ref(self) -> 'outputs.IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "client_token_secret_ref") + + @property + @pulumi.getter(name="serviceConsumerDomain") + def service_consumer_domain(self) -> str: + return pulumi.get(self, "service_consumer_domain") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AzureDns(dict): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "resourceGroupName": + suggest = "resource_group_name" + elif key == "subscriptionID": + suggest = "subscription_id" + elif key == "clientID": + suggest = "client_id" + elif key == "clientSecretSecretRef": + suggest = "client_secret_secret_ref" + elif key == "hostedZoneName": + suggest = "hosted_zone_name" + elif key == "managedIdentity": + suggest = "managed_identity" + elif key == "tenantID": + suggest = "tenant_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01AzureDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01AzureDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01AzureDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + resource_group_name: str, + subscription_id: str, + client_id: Optional[str] = None, + client_secret_secret_ref: Optional['outputs.IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef'] = None, + environment: Optional[str] = None, + hosted_zone_name: Optional[str] = None, + managed_identity: Optional['outputs.IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity'] = None, + tenant_id: Optional[str] = None): + """ + Use the Microsoft Azure DNS API to manage DNS01 challenge records. + :param str resource_group_name: resource group the DNS zone is located in + :param str subscription_id: ID of the Azure subscription + :param str client_id: Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + :param 'IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRefArgs' client_secret_secret_ref: Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param str environment: name of the Azure environment (default AzurePublicCloud) + :param str hosted_zone_name: name of the DNS zone that should be used + :param 'IssuerSpecAcmeSolversDns01AzureDnsManagedIdentityArgs' managed_identity: Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param str tenant_id: Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + pulumi.set(__self__, "resource_group_name", resource_group_name) + pulumi.set(__self__, "subscription_id", subscription_id) + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret_secret_ref is not None: + pulumi.set(__self__, "client_secret_secret_ref", client_secret_secret_ref) + if environment is not None: + pulumi.set(__self__, "environment", environment) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if managed_identity is not None: + pulumi.set(__self__, "managed_identity", managed_identity) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + + @property + @pulumi.getter(name="resourceGroupName") + def resource_group_name(self) -> str: + """ + resource group the DNS zone is located in + """ + return pulumi.get(self, "resource_group_name") + + @property + @pulumi.getter(name="subscriptionID") + def subscription_id(self) -> str: + """ + ID of the Azure subscription + """ + return pulumi.get(self, "subscription_id") + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[str]: + """ + Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set. + """ + return pulumi.get(self, "client_id") + + @property + @pulumi.getter(name="clientSecretSecretRef") + def client_secret_secret_ref(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef']: + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + return pulumi.get(self, "client_secret_secret_ref") + + @property + @pulumi.getter + def environment(self) -> Optional[str]: + """ + name of the Azure environment (default AzurePublicCloud) + """ + return pulumi.get(self, "environment") + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[str]: + """ + name of the DNS zone that should be used + """ + return pulumi.get(self, "hosted_zone_name") + + @property + @pulumi.getter(name="managedIdentity") + def managed_identity(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity']: + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + return pulumi.get(self, "managed_identity") + + @property + @pulumi.getter(name="tenantID") + def tenant_id(self) -> Optional[str]: + """ + Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. + """ + return pulumi.get(self, "tenant_id") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef(dict): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity(dict): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "clientID": + suggest = "client_id" + elif key == "resourceID": + suggest = "resource_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + client_id: Optional[str] = None, + resource_id: Optional[str] = None): + """ + Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set. + :param str client_id: client ID of the managed identity, can not be used at the same time as resourceID + :param str resource_id: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if resource_id is not None: + pulumi.set(__self__, "resource_id", resource_id) + + @property + @pulumi.getter(name="clientID") + def client_id(self) -> Optional[str]: + """ + client ID of the managed identity, can not be used at the same time as resourceID + """ + return pulumi.get(self, "client_id") + + @property + @pulumi.getter(name="resourceID") + def resource_id(self) -> Optional[str]: + """ + resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity + """ + return pulumi.get(self, "resource_id") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01CloudDns(dict): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "hostedZoneName": + suggest = "hosted_zone_name" + elif key == "serviceAccountSecretRef": + suggest = "service_account_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01CloudDns. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01CloudDns.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01CloudDns.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + project: str, + hosted_zone_name: Optional[str] = None, + service_account_secret_ref: Optional['outputs.IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef'] = None): + """ + Use the Google Cloud DNS API to manage DNS01 challenge records. + :param str hosted_zone_name: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + :param 'IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRefArgs' service_account_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "project", project) + if hosted_zone_name is not None: + pulumi.set(__self__, "hosted_zone_name", hosted_zone_name) + if service_account_secret_ref is not None: + pulumi.set(__self__, "service_account_secret_ref", service_account_secret_ref) + + @property + @pulumi.getter + def project(self) -> str: + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="hostedZoneName") + def hosted_zone_name(self) -> Optional[str]: + """ + HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + """ + return pulumi.get(self, "hosted_zone_name") + + @property + @pulumi.getter(name="serviceAccountSecretRef") + def service_account_secret_ref(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef']: + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "service_account_secret_ref") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Cloudflare(dict): + """ + Use the Cloudflare API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "apiKeySecretRef": + suggest = "api_key_secret_ref" + elif key == "apiTokenSecretRef": + suggest = "api_token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01Cloudflare. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01Cloudflare.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01Cloudflare.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + api_key_secret_ref: Optional['outputs.IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef'] = None, + api_token_secret_ref: Optional['outputs.IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef'] = None, + email: Optional[str] = None): + """ + Use the Cloudflare API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRefArgs' api_key_secret_ref: API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param 'IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRefArgs' api_token_secret_ref: API token used to authenticate with Cloudflare. + :param str email: Email of the account, only required when using API key based authentication. + """ + if api_key_secret_ref is not None: + pulumi.set(__self__, "api_key_secret_ref", api_key_secret_ref) + if api_token_secret_ref is not None: + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if email is not None: + pulumi.set(__self__, "email", email) + + @property + @pulumi.getter(name="apiKeySecretRef") + def api_key_secret_ref(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef']: + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + return pulumi.get(self, "api_key_secret_ref") + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef']: + """ + API token used to authenticate with Cloudflare. + """ + return pulumi.get(self, "api_token_secret_ref") + + @property + @pulumi.getter + def email(self) -> Optional[str]: + """ + Email of the account, only required when using API key based authentication. + """ + return pulumi.get(self, "email") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef(dict): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef(dict): + """ + API token used to authenticate with Cloudflare. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + API token used to authenticate with Cloudflare. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Digitalocean(dict): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tokenSecretRef": + suggest = "token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01Digitalocean. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01Digitalocean.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01Digitalocean.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + token_secret_ref: 'outputs.IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef'): + """ + Use the DigitalOcean DNS API to manage DNS01 challenge records. + :param 'IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRefArgs' token_secret_ref: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> 'outputs.IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef': + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + return pulumi.get(self, "token_secret_ref") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef(dict): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Rfc2136(dict): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tsigAlgorithm": + suggest = "tsig_algorithm" + elif key == "tsigKeyName": + suggest = "tsig_key_name" + elif key == "tsigSecretSecretRef": + suggest = "tsig_secret_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01Rfc2136. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01Rfc2136.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01Rfc2136.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + nameserver: str, + tsig_algorithm: Optional[str] = None, + tsig_key_name: Optional[str] = None, + tsig_secret_secret_ref: Optional['outputs.IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef'] = None): + """ + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + :param str nameserver: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + :param str tsig_algorithm: The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + :param str tsig_key_name: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + :param 'IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRefArgs' tsig_secret_secret_ref: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + pulumi.set(__self__, "nameserver", nameserver) + if tsig_algorithm is not None: + pulumi.set(__self__, "tsig_algorithm", tsig_algorithm) + if tsig_key_name is not None: + pulumi.set(__self__, "tsig_key_name", tsig_key_name) + if tsig_secret_secret_ref is not None: + pulumi.set(__self__, "tsig_secret_secret_ref", tsig_secret_secret_ref) + + @property + @pulumi.getter + def nameserver(self) -> str: + """ + The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + """ + return pulumi.get(self, "nameserver") + + @property + @pulumi.getter(name="tsigAlgorithm") + def tsig_algorithm(self) -> Optional[str]: + """ + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + """ + return pulumi.get(self, "tsig_algorithm") + + @property + @pulumi.getter(name="tsigKeyName") + def tsig_key_name(self) -> Optional[str]: + """ + The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_key_name") + + @property + @pulumi.getter(name="tsigSecretSecretRef") + def tsig_secret_secret_ref(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef']: + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + return pulumi.get(self, "tsig_secret_secret_ref") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef(dict): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Route53(dict): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessKeyID": + suggest = "access_key_id" + elif key == "accessKeyIDSecretRef": + suggest = "access_key_id_secret_ref" + elif key == "hostedZoneID": + suggest = "hosted_zone_id" + elif key == "secretAccessKeySecretRef": + suggest = "secret_access_key_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01Route53. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01Route53.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01Route53.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + region: str, + access_key_id: Optional[str] = None, + access_key_id_secret_ref: Optional['outputs.IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef'] = None, + hosted_zone_id: Optional[str] = None, + role: Optional[str] = None, + secret_access_key_secret_ref: Optional['outputs.IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef'] = None): + """ + Use the AWS Route53 API to manage DNS01 challenge records. + :param str region: Always set the region when using AccessKeyID and SecretAccessKey + :param str access_key_id: The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param 'IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRefArgs' access_key_id_secret_ref: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str hosted_zone_id: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + :param str role: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + :param 'IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRefArgs' secret_access_key_secret_ref: The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + pulumi.set(__self__, "region", region) + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if access_key_id_secret_ref is not None: + pulumi.set(__self__, "access_key_id_secret_ref", access_key_id_secret_ref) + if hosted_zone_id is not None: + pulumi.set(__self__, "hosted_zone_id", hosted_zone_id) + if role is not None: + pulumi.set(__self__, "role", role) + if secret_access_key_secret_ref is not None: + pulumi.set(__self__, "secret_access_key_secret_ref", secret_access_key_secret_ref) + + @property + @pulumi.getter + def region(self) -> str: + """ + Always set the region when using AccessKeyID and SecretAccessKey + """ + return pulumi.get(self, "region") + + @property + @pulumi.getter(name="accessKeyID") + def access_key_id(self) -> Optional[str]: + """ + The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id") + + @property + @pulumi.getter(name="accessKeyIDSecretRef") + def access_key_id_secret_ref(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef']: + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "access_key_id_secret_ref") + + @property + @pulumi.getter(name="hostedZoneID") + def hosted_zone_id(self) -> Optional[str]: + """ + If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + """ + return pulumi.get(self, "hosted_zone_id") + + @property + @pulumi.getter + def role(self) -> Optional[str]: + """ + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + """ + return pulumi.get(self, "role") + + @property + @pulumi.getter(name="secretAccessKeySecretRef") + def secret_access_key_secret_ref(self) -> Optional['outputs.IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef']: + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + return pulumi.get(self, "secret_access_key_secret_ref") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Route53AccessKeyIdsecretRef(dict): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef(dict): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecAcmeSolversDns01Webhook(dict): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupName": + suggest = "group_name" + elif key == "solverName": + suggest = "solver_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversDns01Webhook. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversDns01Webhook.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversDns01Webhook.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + group_name: str, + solver_name: str, + config: Optional[Mapping[str, Any]] = None): + """ + Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + :param str group_name: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + :param str solver_name: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + :param Mapping[str, Any] config: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + pulumi.set(__self__, "group_name", group_name) + pulumi.set(__self__, "solver_name", solver_name) + if config is not None: + pulumi.set(__self__, "config", config) + + @property + @pulumi.getter(name="groupName") + def group_name(self) -> str: + """ + The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + """ + return pulumi.get(self, "group_name") + + @property + @pulumi.getter(name="solverName") + def solver_name(self) -> str: + """ + The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + """ + return pulumi.get(self, "solver_name") + + @property + @pulumi.getter + def config(self) -> Optional[Mapping[str, Any]]: + """ + Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + """ + return pulumi.get(self, "config") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01(dict): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "gatewayHTTPRoute": + suggest = "gateway_http_route" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + gateway_http_route: Optional['outputs.IssuerSpecAcmeSolversHttp01GatewayHttproute'] = None, + ingress: Optional['outputs.IssuerSpecAcmeSolversHttp01Ingress'] = None): + """ + Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + :param 'IssuerSpecAcmeSolversHttp01GatewayHttprouteArgs' gateway_http_route: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param 'IssuerSpecAcmeSolversHttp01IngressArgs' ingress: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + if gateway_http_route is not None: + pulumi.set(__self__, "gateway_http_route", gateway_http_route) + if ingress is not None: + pulumi.set(__self__, "ingress", ingress) + + @property + @pulumi.getter(name="gatewayHTTPRoute") + def gateway_http_route(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01GatewayHttproute']: + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + return pulumi.get(self, "gateway_http_route") + + @property + @pulumi.getter + def ingress(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01Ingress']: + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + return pulumi.get(self, "ingress") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01GatewayHttproute(dict): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "parentRefs": + suggest = "parent_refs" + elif key == "serviceType": + suggest = "service_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01GatewayHttproute. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01GatewayHttproute.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01GatewayHttproute.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + labels: Optional[Mapping[str, str]] = None, + parent_refs: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs']] = None, + service_type: Optional[str] = None): + """ + The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + :param Mapping[str, str] labels: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + :param Sequence['IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefsArgs'] parent_refs: When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + :param str service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if labels is not None: + pulumi.set(__self__, "labels", labels) + if parent_refs is not None: + pulumi.set(__self__, "parent_refs", parent_refs) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter(name="parentRefs") + def parent_refs(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs']]: + """ + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + """ + return pulumi.get(self, "parent_refs") + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[str]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs(dict): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "sectionName": + suggest = "section_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01GatewayHttprouteParentRefs.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + name: str, + group: Optional[str] = None, + kind: Optional[str] = None, + namespace: Optional[str] = None, + port: Optional[int] = None, + section_name: Optional[str] = None): + """ + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + This API may be extended in the future to support additional kinds of parent resources. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + :param str name: Name is the name of the referent. + Support: Core + :param str group: Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + :param str kind: Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + :param str namespace: Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + :param int port: Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + :param str section_name: SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + pulumi.set(__self__, "name", name) + if group is None: + group = 'gateway.networking.k8s.io' + if group is not None: + pulumi.set(__self__, "group", group) + if kind is None: + kind = 'Gateway' + if kind is not None: + pulumi.set(__self__, "kind", kind) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if port is not None: + pulumi.set(__self__, "port", port) + if section_name is not None: + pulumi.set(__self__, "section_name", section_name) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name is the name of the referent. + Support: Core + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def group(self) -> Optional[str]: + """ + Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). + Support: Core + """ + return pulumi.get(self, "group") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind is kind of the referent. + There are two kinds of parent resources with "Core" support: + * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) + Support for other resources is Implementation-Specific. + """ + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def namespace(self) -> Optional[str]: + """ + Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. + Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. + ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. + ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. + Support: Core + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter + def port(self) -> Optional[int]: + """ + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + """ + return pulumi.get(self, "port") + + @property + @pulumi.getter(name="sectionName") + def section_name(self) -> Optional[str]: + """ + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + """ + return pulumi.get(self, "section_name") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01Ingress(dict): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "class": + suggest = "class_" + elif key == "ingressClassName": + suggest = "ingress_class_name" + elif key == "ingressTemplate": + suggest = "ingress_template" + elif key == "podTemplate": + suggest = "pod_template" + elif key == "serviceType": + suggest = "service_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01Ingress. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01Ingress.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01Ingress.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + class_: Optional[str] = None, + ingress_class_name: Optional[str] = None, + ingress_template: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressIngressTemplate'] = None, + name: Optional[str] = None, + pod_template: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplate'] = None, + service_type: Optional[str] = None): + """ + The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + :param str class_: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + :param str ingress_class_name: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + :param 'IssuerSpecAcmeSolversHttp01IngressIngressTemplateArgs' ingress_template: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param str name: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateArgs' pod_template: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param str service_type: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + if class_ is not None: + pulumi.set(__self__, "class_", class_) + if ingress_class_name is not None: + pulumi.set(__self__, "ingress_class_name", ingress_class_name) + if ingress_template is not None: + pulumi.set(__self__, "ingress_template", ingress_template) + if name is not None: + pulumi.set(__self__, "name", name) + if pod_template is not None: + pulumi.set(__self__, "pod_template", pod_template) + if service_type is not None: + pulumi.set(__self__, "service_type", service_type) + + @property + @pulumi.getter(name="class") + def class_(self) -> Optional[str]: + """ + This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "class_") + + @property + @pulumi.getter(name="ingressClassName") + def ingress_class_name(self) -> Optional[str]: + """ + This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "ingress_class_name") + + @property + @pulumi.getter(name="ingressTemplate") + def ingress_template(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressIngressTemplate']: + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + return pulumi.get(self, "ingress_template") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="podTemplate") + def pod_template(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplate']: + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + return pulumi.get(self, "pod_template") + + @property + @pulumi.getter(name="serviceType") + def service_type(self) -> Optional[str]: + """ + Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + """ + return pulumi.get(self, "service_type") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressIngressTemplate(dict): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + """ + def __init__(__self__, *, + metadata: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata'] = None): + """ + Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + :param 'IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadataArgs' metadata: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + + @property + @pulumi.getter + def metadata(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata']: + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata(dict): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + def __init__(__self__, *, + annotations: Optional[Mapping[str, str]] = None, + labels: Optional[Mapping[str, str]] = None): + """ + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param Mapping[str, str] annotations: Annotations that should be added to the created ACME HTTP01 solver ingress. + :param Mapping[str, str] labels: Labels that should be added to the created ACME HTTP01 solver ingress. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[Mapping[str, str]]: + """ + Annotations that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Labels that should be added to the created ACME HTTP01 solver ingress. + """ + return pulumi.get(self, "labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplate(dict): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + """ + def __init__(__self__, *, + metadata: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata'] = None, + spec: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec'] = None): + """ + Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadataArgs' metadata: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecArgs' spec: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if spec is not None: + pulumi.set(__self__, "spec", spec) + + @property + @pulumi.getter + def metadata(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata']: + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def spec(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec']: + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + return pulumi.get(self, "spec") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata(dict): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + """ + def __init__(__self__, *, + annotations: Optional[Mapping[str, str]] = None, + labels: Optional[Mapping[str, str]] = None): + """ + ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + :param Mapping[str, str] annotations: Annotations that should be added to the create ACME HTTP01 solver pods. + :param Mapping[str, str] labels: Labels that should be added to the created ACME HTTP01 solver pods. + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if labels is not None: + pulumi.set(__self__, "labels", labels) + + @property + @pulumi.getter + def annotations(self) -> Optional[Mapping[str, str]]: + """ + Annotations that should be added to the create ACME HTTP01 solver pods. + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def labels(self) -> Optional[Mapping[str, str]]: + """ + Labels that should be added to the created ACME HTTP01 solver pods. + """ + return pulumi.get(self, "labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec(dict): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "imagePullSecrets": + suggest = "image_pull_secrets" + elif key == "nodeSelector": + suggest = "node_selector" + elif key == "priorityClassName": + suggest = "priority_class_name" + elif key == "serviceAccountName": + suggest = "service_account_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + affinity: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity'] = None, + image_pull_secrets: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets']] = None, + node_selector: Optional[Mapping[str, str]] = None, + priority_class_name: Optional[str] = None, + service_account_name: Optional[str] = None, + tolerations: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations']] = None): + """ + PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityArgs' affinity: If specified, the pod's scheduling constraints + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecretsArgs'] image_pull_secrets: If specified, the pod's imagePullSecrets + :param Mapping[str, str] node_selector: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + :param str priority_class_name: If specified, the pod's priorityClassName. + :param str service_account_name: If specified, the pod's service account + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerationsArgs'] tolerations: If specified, the pod's tolerations. + """ + if affinity is not None: + pulumi.set(__self__, "affinity", affinity) + if image_pull_secrets is not None: + pulumi.set(__self__, "image_pull_secrets", image_pull_secrets) + if node_selector is not None: + pulumi.set(__self__, "node_selector", node_selector) + if priority_class_name is not None: + pulumi.set(__self__, "priority_class_name", priority_class_name) + if service_account_name is not None: + pulumi.set(__self__, "service_account_name", service_account_name) + if tolerations is not None: + pulumi.set(__self__, "tolerations", tolerations) + + @property + @pulumi.getter + def affinity(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity']: + """ + If specified, the pod's scheduling constraints + """ + return pulumi.get(self, "affinity") + + @property + @pulumi.getter(name="imagePullSecrets") + def image_pull_secrets(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets']]: + """ + If specified, the pod's imagePullSecrets + """ + return pulumi.get(self, "image_pull_secrets") + + @property + @pulumi.getter(name="nodeSelector") + def node_selector(self) -> Optional[Mapping[str, str]]: + """ + NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + """ + return pulumi.get(self, "node_selector") + + @property + @pulumi.getter(name="priorityClassName") + def priority_class_name(self) -> Optional[str]: + """ + If specified, the pod's priorityClassName. + """ + return pulumi.get(self, "priority_class_name") + + @property + @pulumi.getter(name="serviceAccountName") + def service_account_name(self) -> Optional[str]: + """ + If specified, the pod's service account + """ + return pulumi.get(self, "service_account_name") + + @property + @pulumi.getter + def tolerations(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations']]: + """ + If specified, the pod's tolerations. + """ + return pulumi.get(self, "tolerations") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity(dict): + """ + If specified, the pod's scheduling constraints + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "nodeAffinity": + suggest = "node_affinity" + elif key == "podAffinity": + suggest = "pod_affinity" + elif key == "podAntiAffinity": + suggest = "pod_anti_affinity" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + node_affinity: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity'] = None, + pod_affinity: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity'] = None, + pod_anti_affinity: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity'] = None): + """ + If specified, the pod's scheduling constraints + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityArgs' node_affinity: Describes node affinity scheduling rules for the pod. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityArgs' pod_affinity: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityArgs' pod_anti_affinity: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + if node_affinity is not None: + pulumi.set(__self__, "node_affinity", node_affinity) + if pod_affinity is not None: + pulumi.set(__self__, "pod_affinity", pod_affinity) + if pod_anti_affinity is not None: + pulumi.set(__self__, "pod_anti_affinity", pod_anti_affinity) + + @property + @pulumi.getter(name="nodeAffinity") + def node_affinity(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity']: + """ + Describes node affinity scheduling rules for the pod. + """ + return pulumi.get(self, "node_affinity") + + @property + @pulumi.getter(name="podAffinity") + def pod_affinity(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity']: + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_affinity") + + @property + @pulumi.getter(name="podAntiAffinity") + def pod_anti_affinity(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity']: + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + return pulumi.get(self, "pod_anti_affinity") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity(dict): + """ + Describes node affinity scheduling rules for the pod. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution'] = None): + """ + Describes node affinity scheduling rules for the pod. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs' required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution']: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + """ + def __init__(__self__, *, + preference: 'outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference', + weight: int): + """ + An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceArgs' preference: A node selector term, associated with the corresponding weight. + :param int weight: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + pulumi.set(__self__, "preference", preference) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter + def preference(self) -> 'outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference': + """ + A node selector term, associated with the corresponding weight. + """ + return pulumi.get(self, "preference") + + @property + @pulumi.getter + def weight(self) -> int: + """ + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(dict): + """ + A node selector term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchFields": + suggest = "match_fields" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions']] = None, + match_fields: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields']] = None): + """ + A node selector term, associated with the corresponding weight. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressionsArgs'] match_expressions: A list of node selector requirements by node's labels. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFieldsArgs'] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions']]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields']]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "nodeSelectorTerms": + suggest = "node_selector_terms" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + node_selector_terms: Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms']): + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsArgs'] node_selector_terms: Required. A list of node selector terms. The terms are ORed. + """ + pulumi.set(__self__, "node_selector_terms", node_selector_terms) + + @property + @pulumi.getter(name="nodeSelectorTerms") + def node_selector_terms(self) -> Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms']: + """ + Required. A list of node selector terms. The terms are ORed. + """ + return pulumi.get(self, "node_selector_terms") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(dict): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchFields": + suggest = "match_fields" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions']] = None, + match_fields: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields']] = None): + """ + A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressionsArgs'] match_expressions: A list of node selector requirements by node's labels. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFieldsArgs'] match_fields: A list of node selector requirements by node's fields. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_fields is not None: + pulumi.set(__self__, "match_fields", match_fields) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions']]: + """ + A list of node selector requirements by node's labels. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchFields") + def match_fields(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields']]: + """ + A list of node selector requirements by node's fields. + """ + return pulumi.get(self, "match_fields") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(dict): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: The label key that the selector applies to. + :param str operator: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + :param Sequence[str] values: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + The label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity(dict): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution']] = None): + """ + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution']]: + """ + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "podAffinityTerm": + suggest = "pod_affinity_term" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + pod_affinity_term: 'outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + weight: int): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs' pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param int weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> 'outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm': + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @property + @pulumi.getter + def weight(self) -> int: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(dict): + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(dict): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preferredDuringSchedulingIgnoredDuringExecution": + suggest = "preferred_during_scheduling_ignored_during_execution" + elif key == "requiredDuringSchedulingIgnoredDuringExecution": + suggest = "required_during_scheduling_ignored_during_execution" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + preferred_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution']] = None, + required_during_scheduling_ignored_during_execution: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution']] = None): + """ + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionArgs'] preferred_during_scheduling_ignored_during_execution: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionArgs'] required_during_scheduling_ignored_during_execution: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + if preferred_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "preferred_during_scheduling_ignored_during_execution", preferred_during_scheduling_ignored_during_execution) + if required_during_scheduling_ignored_during_execution is not None: + pulumi.set(__self__, "required_during_scheduling_ignored_during_execution", required_during_scheduling_ignored_during_execution) + + @property + @pulumi.getter(name="preferredDuringSchedulingIgnoredDuringExecution") + def preferred_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution']]: + """ + The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + """ + return pulumi.get(self, "preferred_during_scheduling_ignored_during_execution") + + @property + @pulumi.getter(name="requiredDuringSchedulingIgnoredDuringExecution") + def required_during_scheduling_ignored_during_execution(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution']]: + """ + If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + """ + return pulumi.get(self, "required_during_scheduling_ignored_during_execution") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(dict): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "podAffinityTerm": + suggest = "pod_affinity_term" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + pod_affinity_term: 'outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm', + weight: int): + """ + The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermArgs' pod_affinity_term: Required. A pod affinity term, associated with the corresponding weight. + :param int weight: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + pulumi.set(__self__, "pod_affinity_term", pod_affinity_term) + pulumi.set(__self__, "weight", weight) + + @property + @pulumi.getter(name="podAffinityTerm") + def pod_affinity_term(self) -> 'outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm': + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + return pulumi.get(self, "pod_affinity_term") + + @property + @pulumi.getter + def weight(self) -> int: + """ + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + """ + return pulumi.get(self, "weight") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(dict): + """ + Required. A pod affinity term, associated with the corresponding weight. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Required. A pod affinity term, associated with the corresponding weight. + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(dict): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "topologyKey": + suggest = "topology_key" + elif key == "labelSelector": + suggest = "label_selector" + elif key == "matchLabelKeys": + suggest = "match_label_keys" + elif key == "mismatchLabelKeys": + suggest = "mismatch_label_keys" + elif key == "namespaceSelector": + suggest = "namespace_selector" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + topology_key: str, + label_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector'] = None, + match_label_keys: Optional[Sequence[str]] = None, + mismatch_label_keys: Optional[Sequence[str]] = None, + namespace_selector: Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector'] = None, + namespaces: Optional[Sequence[str]] = None): + """ + Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + :param str topology_key: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorArgs' label_selector: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence[str] match_label_keys: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param Sequence[str] mismatch_label_keys: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + :param 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorArgs' namespace_selector: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence[str] namespaces: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + pulumi.set(__self__, "topology_key", topology_key) + if label_selector is not None: + pulumi.set(__self__, "label_selector", label_selector) + if match_label_keys is not None: + pulumi.set(__self__, "match_label_keys", match_label_keys) + if mismatch_label_keys is not None: + pulumi.set(__self__, "mismatch_label_keys", mismatch_label_keys) + if namespace_selector is not None: + pulumi.set(__self__, "namespace_selector", namespace_selector) + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + + @property + @pulumi.getter(name="topologyKey") + def topology_key(self) -> str: + """ + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + """ + return pulumi.get(self, "topology_key") + + @property + @pulumi.getter(name="labelSelector") + def label_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector']: + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + return pulumi.get(self, "label_selector") + + @property + @pulumi.getter(name="matchLabelKeys") + def match_label_keys(self) -> Optional[Sequence[str]]: + """ + MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "match_label_keys") + + @property + @pulumi.getter(name="mismatchLabelKeys") + def mismatch_label_keys(self) -> Optional[Sequence[str]]: + """ + MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + """ + return pulumi.get(self, "mismatch_label_keys") + + @property + @pulumi.getter(name="namespaceSelector") + def namespace_selector(self) -> Optional['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector']: + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + return pulumi.get(self, "namespace_selector") + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + """ + return pulumi.get(self, "namespaces") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(dict): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(dict): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "matchExpressions": + suggest = "match_expressions" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + match_expressions: Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + :param Sequence['IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressionsArgs'] match_expressions: matchExpressions is a list of label selector requirements. The requirements are ANDed. + :param Mapping[str, str] match_labels: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + if match_expressions is not None: + pulumi.set(__self__, "match_expressions", match_expressions) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="matchExpressions") + def match_expressions(self) -> Optional[Sequence['outputs.IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions']]: + """ + matchExpressions is a list of label selector requirements. The requirements are ANDed. + """ + return pulumi.get(self, "match_expressions") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(dict): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + """ + def __init__(__self__, *, + key: str, + operator: str, + values: Optional[Sequence[str]] = None): + """ + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + :param str key: key is the label key that the selector applies to. + :param str operator: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + :param Sequence[str] values: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "operator", operator) + if values is not None: + pulumi.set(__self__, "values", values) + + @property + @pulumi.getter + def key(self) -> str: + """ + key is the label key that the selector applies to. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> str: + """ + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter + def values(self) -> Optional[Sequence[str]]: + """ + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + """ + return pulumi.get(self, "values") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets(dict): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + """ + def __init__(__self__, *, + name: Optional[str] = None): + """ + LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + :param str name: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations(dict): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "tolerationSeconds": + suggest = "toleration_seconds" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + effect: Optional[str] = None, + key: Optional[str] = None, + operator: Optional[str] = None, + toleration_seconds: Optional[int] = None, + value: Optional[str] = None): + """ + The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + :param str effect: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + :param str key: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + :param str operator: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + :param int toleration_seconds: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + :param str value: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + if effect is not None: + pulumi.set(__self__, "effect", effect) + if key is not None: + pulumi.set(__self__, "key", key) + if operator is not None: + pulumi.set(__self__, "operator", operator) + if toleration_seconds is not None: + pulumi.set(__self__, "toleration_seconds", toleration_seconds) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def effect(self) -> Optional[str]: + """ + Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + """ + return pulumi.get(self, "effect") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def operator(self) -> Optional[str]: + """ + Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + """ + return pulumi.get(self, "operator") + + @property + @pulumi.getter(name="tolerationSeconds") + def toleration_seconds(self) -> Optional[int]: + """ + TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + """ + return pulumi.get(self, "toleration_seconds") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + """ + Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + """ + return pulumi.get(self, "value") + + +@pulumi.output_type +class IssuerSpecAcmeSolversSelector(dict): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "dnsNames": + suggest = "dns_names" + elif key == "dnsZones": + suggest = "dns_zones" + elif key == "matchLabels": + suggest = "match_labels" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecAcmeSolversSelector. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecAcmeSolversSelector.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecAcmeSolversSelector.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + dns_names: Optional[Sequence[str]] = None, + dns_zones: Optional[Sequence[str]] = None, + match_labels: Optional[Mapping[str, str]] = None): + """ + Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + :param Sequence[str] dns_names: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param Sequence[str] dns_zones: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + :param Mapping[str, str] match_labels: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + if dns_names is not None: + pulumi.set(__self__, "dns_names", dns_names) + if dns_zones is not None: + pulumi.set(__self__, "dns_zones", dns_zones) + if match_labels is not None: + pulumi.set(__self__, "match_labels", match_labels) + + @property + @pulumi.getter(name="dnsNames") + def dns_names(self) -> Optional[Sequence[str]]: + """ + List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_names") + + @property + @pulumi.getter(name="dnsZones") + def dns_zones(self) -> Optional[Sequence[str]]: + """ + List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + """ + return pulumi.get(self, "dns_zones") + + @property + @pulumi.getter(name="matchLabels") + def match_labels(self) -> Optional[Mapping[str, str]]: + """ + A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + """ + return pulumi.get(self, "match_labels") + + +@pulumi.output_type +class IssuerSpecCa(dict): + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "secretName": + suggest = "secret_name" + elif key == "crlDistributionPoints": + suggest = "crl_distribution_points" + elif key == "issuingCertificateURLs": + suggest = "issuing_certificate_urls" + elif key == "ocspServers": + suggest = "ocsp_servers" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecCa. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecCa.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecCa.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + secret_name: str, + crl_distribution_points: Optional[Sequence[str]] = None, + issuing_certificate_urls: Optional[Sequence[str]] = None, + ocsp_servers: Optional[Sequence[str]] = None): + """ + CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + :param str secret_name: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + :param Sequence[str] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + :param Sequence[str] issuing_certificate_urls: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + :param Sequence[str] ocsp_servers: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + pulumi.set(__self__, "secret_name", secret_name) + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + if issuing_certificate_urls is not None: + pulumi.set(__self__, "issuing_certificate_urls", issuing_certificate_urls) + if ocsp_servers is not None: + pulumi.set(__self__, "ocsp_servers", ocsp_servers) + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> str: + """ + SecretName is the name of the secret used to sign Certificates issued by this Issuer. + """ + return pulumi.get(self, "secret_name") + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[Sequence[str]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + """ + return pulumi.get(self, "crl_distribution_points") + + @property + @pulumi.getter(name="issuingCertificateURLs") + def issuing_certificate_urls(self) -> Optional[Sequence[str]]: + """ + IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + """ + return pulumi.get(self, "issuing_certificate_urls") + + @property + @pulumi.getter(name="ocspServers") + def ocsp_servers(self) -> Optional[Sequence[str]]: + """ + The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + """ + return pulumi.get(self, "ocsp_servers") + + +@pulumi.output_type +class IssuerSpecSelfSigned(dict): + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "crlDistributionPoints": + suggest = "crl_distribution_points" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecSelfSigned. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecSelfSigned.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecSelfSigned.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + crl_distribution_points: Optional[Sequence[str]] = None): + """ + SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + :param Sequence[str] crl_distribution_points: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + if crl_distribution_points is not None: + pulumi.set(__self__, "crl_distribution_points", crl_distribution_points) + + @property + @pulumi.getter(name="crlDistributionPoints") + def crl_distribution_points(self) -> Optional[Sequence[str]]: + """ + The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + """ + return pulumi.get(self, "crl_distribution_points") + + +@pulumi.output_type +class IssuerSpecVault(dict): + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "caBundle": + suggest = "ca_bundle" + elif key == "caBundleSecretRef": + suggest = "ca_bundle_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecVault. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecVault.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecVault.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + auth: 'outputs.IssuerSpecVaultAuth', + path: str, + server: str, + ca_bundle: Optional[str] = None, + ca_bundle_secret_ref: Optional['outputs.IssuerSpecVaultCaBundleSecretRef'] = None, + namespace: Optional[str] = None): + """ + Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + :param 'IssuerSpecVaultAuthArgs' auth: Auth configures how cert-manager authenticates with the Vault server. + :param str path: Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + :param str server: Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + :param str ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + :param 'IssuerSpecVaultCaBundleSecretRefArgs' ca_bundle_secret_ref: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param str namespace: Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + pulumi.set(__self__, "auth", auth) + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "server", server) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + if ca_bundle_secret_ref is not None: + pulumi.set(__self__, "ca_bundle_secret_ref", ca_bundle_secret_ref) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + + @property + @pulumi.getter + def auth(self) -> 'outputs.IssuerSpecVaultAuth': + """ + Auth configures how cert-manager authenticates with the Vault server. + """ + return pulumi.get(self, "auth") + + @property + @pulumi.getter + def path(self) -> str: + """ + Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + """ + return pulumi.get(self, "path") + + @property + @pulumi.getter + def server(self) -> str: + """ + Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + """ + return pulumi.get(self, "server") + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[str]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + """ + return pulumi.get(self, "ca_bundle") + + @property + @pulumi.getter(name="caBundleSecretRef") + def ca_bundle_secret_ref(self) -> Optional['outputs.IssuerSpecVaultCaBundleSecretRef']: + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + """ + return pulumi.get(self, "ca_bundle_secret_ref") + + @property + @pulumi.getter + def namespace(self) -> Optional[str]: + """ + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + """ + return pulumi.get(self, "namespace") + + +@pulumi.output_type +class IssuerSpecVaultAuth(dict): + """ + Auth configures how cert-manager authenticates with the Vault server. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "appRole": + suggest = "app_role" + elif key == "tokenSecretRef": + suggest = "token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecVaultAuth. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecVaultAuth.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecVaultAuth.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + app_role: Optional['outputs.IssuerSpecVaultAuthAppRole'] = None, + kubernetes: Optional['outputs.IssuerSpecVaultAuthKubernetes'] = None, + token_secret_ref: Optional['outputs.IssuerSpecVaultAuthTokenSecretRef'] = None): + """ + Auth configures how cert-manager authenticates with the Vault server. + :param 'IssuerSpecVaultAuthAppRoleArgs' app_role: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param 'IssuerSpecVaultAuthKubernetesArgs' kubernetes: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param 'IssuerSpecVaultAuthTokenSecretRefArgs' token_secret_ref: TokenSecretRef authenticates with Vault by presenting a token. + """ + if app_role is not None: + pulumi.set(__self__, "app_role", app_role) + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if token_secret_ref is not None: + pulumi.set(__self__, "token_secret_ref", token_secret_ref) + + @property + @pulumi.getter(name="appRole") + def app_role(self) -> Optional['outputs.IssuerSpecVaultAuthAppRole']: + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + """ + return pulumi.get(self, "app_role") + + @property + @pulumi.getter + def kubernetes(self) -> Optional['outputs.IssuerSpecVaultAuthKubernetes']: + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + """ + return pulumi.get(self, "kubernetes") + + @property + @pulumi.getter(name="tokenSecretRef") + def token_secret_ref(self) -> Optional['outputs.IssuerSpecVaultAuthTokenSecretRef']: + """ + TokenSecretRef authenticates with Vault by presenting a token. + """ + return pulumi.get(self, "token_secret_ref") + + +@pulumi.output_type +class IssuerSpecVaultAuthAppRole(dict): + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "roleId": + suggest = "role_id" + elif key == "secretRef": + suggest = "secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecVaultAuthAppRole. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecVaultAuthAppRole.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecVaultAuthAppRole.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + path: str, + role_id: str, + secret_ref: 'outputs.IssuerSpecVaultAuthAppRoleSecretRef'): + """ + AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + :param str path: Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + :param str role_id: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + :param 'IssuerSpecVaultAuthAppRoleSecretRefArgs' secret_ref: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + pulumi.set(__self__, "path", path) + pulumi.set(__self__, "role_id", role_id) + pulumi.set(__self__, "secret_ref", secret_ref) + + @property + @pulumi.getter + def path(self) -> str: + """ + Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + """ + return pulumi.get(self, "path") + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> str: + """ + RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + """ + return pulumi.get(self, "role_id") + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> 'outputs.IssuerSpecVaultAuthAppRoleSecretRef': + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + return pulumi.get(self, "secret_ref") + + +@pulumi.output_type +class IssuerSpecVaultAuthAppRoleSecretRef(dict): + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecVaultAuthKubernetes(dict): + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "mountPath": + suggest = "mount_path" + elif key == "secretRef": + suggest = "secret_ref" + elif key == "serviceAccountRef": + suggest = "service_account_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecVaultAuthKubernetes. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecVaultAuthKubernetes.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecVaultAuthKubernetes.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + role: str, + mount_path: Optional[str] = None, + secret_ref: Optional['outputs.IssuerSpecVaultAuthKubernetesSecretRef'] = None, + service_account_ref: Optional['outputs.IssuerSpecVaultAuthKubernetesServiceAccountRef'] = None): + """ + Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + :param str role: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + :param str mount_path: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + :param 'IssuerSpecVaultAuthKubernetesSecretRefArgs' secret_ref: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param 'IssuerSpecVaultAuthKubernetesServiceAccountRefArgs' service_account_ref: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + pulumi.set(__self__, "role", role) + if mount_path is not None: + pulumi.set(__self__, "mount_path", mount_path) + if secret_ref is not None: + pulumi.set(__self__, "secret_ref", secret_ref) + if service_account_ref is not None: + pulumi.set(__self__, "service_account_ref", service_account_ref) + + @property + @pulumi.getter + def role(self) -> str: + """ + A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + """ + return pulumi.get(self, "role") + + @property + @pulumi.getter(name="mountPath") + def mount_path(self) -> Optional[str]: + """ + The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + """ + return pulumi.get(self, "mount_path") + + @property + @pulumi.getter(name="secretRef") + def secret_ref(self) -> Optional['outputs.IssuerSpecVaultAuthKubernetesSecretRef']: + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + """ + return pulumi.get(self, "secret_ref") + + @property + @pulumi.getter(name="serviceAccountRef") + def service_account_ref(self) -> Optional['outputs.IssuerSpecVaultAuthKubernetesServiceAccountRef']: + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + return pulumi.get(self, "service_account_ref") + + +@pulumi.output_type +class IssuerSpecVaultAuthKubernetesSecretRef(dict): + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecVaultAuthKubernetesServiceAccountRef(dict): + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + """ + def __init__(__self__, *, + name: str): + """ + A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + :param str name: Name of the ServiceAccount used to request a token. + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the ServiceAccount used to request a token. + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class IssuerSpecVaultAuthTokenSecretRef(dict): + """ + TokenSecretRef authenticates with Vault by presenting a token. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + TokenSecretRef authenticates with Vault by presenting a token. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecVaultCaBundleSecretRef(dict): + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecVenafi(dict): + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + """ + def __init__(__self__, *, + zone: str, + cloud: Optional['outputs.IssuerSpecVenafiCloud'] = None, + tpp: Optional['outputs.IssuerSpecVenafiTpp'] = None): + """ + Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + :param str zone: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + :param 'IssuerSpecVenafiCloudArgs' cloud: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param 'IssuerSpecVenafiTppArgs' tpp: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + pulumi.set(__self__, "zone", zone) + if cloud is not None: + pulumi.set(__self__, "cloud", cloud) + if tpp is not None: + pulumi.set(__self__, "tpp", tpp) + + @property + @pulumi.getter + def zone(self) -> str: + """ + Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + """ + return pulumi.get(self, "zone") + + @property + @pulumi.getter + def cloud(self) -> Optional['outputs.IssuerSpecVenafiCloud']: + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "cloud") + + @property + @pulumi.getter + def tpp(self) -> Optional['outputs.IssuerSpecVenafiTpp']: + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + return pulumi.get(self, "tpp") + + +@pulumi.output_type +class IssuerSpecVenafiCloud(dict): + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "apiTokenSecretRef": + suggest = "api_token_secret_ref" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecVenafiCloud. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecVenafiCloud.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecVenafiCloud.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + api_token_secret_ref: 'outputs.IssuerSpecVenafiCloudApiTokenSecretRef', + url: Optional[str] = None): + """ + Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + :param 'IssuerSpecVenafiCloudApiTokenSecretRefArgs' api_token_secret_ref: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param str url: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + pulumi.set(__self__, "api_token_secret_ref", api_token_secret_ref) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="apiTokenSecretRef") + def api_token_secret_ref(self) -> 'outputs.IssuerSpecVenafiCloudApiTokenSecretRef': + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + """ + return pulumi.get(self, "api_token_secret_ref") + + @property + @pulumi.getter + def url(self) -> Optional[str]: + """ + URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + """ + return pulumi.get(self, "url") + + +@pulumi.output_type +class IssuerSpecVenafiCloudApiTokenSecretRef(dict): + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + """ + def __init__(__self__, *, + name: str, + key: Optional[str] = None): + """ + APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + :param str key: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def key(self) -> Optional[str]: + """ + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + """ + return pulumi.get(self, "key") + + +@pulumi.output_type +class IssuerSpecVenafiTpp(dict): + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "credentialsRef": + suggest = "credentials_ref" + elif key == "caBundle": + suggest = "ca_bundle" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerSpecVenafiTpp. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerSpecVenafiTpp.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerSpecVenafiTpp.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + credentials_ref: 'outputs.IssuerSpecVenafiTppCredentialsRef', + url: str, + ca_bundle: Optional[str] = None): + """ + TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + :param 'IssuerSpecVenafiTppCredentialsRefArgs' credentials_ref: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param str url: URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + :param str ca_bundle: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + pulumi.set(__self__, "credentials_ref", credentials_ref) + pulumi.set(__self__, "url", url) + if ca_bundle is not None: + pulumi.set(__self__, "ca_bundle", ca_bundle) + + @property + @pulumi.getter(name="credentialsRef") + def credentials_ref(self) -> 'outputs.IssuerSpecVenafiTppCredentialsRef': + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + """ + return pulumi.get(self, "credentials_ref") + + @property + @pulumi.getter + def url(self) -> str: + """ + URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + """ + return pulumi.get(self, "url") + + @property + @pulumi.getter(name="caBundle") + def ca_bundle(self) -> Optional[str]: + """ + Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + """ + return pulumi.get(self, "ca_bundle") + + +@pulumi.output_type +class IssuerSpecVenafiTppCredentialsRef(dict): + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + """ + def __init__(__self__, *, + name: str): + """ + CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + :param str name: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> str: + """ + Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class IssuerStatus(dict): + """ + Status of the Issuer. This is set and managed automatically. + """ + def __init__(__self__, *, + acme: Optional['outputs.IssuerStatusAcme'] = None, + conditions: Optional[Sequence['outputs.IssuerStatusConditions']] = None): + """ + Status of the Issuer. This is set and managed automatically. + :param 'IssuerStatusAcmeArgs' acme: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param Sequence['IssuerStatusConditionsArgs'] conditions: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + if acme is not None: + pulumi.set(__self__, "acme", acme) + if conditions is not None: + pulumi.set(__self__, "conditions", conditions) + + @property + @pulumi.getter + def acme(self) -> Optional['outputs.IssuerStatusAcme']: + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + """ + return pulumi.get(self, "acme") + + @property + @pulumi.getter + def conditions(self) -> Optional[Sequence['outputs.IssuerStatusConditions']]: + """ + List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + """ + return pulumi.get(self, "conditions") + + +@pulumi.output_type +class IssuerStatusAcme(dict): + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastPrivateKeyHash": + suggest = "last_private_key_hash" + elif key == "lastRegisteredEmail": + suggest = "last_registered_email" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerStatusAcme. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerStatusAcme.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerStatusAcme.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + last_private_key_hash: Optional[str] = None, + last_registered_email: Optional[str] = None, + uri: Optional[str] = None): + """ + ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + :param str last_private_key_hash: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param str last_registered_email: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + :param str uri: URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + if last_private_key_hash is not None: + pulumi.set(__self__, "last_private_key_hash", last_private_key_hash) + if last_registered_email is not None: + pulumi.set(__self__, "last_registered_email", last_registered_email) + if uri is not None: + pulumi.set(__self__, "uri", uri) + + @property + @pulumi.getter(name="lastPrivateKeyHash") + def last_private_key_hash(self) -> Optional[str]: + """ + LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_private_key_hash") + + @property + @pulumi.getter(name="lastRegisteredEmail") + def last_registered_email(self) -> Optional[str]: + """ + LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + """ + return pulumi.get(self, "last_registered_email") + + @property + @pulumi.getter + def uri(self) -> Optional[str]: + """ + URI is the unique account identifier, which can also be used to retrieve account details from the CA + """ + return pulumi.get(self, "uri") + + +@pulumi.output_type +class IssuerStatusConditions(dict): + """ + IssuerCondition contains condition information for an Issuer. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastTransitionTime": + suggest = "last_transition_time" + elif key == "observedGeneration": + suggest = "observed_generation" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IssuerStatusConditions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IssuerStatusConditions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IssuerStatusConditions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + status: str, + type: str, + last_transition_time: Optional[str] = None, + message: Optional[str] = None, + observed_generation: Optional[int] = None, + reason: Optional[str] = None): + """ + IssuerCondition contains condition information for an Issuer. + :param str status: Status of the condition, one of (`True`, `False`, `Unknown`). + :param str type: Type of the condition, known values are (`Ready`). + :param str last_transition_time: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + :param str message: Message is a human readable description of the details of the last transition, complementing reason. + :param int observed_generation: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + :param str reason: Reason is a brief machine readable explanation for the condition's last transition. + """ + pulumi.set(__self__, "status", status) + pulumi.set(__self__, "type", type) + if last_transition_time is not None: + pulumi.set(__self__, "last_transition_time", last_transition_time) + if message is not None: + pulumi.set(__self__, "message", message) + if observed_generation is not None: + pulumi.set(__self__, "observed_generation", observed_generation) + if reason is not None: + pulumi.set(__self__, "reason", reason) + + @property + @pulumi.getter + def status(self) -> str: + """ + Status of the condition, one of (`True`, `False`, `Unknown`). + """ + return pulumi.get(self, "status") + + @property + @pulumi.getter + def type(self) -> str: + """ + Type of the condition, known values are (`Ready`). + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter(name="lastTransitionTime") + def last_transition_time(self) -> Optional[str]: + """ + LastTransitionTime is the timestamp corresponding to the last status change of this condition. + """ + return pulumi.get(self, "last_transition_time") + + @property + @pulumi.getter + def message(self) -> Optional[str]: + """ + Message is a human readable description of the details of the last transition, complementing reason. + """ + return pulumi.get(self, "message") + + @property + @pulumi.getter(name="observedGeneration") + def observed_generation(self) -> Optional[int]: + """ + If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + """ + return pulumi.get(self, "observed_generation") + + @property + @pulumi.getter + def reason(self) -> Optional[str]: + """ + Reason is a brief machine readable explanation for the condition's last transition. + """ + return pulumi.get(self, "reason") + + diff --git a/sdk/python/pulumi_cert_manager_resources/meta/__init__.py b/sdk/python/pulumi_cert_manager_resources/meta/__init__.py new file mode 100644 index 0000000..10c0ecd --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/meta/__init__.py @@ -0,0 +1,14 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from .. import _utilities +import typing + +# Make subpackages available: +if typing.TYPE_CHECKING: + import pulumi_cert_manager_resources.meta.v1 as __v1 + v1 = __v1 +else: + v1 = _utilities.lazy_import('pulumi_cert_manager.meta.v1') + diff --git a/sdk/python/pulumi_cert_manager_resources/meta/v1/__init__.py b/sdk/python/pulumi_cert_manager_resources/meta/v1/__init__.py new file mode 100644 index 0000000..c6c2c03 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/meta/v1/__init__.py @@ -0,0 +1,8 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from ... import _utilities +import typing +from pulumi_kubernetes.meta.v1._inputs import * +import pulumi_kubernetes.meta.v1.outputs as outputs diff --git a/sdk/python/pulumi_cert_manager_resources/provider.py b/sdk/python/pulumi_cert_manager_resources/provider.py new file mode 100644 index 0000000..56d15af --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/provider.py @@ -0,0 +1,71 @@ +# coding=utf-8 +# *** WARNING: this file was generated by crd2pulumi. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities + +__all__ = ['ProviderArgs', 'Provider'] + +@pulumi.input_type +class ProviderArgs: + def __init__(__self__): + """ + The set of arguments for constructing a Provider resource. + """ + pass + + +class Provider(pulumi.ProviderResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + __props__=None): + """ + Create a Crds resource with the given unique name, props, and options. + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[ProviderArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Create a Crds resource with the given unique name, props, and options. + :param str resource_name: The name of the resource. + :param ProviderArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(ProviderArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = ProviderArgs.__new__(ProviderArgs) + + super(Provider, __self__).__init__( + 'cert_manager', + resource_name, + __props__, + opts) + diff --git a/sdk/python/pulumi_cert_manager_resources/pulumi-plugin.json b/sdk/python/pulumi_cert_manager_resources/pulumi-plugin.json new file mode 100644 index 0000000..b01a161 --- /dev/null +++ b/sdk/python/pulumi_cert_manager_resources/pulumi-plugin.json @@ -0,0 +1,4 @@ +{ + "resource": true, + "name": "cert_manager" +} diff --git a/sdk/python/pulumi_cert_manager_resources/py.typed b/sdk/python/pulumi_cert_manager_resources/py.typed new file mode 100644 index 0000000..e69de29 diff --git a/sdk/python/pyproject.toml b/sdk/python/pyproject.toml index 3478b28..a143349 100644 --- a/sdk/python/pyproject.toml +++ b/sdk/python/pyproject.toml @@ -20,3 +20,4 @@ [tool.setuptools] [tool.setuptools.package-data] pulumi_kubernetes_cert_manager = ["py.typed", "pulumi-plugin.json"] + pulumi_cert_manager_resources = ["py.typed", "pulumi-plugin.json"]