apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: ybcertificates.operator.yugabyte.io
spec:
  group: operator.yugabyte.io
  scope: Namespaced
  names:
    plural: ybcertificates
    singular: ybcertificate
    kind: YBCertificate
    categories:
    - all
    - yugabyte
  versions:
  - name: v1alpha1
    subresources:
      status: {}
    served: true
    storage: true
    schema:
      openAPIV3Schema:
        description: 'Custom resource definition for YugabyteDB certificate management
          configuration.

          '
        type: object
        properties:
          status:
            description: 'Certificate management status for the YBCertificate custom
              resource.

              '
            type: object
            properties:
              message:
                description: String log message from certificate controller.
                type: string
              success:
                description: 'Boolean indicating if the certificate configuration
                  was successfully created.

                  '
                type: boolean
              resourceUUID:
                description: Internal UUID of the certificate configuration resource.
                type: string
          spec:
            type: object
            description: 'Specification for the YBCertificate resource. Required fields:
              certType, certificateSecretRef

              '
            required:
            - certType
            - certificateSecretRef
            properties:
              certType:
                description: Type of certificate configuration to be created. Allowed
                  values - SELF_SIGNED, K8S_CERT_MANAGER
                type: string
                enum:
                - SELF_SIGNED
                - K8S_CERT_MANAGER
                x-kubernetes-validations:
                - rule: self in ['SELF_SIGNED', 'K8S_CERT_MANAGER']
                  message: certType must be either SELF_SIGNED or K8S_CERT_MANAGER
              certificateSecretRef:
                description: 'Secret reference containing certificate and key content.

                  For SELF_SIGNED: secret must contain both ''ca.crt'' and ''ca.key''

                  For K8S_CERT_MANAGER: secret must contain ''ca.crt''

                  Recommended to use type: "tls" for better Kubernetes integration

                  '
                type: object
                required:
                - name
                properties:
                  name:
                    type: string
                    description: Name of the secret (required)
                    x-kubernetes-validations:
                    - rule: self.size() > 0
                      message: name cannot be empty
                  namespace:
                    type: string
                    description: 'Namespace of the secret (optional, defaults to the
                      namespace

                      where the YBCertificate is created)

                      '
                    x-kubernetes-validations:
                    - rule: self.size() > 0
                      message: name cannot be empty