A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in spec.secretName. The stored certificate will be renewed before it expires (as configured by spec.renewBefore).

A CertificateRequest is used to request a signed certificate from one of the configured issuers. All fields within the CertificateRequest's spec are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its status.state field. A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used.

A ClusterIssuer represents a certificate issuing authority which can be referenced as part of issuerRef fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in any namespace, not just the same namespace as the referent.

An Issuer represents a certificate issuing authority which can be referenced as part of issuerRef fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace.

Desired state of the Issuer or ClusterIssuer resource.

Status of the Issuer or ClusterIssuer. This is set and managed automatically.

A reference to a specific 'key' within a Secret resource. In some instances, key is a required field.

An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided.