certificate.tls *************** .. include:: template.service.certificate.tls.example .. _certificate.tls.certificate_chain_filename: :kw:`certificate_chain_filename` ================================ ================= ================================================================ **scopable** True **required** False **provisioning** False **default** None **inheritance** leaf > head **scope order** specific > generic ================= ================================================================ Local filesystem data source of the TLS certificate chain. .. _certificate.tls.certificate_chain_inline_string: :kw:`certificate_chain_inline_string` ===================================== ================= ================================================================ **scopable** True **required** False **provisioning** False **default** None **inheritance** leaf > head **scope order** specific > generic ================= ================================================================ String inlined data source of the TLS certificate chain. .. _certificate.tls.certificate_secret: :kw:`certificate_secret` ======================== ================= ================================================================ **scopable** True **required** False **provisioning** False **default** None **inheritance** leaf > head **scope order** specific > generic ================= ================================================================ The name of the secret object name hosting the certificate files. The secret must have the certificate_chain and server_key keys set. This setting makes the certificate served to envoy via the secret discovery service, which allows its live rotation. .. _certificate.tls.private_key_filename: :kw:`private_key_filename` ========================== ================= ================================================================ **scopable** True **required** False **provisioning** False **default** None **inheritance** leaf > head **scope order** specific > generic ================= ================================================================ Local filesystem data source of the TLS private key. .. _certificate.tls.private_key_inline_string: :kw:`private_key_inline_string` =============================== ================= ================================================================ **scopable** True **required** False **provisioning** False **default** None **inheritance** leaf > head **scope order** specific > generic ================= ================================================================ String inlined filesystem data source of the TLS private key. A reference to a secret for example. .. _certificate.tls.validation_secret: :kw:`validation_secret` ======================= ================= ================================================================ **scopable** True **required** False **provisioning** False **default** None **inheritance** leaf > head **scope order** specific > generic ================= ================================================================ The name of the secret object name hosting the certificate autority files for certificate_secret validation. The secret must have the trusted_ca and verify_certificate_hash keys set. This setting makes the validation data served to envoy via the secret discovery service, which allows certificates live rotation. .. _certificate.tls.comment: :kw:`comment` ============= ================= ================================================================ **scopable** False **required** False **provisioning** False **default** **inheritance** leaf > head **scope order** specific > generic ================= ================================================================ Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.