@intentius/chant-lexicon-k8s 0.1.21 → 0.1.23

package/dist/integrity.json

@@ -1,9 +1,9 @@
 {
   "algorithm": "sha256",
   "artifacts": {
-    "manifest.json": "f40fc25f533fecde7d6d15bac92e1ba8317cda2b870af8c5a8615118794a49cf",
-    "meta.json": "4b5a8e54681b5968490520a0e166d8d4c14448e404bd6f1d890311a5425a348a",
-    "types/index.d.ts": "d4bb24d2e60e97dcc25d5c902b14a87ce34f2ba9c0ca6fc520bb908e9901609d",
+    "manifest.json": "a40500a319710239828776b5e04b46374aeb39f60313b0cb3f9770d9bc844d8c",
+    "meta.json": "8e9c0279eb8666c8b181897a55f614c7e803fed6fc6cb549249d8f998aa764d2",
+    "types/index.d.ts": "7eb3017762f49faa57dae1d71f3e77a08e52ac8fc7eeab192cba4e981b7efed6",
     "rules/argo-appset-single-project.ts": "afa9f310753aa2d475f35012b13135b2dfaebed2a35d44edbe185ebc07673674",
     "rules/argo-ast.ts": "f57b7d84fef9c9cd326a7cad0dff290914e01299415d64bdab48e2f6eb4181c3",
     "rules/argo-automated-prune.ts": "176ac5441c3ccb7106a194abab3abe22fd8a29f976716761c66c243b72d57b14",
@@ -50,5 +50,5 @@
     "skills/chant-k8s-aks.md": "e18f0e2b055f72cd7a37deaf258d7027c2d4d3e286e8fd4975b27a1f981a3ad9",
     "skills/chant-k8s-argo.md": "b1a0b826559d8c5033a479c5781efaf650320f0aee4419d8841170bd3393cea5"
   },
-  "composite": "37fec7d459f6ae28828bef835c044a6697cdacb752f128b1f36345fe130b6753"
+  "composite": "2aaafe56e3fec2c11f54aacbc10457a680b4b06216f9da5ec80b9e1376fbaf32"
 }

package/dist/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "k8s",
-  "version": "0.1.21",
+  "version": "0.1.23",
   "chantVersion": ">=0.1.0",
   "namespace": "K8s",
   "intrinsics": [],

package/dist/meta.json

@@ -41,6 +41,11 @@
     "apiVersion": "v1",
     "gvkKind": "APIVersions"
   },
+  "AdditionalOutputFormat": {
+    "resourceType": "K8s::CertManager::Certificate.additionalOutputFormats",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Address": {
     "resourceType": "K8s::Gateway::Gateway.addresses",
     "kind": "property",
@@ -255,6 +260,25 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Certificate": {
+    "resourceType": "K8s::CertManager::Certificate",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "Certificate"
+  },
+  "CertificateRequest": {
+    "resourceType": "K8s::CertManager::CertificateRequest",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "CertificateRequest"
+  },
+  "CertificateRequest_IssuerRef": {
+    "resourceType": "K8s::CertManager::CertificateRequest.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "CertificateSigningRequest": {
     "resourceType": "K8s::Certificates::CertificateSigningRequest",
     "kind": "resource",
@@ -269,6 +293,95 @@
     "apiVersion": "certificates.k8s.io/v1",
     "gvkKind": "CertificateSigningRequestList"
   },
+  "Certificate_AdditionalOutputFormat": {
+    "resourceType": "K8s::CertManager::Certificate.additionalOutputFormats",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_IssuerRef": {
+    "resourceType": "K8s::CertManager::Certificate.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_Keystores": {
+    "resourceType": "K8s::CertManager::Certificate.keystores",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_NameConstraints": {
+    "resourceType": "K8s::CertManager::Certificate.nameConstraints",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_OtherName": {
+    "resourceType": "K8s::CertManager::Certificate.otherNames",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_PrivateKey": {
+    "resourceType": "K8s::CertManager::Certificate.privateKey",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_SecretTemplate": {
+    "resourceType": "K8s::CertManager::Certificate.secretTemplate",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_Subject": {
+    "resourceType": "K8s::CertManager::Certificate.subject",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Challenge": {
+    "resourceType": "K8s::Acme::Challenge",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "acme.cert-manager.io/v1",
+    "gvkKind": "Challenge"
+  },
+  "Challenge_IssuerRef": {
+    "resourceType": "K8s::Acme::Challenge.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Challenge_Solver": {
+    "resourceType": "K8s::Acme::Challenge.solver",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer": {
+    "resourceType": "K8s::CertManager::ClusterIssuer",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "ClusterIssuer"
+  },
+  "ClusterIssuer_Acme": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.acme",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_Ca": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.ca",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_SelfSigned": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.selfSigned",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_Vault": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.vault",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_Venafi": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.venafi",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "ClusterResourceBlacklist": {
     "resourceType": "K8s::Argo::AppProject.clusterResourceBlacklist",
     "kind": "property",
@@ -870,6 +983,38 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Issuer": {
+    "resourceType": "K8s::CertManager::Issuer",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "Issuer"
+  },
+  "Issuer_Acme": {
+    "resourceType": "K8s::CertManager::Issuer.acme",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_Ca": {
+    "resourceType": "K8s::CertManager::Issuer.ca",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_SelfSigned": {
+    "resourceType": "K8s::CertManager::Issuer.selfSigned",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_Vault": {
+    "resourceType": "K8s::CertManager::Issuer.vault",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_Venafi": {
+    "resourceType": "K8s::CertManager::Issuer.venafi",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Job": {
     "resourceType": "K8s::Batch::Job",
     "kind": "resource",
@@ -894,6 +1039,11 @@
       }
     }
   },
+  "Keystores": {
+    "resourceType": "K8s::CertManager::Certificate.keystores",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "LabelSelector": {
     "resourceType": "K8s::Meta::LabelSelector",
     "kind": "property",
@@ -975,6 +1125,11 @@
     "apiVersion": "v1",
     "gvkKind": "Namespace"
   },
+  "NameConstraints": {
+    "resourceType": "K8s::CertManager::Certificate.nameConstraints",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Namespace": {
     "resourceType": "K8s::Core::Namespace",
     "kind": "resource",
@@ -1077,11 +1232,28 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Order": {
+    "resourceType": "K8s::Acme::Order",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "acme.cert-manager.io/v1",
+    "gvkKind": "Order"
+  },
+  "Order_IssuerRef": {
+    "resourceType": "K8s::Acme::Order.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "OrphanedResources": {
     "resourceType": "K8s::Argo::AppProject.orphanedResources",
     "kind": "property",
     "lexicon": "k8s"
   },
+  "OtherName": {
+    "resourceType": "K8s::CertManager::Certificate.otherNames",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "PDB": {
     "resourceType": "K8s::Policy::PodDisruptionBudget",
     "kind": "resource",
@@ -1273,6 +1445,11 @@
     "apiVersion": "flowcontrol.apiserver.k8s.io/v1",
     "gvkKind": "PriorityLevelConfigurationList"
   },
+  "PrivateKey": {
+    "resourceType": "K8s::CertManager::Certificate.privateKey",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Probe": {
     "resourceType": "K8s::Core::Probe",
     "kind": "property",
@@ -1589,6 +1766,11 @@
     "apiVersion": "v1",
     "gvkKind": "SecretList"
   },
+  "SecretTemplate": {
+    "resourceType": "K8s::CertManager::Certificate.secretTemplate",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "SecurityContext": {
     "resourceType": "K8s::Core::SecurityContext",
     "kind": "property",
@@ -1698,6 +1880,11 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Solver": {
+    "resourceType": "K8s::Acme::Challenge.solver",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Source": {
     "resourceType": "K8s::Argo::Application.source",
     "kind": "property",

package/dist/types/index.d.ts

@@ -134,6 +134,30 @@ export declare class Binding {
   readonly uid: string;
 }
 
+export declare class Certificate {
+  constructor(props: {
+    metadata?: Record<string, unknown>;
+    /** Specification of the desired state of the Certificate resource.
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status */
+    spec?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
+export declare class CertificateRequest {
+  constructor(props: {
+    metadata?: Record<string, unknown>;
+    /** Specification of the desired state of the CertificateRequest resource.
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status */
+    spec?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class CertificateSigningRequest {
   constructor(props: {
     /** spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users. */
@@ -156,6 +180,27 @@ export declare class CertificateSigningRequestList {
   readonly uid: string;
 }
 
+export declare class Challenge {
+  constructor(props: {
+    metadata: Record<string, unknown>;
+    spec: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
+export declare class ClusterIssuer {
+  constructor(props: {
+    /** Desired state of the ClusterIssuer resource. */
+    spec: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class ClusterRole {
   constructor(props: {
     /** AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller. */
@@ -919,6 +964,17 @@ export declare class IPAddressList {
   readonly uid: string;
 }
 
+export declare class Issuer {
+  constructor(props: {
+    /** Desired state of the Issuer resource. */
+    spec: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class Job {
   constructor(props: {
     /** Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */
@@ -1123,6 +1179,16 @@ export declare class NS {
   readonly uid: string;
 }
 
+export declare class Order {
+  constructor(props: {
+    metadata: Record<string, unknown>;
+    spec: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class PDB {
   constructor(props: {
     /** Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@intentius/chant-lexicon-k8s",
-  "version": "0.1.21",
+  "version": "0.1.23",
   "description": "Kubernetes lexicon for chant — declarative IaC in TypeScript",
   "license": "Apache-2.0",
   "homepage": "https://intentius.io/chant",

package/src/composites/composites.test.ts

@@ -1486,6 +1486,8 @@ describe("SecureIngress", () => {
   test("creates certificate when clusterIssuer set", () => {
     const result = SecureIngress({ ...minProps, clusterIssuer: "letsencrypt-prod" });
     expect(result.certificate).toBeDefined();
+    // A real cert-manager Certificate, not the former Ingress-proxy placeholder.
+    expect(result.certificate!.constructor.name).toBe("Certificate");
     const certSpec = p(result.certificate!).spec as any;
     expect(certSpec.issuerRef.name).toBe("letsencrypt-prod");
     expect(certSpec.dnsNames).toEqual(["app.example.com"]);

package/src/composites/secure-ingress.ts

@@ -6,7 +6,7 @@
  */
 
 import { Composite, mergeDefaults } from "@intentius/chant";
-import { Ingress } from "../generated";
+import { Ingress, Certificate } from "../generated";
 
 export interface SecureIngressHost {
   /** Hostname (e.g., "api.example.com"). */
@@ -44,7 +44,7 @@ export interface SecureIngressProps {
 
 export interface SecureIngressResult {
   ingress: InstanceType<typeof Ingress>;
-  certificate?: InstanceType<typeof Ingress>; // CRD — use Ingress as proxy Declarable
+  certificate?: InstanceType<typeof Certificate>; // cert-manager.io/v1 Certificate
 }
 
 /**
@@ -135,8 +135,10 @@ export const SecureIngress = Composite<SecureIngressProps>((props) => {
   const result: Record<string, any> = { ingress };
 
   if (clusterIssuer) {
-    // Certificate is a CRD — use Ingress constructor as a generic Declarable wrapper
-    result.certificate = new Ingress(mergeDefaults({
+    // A real cert-manager Certificate (the ingress-shim annotation on the Ingress
+    // above is also set, so either path issues the cert; the explicit resource
+    // makes the cert lifecycle declarable).
+    result.certificate = new Certificate(mergeDefaults({
       metadata: {
         name: secretName,
         ...(namespace && { namespace }),

package/src/crd/crd-sources.ts

@@ -74,6 +74,25 @@ const GATEWAY_API_CRD_BASE = `https://raw.githubusercontent.com/kubernetes-sigs/
 const COCKROACH_OPERATOR_VERSION = "v2.17.0";
 const COCKROACH_OPERATOR_CRD_BASE = `https://raw.githubusercontent.com/cockroachdb/cockroach-operator/${COCKROACH_OPERATOR_VERSION}/config/crd/bases`;
 
+/**
+ * cert-manager CRDs — cert-manager.io + acme.cert-manager.io
+ *
+ * The de-facto TLS cert issuance/rotation controller. A single multi-doc bundle
+ * (the parser uses loadAll) produces, under the `CertManager` and `Acme`
+ * namespaces (first-segment rule; "cert-manager.io" → "CertManager"):
+ *   K8s::CertManager::Certificate         → cert-manager.io/v1
+ *   K8s::CertManager::CertificateRequest  → cert-manager.io/v1
+ *   K8s::CertManager::Issuer              → cert-manager.io/v1
+ *   K8s::CertManager::ClusterIssuer       → cert-manager.io/v1
+ *   K8s::Acme::Challenge                  → acme.cert-manager.io/v1
+ *   K8s::Acme::Order                      → acme.cert-manager.io/v1
+ *
+ * Controller install: kubectl apply -f
+ *   https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml
+ */
+const CERT_MANAGER_VERSION = "v1.16.2";
+const CERT_MANAGER_CRD_BUNDLE = `https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.crds.yaml`;
+
 export const CRD_SOURCES: CRDSource[] = [
   { type: "url", url: `${KUBERAY_CRD_BASE}/ray.io_rayclusters.yaml` },
   { type: "url", url: `${KUBERAY_CRD_BASE}/ray.io_rayjobs.yaml` },
@@ -87,4 +106,5 @@ export const CRD_SOURCES: CRDSource[] = [
   { type: "url", url: `${GATEWAY_API_CRD_BASE}/gateway.networking.k8s.io_grpcroutes.yaml` },
   { type: "url", url: `${GATEWAY_API_CRD_BASE}/gateway.networking.k8s.io_referencegrants.yaml` },
   { type: "url", url: `${COCKROACH_OPERATOR_CRD_BASE}/crdb.cockroachlabs.com_crdbclusters.yaml` },
+  { type: "url", url: CERT_MANAGER_CRD_BUNDLE },
 ];

package/src/generated/index.d.ts

@@ -134,6 +134,30 @@ export declare class Binding {
   readonly uid: string;
 }
 
+export declare class Certificate {
+  constructor(props: {
+    metadata?: Record<string, unknown>;
+    /** Specification of the desired state of the Certificate resource.
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status */
+    spec?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
+export declare class CertificateRequest {
+  constructor(props: {
+    metadata?: Record<string, unknown>;
+    /** Specification of the desired state of the CertificateRequest resource.
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status */
+    spec?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class CertificateSigningRequest {
   constructor(props: {
     /** spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users. */
@@ -156,6 +180,27 @@ export declare class CertificateSigningRequestList {
   readonly uid: string;
 }
 
+export declare class Challenge {
+  constructor(props: {
+    metadata: Record<string, unknown>;
+    spec: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
+export declare class ClusterIssuer {
+  constructor(props: {
+    /** Desired state of the ClusterIssuer resource. */
+    spec: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class ClusterRole {
   constructor(props: {
     /** AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller. */
@@ -919,6 +964,17 @@ export declare class IPAddressList {
   readonly uid: string;
 }
 
+export declare class Issuer {
+  constructor(props: {
+    /** Desired state of the Issuer resource. */
+    spec: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class Job {
   constructor(props: {
     /** Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */
@@ -1123,6 +1179,16 @@ export declare class NS {
   readonly uid: string;
 }
 
+export declare class Order {
+  constructor(props: {
+    metadata: Record<string, unknown>;
+    spec: Record<string, unknown>;
+  });
+  readonly name: string;
+  readonly namespace: string;
+  readonly uid: string;
+}
+
 export declare class PDB {
   constructor(props: {
     /** Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */

package/src/generated/index.ts

@@ -12,8 +12,12 @@ export const ApplicationSet = createResource("K8s::Argo::ApplicationSet", "k8s",
 export const AppProject = createResource("K8s::Argo::AppProject", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const BatchJob = createResource("K8s::Batch::Job", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const Binding = createResource("K8s::Core::Binding", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
+export const Certificate = createResource("K8s::CertManager::Certificate", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
+export const CertificateRequest = createResource("K8s::CertManager::CertificateRequest", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const CertificateSigningRequest = createResource("K8s::Certificates::CertificateSigningRequest", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const CertificateSigningRequestList = createResource("K8s::Certificates::CertificateSigningRequestList", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
+export const Challenge = createResource("K8s::Acme::Challenge", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
+export const ClusterIssuer = createResource("K8s::CertManager::ClusterIssuer", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const ClusterRole = createResource("K8s::Rbac::ClusterRole", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const ClusterRoleBinding = createResource("K8s::Rbac::ClusterRoleBinding", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const ClusterRoleBindingList = createResource("K8s::Rbac::ClusterRoleBindingList", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
@@ -70,6 +74,7 @@ export const IngressClassList = createResource("K8s::Networking::IngressClassLis
 export const IngressList = createResource("K8s::Networking::IngressList", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const IPAddress = createResource("K8s::Networking::IPAddress", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const IPAddressList = createResource("K8s::Networking::IPAddressList", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
+export const Issuer = createResource("K8s::CertManager::Issuer", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const Job = createResource("K8s::Batch::Job", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const JobList = createResource("K8s::Batch::JobList", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const Lease = createResource("K8s::Coordination::Lease", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
@@ -87,6 +92,7 @@ export const NetworkPolicyList = createResource("K8s::Networking::NetworkPolicyL
 export const Node = createResource("K8s::Core::Node", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const NodeList = createResource("K8s::Core::NodeList", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const NS = createResource("K8s::Core::Namespace", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
+export const Order = createResource("K8s::Acme::Order", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const PDB = createResource("K8s::Policy::PodDisruptionBudget", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const PersistentVolume = createResource("K8s::Core::PersistentVolume", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
 export const PersistentVolumeClaim = createResource("K8s::Core::PersistentVolumeClaim", "k8s", {"name":"name","namespace":"namespace","uid":"uid"});
@@ -185,6 +191,22 @@ export const AppProject_Role = createProperty("K8s::Argo::AppProject.roles", "k8
 export const AppProject_SignatureKey = createProperty("K8s::Argo::AppProject.signatureKeys", "k8s");
 export const AppProject_SyncWindow = createProperty("K8s::Argo::AppProject.syncWindows", "k8s");
 export const Capabilities = createProperty("K8s::Core::Capabilities", "k8s");
+export const Certificate_AdditionalOutputFormat = createProperty("K8s::CertManager::Certificate.additionalOutputFormats", "k8s");
+export const Certificate_IssuerRef = createProperty("K8s::CertManager::Certificate.issuerRef", "k8s");
+export const Certificate_Keystores = createProperty("K8s::CertManager::Certificate.keystores", "k8s");
+export const Certificate_NameConstraints = createProperty("K8s::CertManager::Certificate.nameConstraints", "k8s");
+export const Certificate_OtherName = createProperty("K8s::CertManager::Certificate.otherNames", "k8s");
+export const Certificate_PrivateKey = createProperty("K8s::CertManager::Certificate.privateKey", "k8s");
+export const Certificate_SecretTemplate = createProperty("K8s::CertManager::Certificate.secretTemplate", "k8s");
+export const Certificate_Subject = createProperty("K8s::CertManager::Certificate.subject", "k8s");
+export const CertificateRequest_IssuerRef = createProperty("K8s::CertManager::CertificateRequest.issuerRef", "k8s");
+export const Challenge_IssuerRef = createProperty("K8s::Acme::Challenge.issuerRef", "k8s");
+export const Challenge_Solver = createProperty("K8s::Acme::Challenge.solver", "k8s");
+export const ClusterIssuer_Acme = createProperty("K8s::CertManager::ClusterIssuer.acme", "k8s");
+export const ClusterIssuer_Ca = createProperty("K8s::CertManager::ClusterIssuer.ca", "k8s");
+export const ClusterIssuer_SelfSigned = createProperty("K8s::CertManager::ClusterIssuer.selfSigned", "k8s");
+export const ClusterIssuer_Vault = createProperty("K8s::CertManager::ClusterIssuer.vault", "k8s");
+export const ClusterIssuer_Venafi = createProperty("K8s::CertManager::ClusterIssuer.venafi", "k8s");
 export const ConfigMapKeySelector = createProperty("K8s::Core::ConfigMapKeySelector", "k8s");
 export const Container = createProperty("K8s::Core::Container", "k8s");
 export const ContainerPort = createProperty("K8s::Core::ContainerPort", "k8s");
@@ -218,6 +240,11 @@ export const IngressBackend = createProperty("K8s::Networking::IngressBackend",
 export const IngressRule = createProperty("K8s::Networking::IngressRule", "k8s");
 export const IngressServiceBackend = createProperty("K8s::Networking::IngressServiceBackend", "k8s");
 export const IngressTLS = createProperty("K8s::Networking::IngressTLS", "k8s");
+export const Issuer_Acme = createProperty("K8s::CertManager::Issuer.acme", "k8s");
+export const Issuer_Ca = createProperty("K8s::CertManager::Issuer.ca", "k8s");
+export const Issuer_SelfSigned = createProperty("K8s::CertManager::Issuer.selfSigned", "k8s");
+export const Issuer_Vault = createProperty("K8s::CertManager::Issuer.vault", "k8s");
+export const Issuer_Venafi = createProperty("K8s::CertManager::Issuer.venafi", "k8s");
 export const KeyToPath = createProperty("K8s::Core::KeyToPath", "k8s");
 export const LabelSelector = createProperty("K8s::Meta::LabelSelector", "k8s");
 export const LabelSelectorRequirement = createProperty("K8s::Meta::LabelSelectorRequirement", "k8s");
@@ -229,6 +256,7 @@ export const NetworkPolicyPeer = createProperty("K8s::Networking::NetworkPolicyP
 export const NetworkPolicyPort = createProperty("K8s::Networking::NetworkPolicyPort", "k8s");
 export const ObjectMeta = createProperty("K8s::Meta::ObjectMeta", "k8s");
 export const ObjectReference = createProperty("K8s::Core::ObjectReference", "k8s");
+export const Order_IssuerRef = createProperty("K8s::Acme::Order.issuerRef", "k8s");
 export const PersistentVolumeClaimSpec = createProperty("K8s::Core::PersistentVolumeClaimSpec", "k8s");
 export const PodDisruptionBudgetSpec = createProperty("K8s::Policy::PodDisruptionBudgetSpec", "k8s");
 export const PodSecurityContext = createProperty("K8s::Core::PodSecurityContext", "k8s");

package/src/generated/lexicon-k8s.json

@@ -41,6 +41,11 @@
     "apiVersion": "v1",
     "gvkKind": "APIVersions"
   },
+  "AdditionalOutputFormat": {
+    "resourceType": "K8s::CertManager::Certificate.additionalOutputFormats",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Address": {
     "resourceType": "K8s::Gateway::Gateway.addresses",
     "kind": "property",
@@ -255,6 +260,25 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Certificate": {
+    "resourceType": "K8s::CertManager::Certificate",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "Certificate"
+  },
+  "CertificateRequest": {
+    "resourceType": "K8s::CertManager::CertificateRequest",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "CertificateRequest"
+  },
+  "CertificateRequest_IssuerRef": {
+    "resourceType": "K8s::CertManager::CertificateRequest.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "CertificateSigningRequest": {
     "resourceType": "K8s::Certificates::CertificateSigningRequest",
     "kind": "resource",
@@ -269,6 +293,95 @@
     "apiVersion": "certificates.k8s.io/v1",
     "gvkKind": "CertificateSigningRequestList"
   },
+  "Certificate_AdditionalOutputFormat": {
+    "resourceType": "K8s::CertManager::Certificate.additionalOutputFormats",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_IssuerRef": {
+    "resourceType": "K8s::CertManager::Certificate.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_Keystores": {
+    "resourceType": "K8s::CertManager::Certificate.keystores",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_NameConstraints": {
+    "resourceType": "K8s::CertManager::Certificate.nameConstraints",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_OtherName": {
+    "resourceType": "K8s::CertManager::Certificate.otherNames",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_PrivateKey": {
+    "resourceType": "K8s::CertManager::Certificate.privateKey",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_SecretTemplate": {
+    "resourceType": "K8s::CertManager::Certificate.secretTemplate",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Certificate_Subject": {
+    "resourceType": "K8s::CertManager::Certificate.subject",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Challenge": {
+    "resourceType": "K8s::Acme::Challenge",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "acme.cert-manager.io/v1",
+    "gvkKind": "Challenge"
+  },
+  "Challenge_IssuerRef": {
+    "resourceType": "K8s::Acme::Challenge.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Challenge_Solver": {
+    "resourceType": "K8s::Acme::Challenge.solver",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer": {
+    "resourceType": "K8s::CertManager::ClusterIssuer",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "ClusterIssuer"
+  },
+  "ClusterIssuer_Acme": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.acme",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_Ca": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.ca",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_SelfSigned": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.selfSigned",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_Vault": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.vault",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "ClusterIssuer_Venafi": {
+    "resourceType": "K8s::CertManager::ClusterIssuer.venafi",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "ClusterResourceBlacklist": {
     "resourceType": "K8s::Argo::AppProject.clusterResourceBlacklist",
     "kind": "property",
@@ -870,6 +983,38 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Issuer": {
+    "resourceType": "K8s::CertManager::Issuer",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "cert-manager.io/v1",
+    "gvkKind": "Issuer"
+  },
+  "Issuer_Acme": {
+    "resourceType": "K8s::CertManager::Issuer.acme",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_Ca": {
+    "resourceType": "K8s::CertManager::Issuer.ca",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_SelfSigned": {
+    "resourceType": "K8s::CertManager::Issuer.selfSigned",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_Vault": {
+    "resourceType": "K8s::CertManager::Issuer.vault",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
+  "Issuer_Venafi": {
+    "resourceType": "K8s::CertManager::Issuer.venafi",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Job": {
     "resourceType": "K8s::Batch::Job",
     "kind": "resource",
@@ -894,6 +1039,11 @@
       }
     }
   },
+  "Keystores": {
+    "resourceType": "K8s::CertManager::Certificate.keystores",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "LabelSelector": {
     "resourceType": "K8s::Meta::LabelSelector",
     "kind": "property",
@@ -975,6 +1125,11 @@
     "apiVersion": "v1",
     "gvkKind": "Namespace"
   },
+  "NameConstraints": {
+    "resourceType": "K8s::CertManager::Certificate.nameConstraints",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Namespace": {
     "resourceType": "K8s::Core::Namespace",
     "kind": "resource",
@@ -1077,11 +1232,28 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Order": {
+    "resourceType": "K8s::Acme::Order",
+    "kind": "resource",
+    "lexicon": "k8s",
+    "apiVersion": "acme.cert-manager.io/v1",
+    "gvkKind": "Order"
+  },
+  "Order_IssuerRef": {
+    "resourceType": "K8s::Acme::Order.issuerRef",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "OrphanedResources": {
     "resourceType": "K8s::Argo::AppProject.orphanedResources",
     "kind": "property",
     "lexicon": "k8s"
   },
+  "OtherName": {
+    "resourceType": "K8s::CertManager::Certificate.otherNames",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "PDB": {
     "resourceType": "K8s::Policy::PodDisruptionBudget",
     "kind": "resource",
@@ -1273,6 +1445,11 @@
     "apiVersion": "flowcontrol.apiserver.k8s.io/v1",
     "gvkKind": "PriorityLevelConfigurationList"
   },
+  "PrivateKey": {
+    "resourceType": "K8s::CertManager::Certificate.privateKey",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Probe": {
     "resourceType": "K8s::Core::Probe",
     "kind": "property",
@@ -1589,6 +1766,11 @@
     "apiVersion": "v1",
     "gvkKind": "SecretList"
   },
+  "SecretTemplate": {
+    "resourceType": "K8s::CertManager::Certificate.secretTemplate",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "SecurityContext": {
     "resourceType": "K8s::Core::SecurityContext",
     "kind": "property",
@@ -1698,6 +1880,11 @@
     "kind": "property",
     "lexicon": "k8s"
   },
+  "Solver": {
+    "resourceType": "K8s::Acme::Challenge.solver",
+    "kind": "property",
+    "lexicon": "k8s"
+  },
   "Source": {
     "resourceType": "K8s::Argo::Application.source",
     "kind": "property",