Documentation ¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type CertificateSigningRequest
- func (in *CertificateSigningRequest) DeepCopy() *CertificateSigningRequest
- func (in *CertificateSigningRequest) DeepCopyInto(out *CertificateSigningRequest)
- func (in *CertificateSigningRequest) DeepCopyObject() runtime.Object
- func (*CertificateSigningRequest) Descriptor() ([]byte, []int)
- func (m *CertificateSigningRequest) Marshal() (dAtA []byte, err error)
- func (m *CertificateSigningRequest) MarshalTo(dAtA []byte) (int, error)
- func (m *CertificateSigningRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*CertificateSigningRequest) ProtoMessage()
- func (m *CertificateSigningRequest) Reset()
- func (m *CertificateSigningRequest) Size() (n int)
- func (this *CertificateSigningRequest) String() string
- func (CertificateSigningRequest) SwaggerDoc() map[string]string
- func (m *CertificateSigningRequest) Unmarshal(dAtA []byte) error
- func (m *CertificateSigningRequest) XXX_DiscardUnknown()
- func (m *CertificateSigningRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CertificateSigningRequest) XXX_Merge(src proto.Message)
- func (m *CertificateSigningRequest) XXX_Size() int
- func (m *CertificateSigningRequest) XXX_Unmarshal(b []byte) error
- type CertificateSigningRequestCondition
- func (in *CertificateSigningRequestCondition) DeepCopy() *CertificateSigningRequestCondition
- func (in *CertificateSigningRequestCondition) DeepCopyInto(out *CertificateSigningRequestCondition)
- func (*CertificateSigningRequestCondition) Descriptor() ([]byte, []int)
- func (m *CertificateSigningRequestCondition) Marshal() (dAtA []byte, err error)
- func (m *CertificateSigningRequestCondition) MarshalTo(dAtA []byte) (int, error)
- func (m *CertificateSigningRequestCondition) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*CertificateSigningRequestCondition) ProtoMessage()
- func (m *CertificateSigningRequestCondition) Reset()
- func (m *CertificateSigningRequestCondition) Size() (n int)
- func (this *CertificateSigningRequestCondition) String() string
- func (CertificateSigningRequestCondition) SwaggerDoc() map[string]string
- func (m *CertificateSigningRequestCondition) Unmarshal(dAtA []byte) error
- func (m *CertificateSigningRequestCondition) XXX_DiscardUnknown()
- func (m *CertificateSigningRequestCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CertificateSigningRequestCondition) XXX_Merge(src proto.Message)
- func (m *CertificateSigningRequestCondition) XXX_Size() int
- func (m *CertificateSigningRequestCondition) XXX_Unmarshal(b []byte) error
- type CertificateSigningRequestList
- func (in *CertificateSigningRequestList) DeepCopy() *CertificateSigningRequestList
- func (in *CertificateSigningRequestList) DeepCopyInto(out *CertificateSigningRequestList)
- func (in *CertificateSigningRequestList) DeepCopyObject() runtime.Object
- func (*CertificateSigningRequestList) Descriptor() ([]byte, []int)
- func (m *CertificateSigningRequestList) Marshal() (dAtA []byte, err error)
- func (m *CertificateSigningRequestList) MarshalTo(dAtA []byte) (int, error)
- func (m *CertificateSigningRequestList) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*CertificateSigningRequestList) ProtoMessage()
- func (m *CertificateSigningRequestList) Reset()
- func (m *CertificateSigningRequestList) Size() (n int)
- func (this *CertificateSigningRequestList) String() string
- func (CertificateSigningRequestList) SwaggerDoc() map[string]string
- func (m *CertificateSigningRequestList) Unmarshal(dAtA []byte) error
- func (m *CertificateSigningRequestList) XXX_DiscardUnknown()
- func (m *CertificateSigningRequestList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CertificateSigningRequestList) XXX_Merge(src proto.Message)
- func (m *CertificateSigningRequestList) XXX_Size() int
- func (m *CertificateSigningRequestList) XXX_Unmarshal(b []byte) error
- type CertificateSigningRequestSpec
- func (in *CertificateSigningRequestSpec) DeepCopy() *CertificateSigningRequestSpec
- func (in *CertificateSigningRequestSpec) DeepCopyInto(out *CertificateSigningRequestSpec)
- func (*CertificateSigningRequestSpec) Descriptor() ([]byte, []int)
- func (m *CertificateSigningRequestSpec) Marshal() (dAtA []byte, err error)
- func (m *CertificateSigningRequestSpec) MarshalTo(dAtA []byte) (int, error)
- func (m *CertificateSigningRequestSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*CertificateSigningRequestSpec) ProtoMessage()
- func (m *CertificateSigningRequestSpec) Reset()
- func (m *CertificateSigningRequestSpec) Size() (n int)
- func (this *CertificateSigningRequestSpec) String() string
- func (CertificateSigningRequestSpec) SwaggerDoc() map[string]string
- func (m *CertificateSigningRequestSpec) Unmarshal(dAtA []byte) error
- func (m *CertificateSigningRequestSpec) XXX_DiscardUnknown()
- func (m *CertificateSigningRequestSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CertificateSigningRequestSpec) XXX_Merge(src proto.Message)
- func (m *CertificateSigningRequestSpec) XXX_Size() int
- func (m *CertificateSigningRequestSpec) XXX_Unmarshal(b []byte) error
- type CertificateSigningRequestStatus
- func (in *CertificateSigningRequestStatus) DeepCopy() *CertificateSigningRequestStatus
- func (in *CertificateSigningRequestStatus) DeepCopyInto(out *CertificateSigningRequestStatus)
- func (*CertificateSigningRequestStatus) Descriptor() ([]byte, []int)
- func (m *CertificateSigningRequestStatus) Marshal() (dAtA []byte, err error)
- func (m *CertificateSigningRequestStatus) MarshalTo(dAtA []byte) (int, error)
- func (m *CertificateSigningRequestStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*CertificateSigningRequestStatus) ProtoMessage()
- func (m *CertificateSigningRequestStatus) Reset()
- func (m *CertificateSigningRequestStatus) Size() (n int)
- func (this *CertificateSigningRequestStatus) String() string
- func (CertificateSigningRequestStatus) SwaggerDoc() map[string]string
- func (m *CertificateSigningRequestStatus) Unmarshal(dAtA []byte) error
- func (m *CertificateSigningRequestStatus) XXX_DiscardUnknown()
- func (m *CertificateSigningRequestStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CertificateSigningRequestStatus) XXX_Merge(src proto.Message)
- func (m *CertificateSigningRequestStatus) XXX_Size() int
- func (m *CertificateSigningRequestStatus) XXX_Unmarshal(b []byte) error
- type ExtraValue
- func (in ExtraValue) DeepCopy() ExtraValue
- func (in ExtraValue) DeepCopyInto(out *ExtraValue)
- func (*ExtraValue) Descriptor() ([]byte, []int)
- func (m ExtraValue) Marshal() (dAtA []byte, err error)
- func (m ExtraValue) MarshalTo(dAtA []byte) (int, error)
- func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*ExtraValue) ProtoMessage()
- func (m *ExtraValue) Reset()
- func (m ExtraValue) Size() (n int)
- func (t ExtraValue) String() string
- func (m *ExtraValue) Unmarshal(dAtA []byte) error
- func (m *ExtraValue) XXX_DiscardUnknown()
- func (m *ExtraValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *ExtraValue) XXX_Merge(src proto.Message)
- func (m *ExtraValue) XXX_Size() int
- func (m *ExtraValue) XXX_Unmarshal(b []byte) error
- type KeyUsage
- type RequestConditionType
Constants ¶
const ( // "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver. // Never auto-approved by kube-controller-manager. // Can be issued by the "csrsigning" controller in kube-controller-manager. KubeAPIServerClientSignerName = "kubernetes.io/kube-apiserver-client" // "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver. // Can be auto-approved by the "csrapproving" controller in kube-controller-manager. // Can be issued by the "csrsigning" controller in kube-controller-manager. KubeAPIServerClientKubeletSignerName = "kubernetes.io/kube-apiserver-client-kubelet" // "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, // which kube-apiserver can connect to securely. // Never auto-approved by kube-controller-manager. // Can be issued by the "csrsigning" controller in kube-controller-manager. KubeletServingSignerName = "kubernetes.io/kubelet-serving" )
Built in signerName values that are honored by kube-controller-manager.
const GroupName = "certificates.k8s.io"
GroupName is the group name use in this package
Variables ¶
var ( ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") )
var ( // SchemeBuilder is the scheme builder with scheme init functions to run for this API package SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme is a global function that registers this API group & version to a scheme AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type CertificateSigningRequest ¶
type CertificateSigningRequest struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // spec contains the certificate request, and is immutable after creation. // Only the request, signerName, expirationSeconds, and usages fields can be set on creation. // Other fields are derived by Kubernetes and cannot be modified by users. Spec CertificateSigningRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // status contains information about whether the request is approved or denied, // and the certificate issued by the signer, or the failure condition indicating signer failure. // +optional Status CertificateSigningRequestStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` }
CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.
Kubelets use this API to obtain:
- client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
- serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
This API can be used to request client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName), or to obtain certificates from custom non-Kubernetes signers.
func (*CertificateSigningRequest) DeepCopy ¶
func (in *CertificateSigningRequest) DeepCopy() *CertificateSigningRequest
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequest.
func (*CertificateSigningRequest) DeepCopyInto ¶
func (in *CertificateSigningRequest) DeepCopyInto(out *CertificateSigningRequest)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateSigningRequest) DeepCopyObject ¶
func (in *CertificateSigningRequest) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*CertificateSigningRequest) Descriptor ¶
func (*CertificateSigningRequest) Descriptor() ([]byte, []int)
func (*CertificateSigningRequest) Marshal ¶
func (m *CertificateSigningRequest) Marshal() (dAtA []byte, err error)
func (*CertificateSigningRequest) MarshalTo ¶
func (m *CertificateSigningRequest) MarshalTo(dAtA []byte) (int, error)
func (*CertificateSigningRequest) MarshalToSizedBuffer ¶
func (m *CertificateSigningRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*CertificateSigningRequest) ProtoMessage ¶
func (*CertificateSigningRequest) ProtoMessage()
func (*CertificateSigningRequest) Reset ¶
func (m *CertificateSigningRequest) Reset()
func (*CertificateSigningRequest) Size ¶
func (m *CertificateSigningRequest) Size() (n int)
func (*CertificateSigningRequest) String ¶
func (this *CertificateSigningRequest) String() string
func (CertificateSigningRequest) SwaggerDoc ¶
func (CertificateSigningRequest) SwaggerDoc() map[string]string
func (*CertificateSigningRequest) Unmarshal ¶
func (m *CertificateSigningRequest) Unmarshal(dAtA []byte) error
func (*CertificateSigningRequest) XXX_DiscardUnknown ¶
func (m *CertificateSigningRequest) XXX_DiscardUnknown()
func (*CertificateSigningRequest) XXX_Marshal ¶
func (m *CertificateSigningRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CertificateSigningRequest) XXX_Merge ¶
func (m *CertificateSigningRequest) XXX_Merge(src proto.Message)
func (*CertificateSigningRequest) XXX_Size ¶
func (m *CertificateSigningRequest) XXX_Size() int
func (*CertificateSigningRequest) XXX_Unmarshal ¶
func (m *CertificateSigningRequest) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestCondition ¶
type CertificateSigningRequestCondition struct { // type of the condition. Known conditions are "Approved", "Denied", and "Failed". // // An "Approved" condition is added via the /approval subresource, // indicating the request was approved and should be issued by the signer. // // A "Denied" condition is added via the /approval subresource, // indicating the request was denied and should not be issued by the signer. // // A "Failed" condition is added via the /status subresource, // indicating the signer failed to issue the certificate. // // Approved and Denied conditions are mutually exclusive. // Approved, Denied, and Failed conditions cannot be removed once added. // // Only one condition of a given type is allowed. Type RequestConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RequestConditionType"` // status of the condition, one of True, False, Unknown. // Approved, Denied, and Failed conditions may not be "False" or "Unknown". Status v1.ConditionStatus `json:"status" protobuf:"bytes,6,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"` // reason indicates a brief reason for the request state // +optional Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"` // message contains a human readable message with details about the request state // +optional Message string `json:"message,omitempty" protobuf:"bytes,3,opt,name=message"` // lastUpdateTime is the time of the last update to this condition // +optional LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdateTime"` // lastTransitionTime is the time the condition last transitioned from one status to another. // If unset, when a new condition type is added or an existing condition's status is changed, // the server defaults this to the current time. // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,5,opt,name=lastTransitionTime"` }
CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object
func (*CertificateSigningRequestCondition) DeepCopy ¶
func (in *CertificateSigningRequestCondition) DeepCopy() *CertificateSigningRequestCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestCondition.
func (*CertificateSigningRequestCondition) DeepCopyInto ¶
func (in *CertificateSigningRequestCondition) DeepCopyInto(out *CertificateSigningRequestCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateSigningRequestCondition) Descriptor ¶
func (*CertificateSigningRequestCondition) Descriptor() ([]byte, []int)
func (*CertificateSigningRequestCondition) Marshal ¶
func (m *CertificateSigningRequestCondition) Marshal() (dAtA []byte, err error)
func (*CertificateSigningRequestCondition) MarshalTo ¶
func (m *CertificateSigningRequestCondition) MarshalTo(dAtA []byte) (int, error)
func (*CertificateSigningRequestCondition) MarshalToSizedBuffer ¶
func (m *CertificateSigningRequestCondition) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*CertificateSigningRequestCondition) ProtoMessage ¶
func (*CertificateSigningRequestCondition) ProtoMessage()
func (*CertificateSigningRequestCondition) Reset ¶
func (m *CertificateSigningRequestCondition) Reset()
func (*CertificateSigningRequestCondition) Size ¶
func (m *CertificateSigningRequestCondition) Size() (n int)
func (*CertificateSigningRequestCondition) String ¶
func (this *CertificateSigningRequestCondition) String() string
func (CertificateSigningRequestCondition) SwaggerDoc ¶
func (CertificateSigningRequestCondition) SwaggerDoc() map[string]string
func (*CertificateSigningRequestCondition) Unmarshal ¶
func (m *CertificateSigningRequestCondition) Unmarshal(dAtA []byte) error
func (*CertificateSigningRequestCondition) XXX_DiscardUnknown ¶
func (m *CertificateSigningRequestCondition) XXX_DiscardUnknown()
func (*CertificateSigningRequestCondition) XXX_Marshal ¶
func (m *CertificateSigningRequestCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CertificateSigningRequestCondition) XXX_Merge ¶
func (m *CertificateSigningRequestCondition) XXX_Merge(src proto.Message)
func (*CertificateSigningRequestCondition) XXX_Size ¶
func (m *CertificateSigningRequestCondition) XXX_Size() int
func (*CertificateSigningRequestCondition) XXX_Unmarshal ¶
func (m *CertificateSigningRequestCondition) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestList ¶
type CertificateSigningRequestList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // items is a collection of CertificateSigningRequest objects Items []CertificateSigningRequest `json:"items" protobuf:"bytes,2,rep,name=items"` }
CertificateSigningRequestList is a collection of CertificateSigningRequest objects
func (*CertificateSigningRequestList) DeepCopy ¶
func (in *CertificateSigningRequestList) DeepCopy() *CertificateSigningRequestList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestList.
func (*CertificateSigningRequestList) DeepCopyInto ¶
func (in *CertificateSigningRequestList) DeepCopyInto(out *CertificateSigningRequestList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateSigningRequestList) DeepCopyObject ¶
func (in *CertificateSigningRequestList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*CertificateSigningRequestList) Descriptor ¶
func (*CertificateSigningRequestList) Descriptor() ([]byte, []int)
func (*CertificateSigningRequestList) Marshal ¶
func (m *CertificateSigningRequestList) Marshal() (dAtA []byte, err error)
func (*CertificateSigningRequestList) MarshalTo ¶
func (m *CertificateSigningRequestList) MarshalTo(dAtA []byte) (int, error)
func (*CertificateSigningRequestList) MarshalToSizedBuffer ¶
func (m *CertificateSigningRequestList) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*CertificateSigningRequestList) ProtoMessage ¶
func (*CertificateSigningRequestList) ProtoMessage()
func (*CertificateSigningRequestList) Reset ¶
func (m *CertificateSigningRequestList) Reset()
func (*CertificateSigningRequestList) Size ¶
func (m *CertificateSigningRequestList) Size() (n int)
func (*CertificateSigningRequestList) String ¶
func (this *CertificateSigningRequestList) String() string
func (CertificateSigningRequestList) SwaggerDoc ¶
func (CertificateSigningRequestList) SwaggerDoc() map[string]string
func (*CertificateSigningRequestList) Unmarshal ¶
func (m *CertificateSigningRequestList) Unmarshal(dAtA []byte) error
func (*CertificateSigningRequestList) XXX_DiscardUnknown ¶
func (m *CertificateSigningRequestList) XXX_DiscardUnknown()
func (*CertificateSigningRequestList) XXX_Marshal ¶
func (m *CertificateSigningRequestList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CertificateSigningRequestList) XXX_Merge ¶
func (m *CertificateSigningRequestList) XXX_Merge(src proto.Message)
func (*CertificateSigningRequestList) XXX_Size ¶
func (m *CertificateSigningRequestList) XXX_Size() int
func (*CertificateSigningRequestList) XXX_Unmarshal ¶
func (m *CertificateSigningRequestList) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestSpec ¶
type CertificateSigningRequestSpec struct { // request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. // When serialized as JSON or YAML, the data is additionally base64-encoded. // +listType=atomic Request []byte `json:"request" protobuf:"bytes,1,opt,name=request"` // signerName indicates the requested signer, and is a qualified name. // // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. // // Well-known Kubernetes signers are: // 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. // Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager. // 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. // Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. // 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. // Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. // // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers // // Custom signerNames can also be specified. The signer defines: // 1. Trust distribution: how trust (CA bundles) are distributed. // 2. Permitted subjects: and behavior when a disallowed subject is requested. // 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. // 4. Required, permitted, or forbidden key usages / extended key usages. // 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. // 6. Whether or not requests for CA certificates are allowed. SignerName string `json:"signerName" protobuf:"bytes,7,opt,name=signerName"` // expirationSeconds is the requested duration of validity of the issued // certificate. The certificate signer may issue a certificate with a different // validity duration so a client must check the delta between the notBefore and // and notAfter fields in the issued certificate to determine the actual duration. // // The v1.22+ in-tree implementations of the well-known Kubernetes signers will // honor this field as long as the requested duration is not greater than the // maximum duration they will honor per the --cluster-signing-duration CLI // flag to the Kubernetes controller manager. // // Certificate signers may not honor this field for various reasons: // // 1. Old signer that is unaware of the field (such as the in-tree // implementations prior to v1.22) // 2. Signer whose configured maximum is shorter than the requested duration // 3. Signer whose configured minimum is longer than the requested duration // // The minimum valid value for expirationSeconds is 600, i.e. 10 minutes. // // +optional ExpirationSeconds *int32 `json:"expirationSeconds,omitempty" protobuf:"varint,8,opt,name=expirationSeconds"` // usages specifies a set of key usages requested in the issued certificate. // // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". // // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". // // Valid values are: // "signing", "digital signature", "content commitment", // "key encipherment", "key agreement", "data encipherment", // "cert sign", "crl sign", "encipher only", "decipher only", "any", // "server auth", "client auth", // "code signing", "email protection", "s/mime", // "ipsec end system", "ipsec tunnel", "ipsec user", // "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" // +listType=atomic Usages []KeyUsage `json:"usages,omitempty" protobuf:"bytes,5,opt,name=usages"` // username contains the name of the user that created the CertificateSigningRequest. // Populated by the API server on creation and immutable. // +optional Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"` // uid contains the uid of the user that created the CertificateSigningRequest. // Populated by the API server on creation and immutable. // +optional UID string `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"` // groups contains group membership of the user that created the CertificateSigningRequest. // Populated by the API server on creation and immutable. // +listType=atomic // +optional Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"` // extra contains extra attributes of the user that created the CertificateSigningRequest. // Populated by the API server on creation and immutable. // +optional Extra map[string]ExtraValue `json:"extra,omitempty" protobuf:"bytes,6,rep,name=extra"` }
CertificateSigningRequestSpec contains the certificate request.
func (*CertificateSigningRequestSpec) DeepCopy ¶
func (in *CertificateSigningRequestSpec) DeepCopy() *CertificateSigningRequestSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestSpec.
func (*CertificateSigningRequestSpec) DeepCopyInto ¶
func (in *CertificateSigningRequestSpec) DeepCopyInto(out *CertificateSigningRequestSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateSigningRequestSpec) Descriptor ¶
func (*CertificateSigningRequestSpec) Descriptor() ([]byte, []int)
func (*CertificateSigningRequestSpec) Marshal ¶
func (m *CertificateSigningRequestSpec) Marshal() (dAtA []byte, err error)
func (*CertificateSigningRequestSpec) MarshalTo ¶
func (m *CertificateSigningRequestSpec) MarshalTo(dAtA []byte) (int, error)
func (*CertificateSigningRequestSpec) MarshalToSizedBuffer ¶
func (m *CertificateSigningRequestSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*CertificateSigningRequestSpec) ProtoMessage ¶
func (*CertificateSigningRequestSpec) ProtoMessage()
func (*CertificateSigningRequestSpec) Reset ¶
func (m *CertificateSigningRequestSpec) Reset()
func (*CertificateSigningRequestSpec) Size ¶
func (m *CertificateSigningRequestSpec) Size() (n int)
func (*CertificateSigningRequestSpec) String ¶
func (this *CertificateSigningRequestSpec) String() string
func (CertificateSigningRequestSpec) SwaggerDoc ¶
func (CertificateSigningRequestSpec) SwaggerDoc() map[string]string
func (*CertificateSigningRequestSpec) Unmarshal ¶
func (m *CertificateSigningRequestSpec) Unmarshal(dAtA []byte) error
func (*CertificateSigningRequestSpec) XXX_DiscardUnknown ¶
func (m *CertificateSigningRequestSpec) XXX_DiscardUnknown()
func (*CertificateSigningRequestSpec) XXX_Marshal ¶
func (m *CertificateSigningRequestSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CertificateSigningRequestSpec) XXX_Merge ¶
func (m *CertificateSigningRequestSpec) XXX_Merge(src proto.Message)
func (*CertificateSigningRequestSpec) XXX_Size ¶
func (m *CertificateSigningRequestSpec) XXX_Size() int
func (*CertificateSigningRequestSpec) XXX_Unmarshal ¶
func (m *CertificateSigningRequestSpec) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestStatus ¶
type CertificateSigningRequestStatus struct { // conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed". // +listType=map // +listMapKey=type // +optional Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"` // certificate is populated with an issued certificate by the signer after an Approved condition is present. // This field is set via the /status subresource. Once populated, this field is immutable. // // If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. // If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. // // Validation requirements: // 1. certificate must contain one or more PEM blocks. // 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data // must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280. // 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated, // to allow for explanatory text as described in section 5.2 of RFC7468. // // If more than one PEM block is present, and the definition of the requested spec.signerName // does not indicate otherwise, the first block is the issued certificate, // and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. // // The certificate is encoded in PEM format. // // When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of: // // base64( // -----BEGIN CERTIFICATE----- // ... // -----END CERTIFICATE----- // ) // // +listType=atomic // +optional Certificate []byte `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"` }
CertificateSigningRequestStatus contains conditions used to indicate approved/denied/failed status of the request, and the issued certificate.
func (*CertificateSigningRequestStatus) DeepCopy ¶
func (in *CertificateSigningRequestStatus) DeepCopy() *CertificateSigningRequestStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestStatus.
func (*CertificateSigningRequestStatus) DeepCopyInto ¶
func (in *CertificateSigningRequestStatus) DeepCopyInto(out *CertificateSigningRequestStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateSigningRequestStatus) Descriptor ¶
func (*CertificateSigningRequestStatus) Descriptor() ([]byte, []int)
func (*CertificateSigningRequestStatus) Marshal ¶
func (m *CertificateSigningRequestStatus) Marshal() (dAtA []byte, err error)
func (*CertificateSigningRequestStatus) MarshalTo ¶
func (m *CertificateSigningRequestStatus) MarshalTo(dAtA []byte) (int, error)
func (*CertificateSigningRequestStatus) MarshalToSizedBuffer ¶
func (m *CertificateSigningRequestStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*CertificateSigningRequestStatus) ProtoMessage ¶
func (*CertificateSigningRequestStatus) ProtoMessage()
func (*CertificateSigningRequestStatus) Reset ¶
func (m *CertificateSigningRequestStatus) Reset()
func (*CertificateSigningRequestStatus) Size ¶
func (m *CertificateSigningRequestStatus) Size() (n int)
func (*CertificateSigningRequestStatus) String ¶
func (this *CertificateSigningRequestStatus) String() string
func (CertificateSigningRequestStatus) SwaggerDoc ¶
func (CertificateSigningRequestStatus) SwaggerDoc() map[string]string
func (*CertificateSigningRequestStatus) Unmarshal ¶
func (m *CertificateSigningRequestStatus) Unmarshal(dAtA []byte) error
func (*CertificateSigningRequestStatus) XXX_DiscardUnknown ¶
func (m *CertificateSigningRequestStatus) XXX_DiscardUnknown()
func (*CertificateSigningRequestStatus) XXX_Marshal ¶
func (m *CertificateSigningRequestStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CertificateSigningRequestStatus) XXX_Merge ¶
func (m *CertificateSigningRequestStatus) XXX_Merge(src proto.Message)
func (*CertificateSigningRequestStatus) XXX_Size ¶
func (m *CertificateSigningRequestStatus) XXX_Size() int
func (*CertificateSigningRequestStatus) XXX_Unmarshal ¶
func (m *CertificateSigningRequestStatus) XXX_Unmarshal(b []byte) error
type ExtraValue ¶
type ExtraValue []string
ExtraValue masks the value so protobuf can generate +protobuf.nullable=true +protobuf.options.(gogoproto.goproto_stringer)=false
func (ExtraValue) DeepCopy ¶
func (in ExtraValue) DeepCopy() ExtraValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.
func (ExtraValue) DeepCopyInto ¶
func (in ExtraValue) DeepCopyInto(out *ExtraValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExtraValue) Descriptor ¶
func (*ExtraValue) Descriptor() ([]byte, []int)
func (ExtraValue) Marshal ¶
func (m ExtraValue) Marshal() (dAtA []byte, err error)
func (ExtraValue) MarshalToSizedBuffer ¶
func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*ExtraValue) ProtoMessage ¶
func (*ExtraValue) ProtoMessage()
func (*ExtraValue) Reset ¶
func (m *ExtraValue) Reset()
func (ExtraValue) Size ¶
func (m ExtraValue) Size() (n int)
func (ExtraValue) String ¶
func (t ExtraValue) String() string
func (*ExtraValue) Unmarshal ¶
func (m *ExtraValue) Unmarshal(dAtA []byte) error
func (*ExtraValue) XXX_DiscardUnknown ¶
func (m *ExtraValue) XXX_DiscardUnknown()
func (*ExtraValue) XXX_Marshal ¶
func (m *ExtraValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*ExtraValue) XXX_Merge ¶
func (m *ExtraValue) XXX_Merge(src proto.Message)
func (*ExtraValue) XXX_Size ¶
func (m *ExtraValue) XXX_Size() int
func (*ExtraValue) XXX_Unmarshal ¶
func (m *ExtraValue) XXX_Unmarshal(b []byte) error
type KeyUsage ¶
type KeyUsage string
KeyUsage specifies valid usage contexts for keys. See:
https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12
+enum
const ( UsageSigning KeyUsage = "signing" UsageDigitalSignature KeyUsage = "digital signature" UsageContentCommitment KeyUsage = "content commitment" UsageKeyEncipherment KeyUsage = "key encipherment" UsageKeyAgreement KeyUsage = "key agreement" UsageDataEncipherment KeyUsage = "data encipherment" UsageCertSign KeyUsage = "cert sign" UsageCRLSign KeyUsage = "crl sign" UsageEncipherOnly KeyUsage = "encipher only" UsageDecipherOnly KeyUsage = "decipher only" UsageAny KeyUsage = "any" UsageServerAuth KeyUsage = "server auth" UsageClientAuth KeyUsage = "client auth" UsageCodeSigning KeyUsage = "code signing" UsageEmailProtection KeyUsage = "email protection" UsageSMIME KeyUsage = "s/mime" UsageIPsecEndSystem KeyUsage = "ipsec end system" UsageIPsecTunnel KeyUsage = "ipsec tunnel" UsageIPsecUser KeyUsage = "ipsec user" UsageTimestamping KeyUsage = "timestamping" UsageOCSPSigning KeyUsage = "ocsp signing" UsageMicrosoftSGC KeyUsage = "microsoft sgc" UsageNetscapeSGC KeyUsage = "netscape sgc" )
Valid key usages
type RequestConditionType ¶
type RequestConditionType string
RequestConditionType is the type of a CertificateSigningRequestCondition
const ( // Approved indicates the request was approved and should be issued by the signer. CertificateApproved RequestConditionType = "Approved" // Denied indicates the request was denied and should not be issued by the signer. CertificateDenied RequestConditionType = "Denied" // Failed indicates the signer failed to issue the certificate. CertificateFailed RequestConditionType = "Failed" )
Well-known condition types for certificate requests.