18 lines
4.4 KiB
Markdown
18 lines
4.4 KiB
Markdown
# V1CertificateSigningRequestSpec
|
|
|
|
CertificateSigningRequestSpec contains the certificate request.
|
|
## Properties
|
|
Name | Type | Description | Notes
|
|
------------ | ------------- | ------------- | -------------
|
|
**extra** | **dict(str, list[str])** | extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. | [optional]
|
|
**groups** | **list[str]** | groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. | [optional]
|
|
**request** | **str** | request contains an x509 certificate signing request encoded in a \"CERTIFICATE REQUEST\" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded. |
|
|
**signer_name** | **str** | signerName indicates the requested signer, and is a qualified name. List/watch requests for CertificateSigningRequests can filter on this field using a \"spec.signerName=NAME\" fieldSelector. Well-known Kubernetes signers are: 1. \"kubernetes.io/kube-apiserver-kubernetes.client\": issues kubernetes.client certificates that can be used to authenticate to kube-apiserver. Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the \"csrsigning\" controller in kube-controller-manager. 2. \"kubernetes.io/kube-apiserver-kubernetes.client-kubelet\": issues kubernetes.client certificates that kubelets use to authenticate to kube-apiserver. Requests for this signer can be auto-approved by the \"csrapproving\" controller in kube-controller-manager, and can be issued by the \"csrsigning\" controller in kube-controller-manager. 3. \"kubernetes.io/kubelet-serving\" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the \"csrsigning\" controller in kube-controller-manager. More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers Custom signerNames can also be specified. The signer defines: 1. Trust distribution: how trust (CA bundles) are distributed. 2. Permitted subjects: and behavior when a disallowed subject is requested. 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. 4. Required, permitted, or forbidden key usages / extended key usages. 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. 6. Whether or not requests for CA certificates are allowed. |
|
|
**uid** | **str** | uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. | [optional]
|
|
**usages** | **list[str]** | usages specifies a set of key usages requested in the issued certificate. Requests for TLS kubernetes.client certificates typically request: \"digital signature\", \"key encipherment\", \"kubernetes.client auth\". Requests for TLS serving certificates typically request: \"key encipherment\", \"digital signature\", \"server auth\". Valid values are: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"kubernetes.client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\" | [optional]
|
|
**username** | **str** | username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. | [optional]
|
|
|
|
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
|
|
|
|
|