Struct k8s_openapi::api::certificates::v1::CertificateSigningRequestSpec

pub struct CertificateSigningRequestSpec {
    pub extra: Option<BTreeMap<String, Vec<String>>>,
    pub groups: Option<Vec<String>>,
    pub request: ByteString,
    pub signer_name: String,
    pub uid: Option<String>,
    pub usages: Option<Vec<String>>,
    pub username: Option<String>,
}

CertificateSigningRequestSpec contains the certificate request.

Fields

extra: Option<BTreeMap<String, Vec<String>>>

extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

groups: Option<Vec<String>>

groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

request: ByteString

request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.

signer_name: String

signerName indicates the requested signer, and is a qualified name.

List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.

Well-known Kubernetes signers are:

1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.

More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers

Custom signerNames can also be specified. The signer defines:

1. Trust distribution: how trust (CA bundles) are distributed.
2. Permitted subjects: and behavior when a disallowed subject is requested.
3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
4. Required, permitted, or forbidden key usages / extended key usages.
5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
6. Whether or not requests for CA certificates are allowed.

uid: Option<String>

uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

usages: Option<Vec<String>>

usages specifies a set of key usages requested in the issued certificate.

Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".

Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".

Valid values are: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"

username: Option<String>

username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

Trait Implementations

impl Clone for CertificateSigningRequestSpec

pub fn clone(&self) -> CertificateSigningRequestSpec

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CertificateSigningRequestSpec

pub fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for CertificateSigningRequestSpec

pub fn default() -> CertificateSigningRequestSpec

Returns the "default value" for a type.

impl<'de> Deserialize<'de> for CertificateSigningRequestSpec

pub fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where
    D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl PartialEq<CertificateSigningRequestSpec> for CertificateSigningRequestSpec

pub fn eq(&self, other: &CertificateSigningRequestSpec) -> bool

This method tests for self and other values to be equal, and is used by ==.

pub fn ne(&self, other: &CertificateSigningRequestSpec) -> bool

This method tests for !=.

impl Serialize for CertificateSigningRequestSpec

pub fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where
    S: Serializer, 

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for CertificateSigningRequestSpec