[−][src]Struct k8s_openapi::api::certificates::v1::CertificateSigningRequestSpec
CertificateSigningRequestSpec contains the certificate request.
Fields
extra: Option<BTreeMap<String, Vec<String>>>
extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
groups: Option<Vec<String>>
groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
request: ByteString
request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.
signer_name: String
signerName indicates the requested signer, and is a qualified name.
List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
Well-known Kubernetes signers are:
- "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
- "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
- "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
Custom signerNames can also be specified. The signer defines:
- Trust distribution: how trust (CA bundles) are distributed.
- Permitted subjects: and behavior when a disallowed subject is requested.
- Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
- Required, permitted, or forbidden key usages / extended key usages.
- Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
- Whether or not requests for CA certificates are allowed.
uid: Option<String>
uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
usages: Option<Vec<String>>
usages specifies a set of key usages requested in the issued certificate.
Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
Valid values are: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
username: Option<String>
username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
Trait Implementations
impl Clone for CertificateSigningRequestSpec
[src]
pub fn clone(&self) -> CertificateSigningRequestSpec
[src]
pub fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl Debug for CertificateSigningRequestSpec
[src]
impl Default for CertificateSigningRequestSpec
[src]
pub fn default() -> CertificateSigningRequestSpec
[src]
impl<'de> Deserialize<'de> for CertificateSigningRequestSpec
[src]
pub fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where
D: Deserializer<'de>,
[src]
D: Deserializer<'de>,
impl PartialEq<CertificateSigningRequestSpec> for CertificateSigningRequestSpec
[src]
pub fn eq(&self, other: &CertificateSigningRequestSpec) -> bool
[src]
pub fn ne(&self, other: &CertificateSigningRequestSpec) -> bool
[src]
impl Serialize for CertificateSigningRequestSpec
[src]
impl StructuralPartialEq for CertificateSigningRequestSpec
[src]
Auto Trait Implementations
impl RefUnwindSafe for CertificateSigningRequestSpec
[src]
impl Send for CertificateSigningRequestSpec
[src]
impl Sync for CertificateSigningRequestSpec
[src]
impl Unpin for CertificateSigningRequestSpec
[src]
impl UnwindSafe for CertificateSigningRequestSpec
[src]
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> DeserializeOwned for T where
T: for<'de> Deserialize<'de>,
[src]
T: for<'de> Deserialize<'de>,
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,