...

Package v1

import "k8s.io/api/certificates/v1"
Overview
Index

Overview ▾

Index ▾

Constants
Variables
func Kind(kind string) schema.GroupKind
func Resource(resource string) schema.GroupResource
type CertificateSigningRequest
    func (in *CertificateSigningRequest) DeepCopy() *CertificateSigningRequest
    func (in *CertificateSigningRequest) DeepCopyInto(out *CertificateSigningRequest)
    func (in *CertificateSigningRequest) DeepCopyObject() runtime.Object
    func (*CertificateSigningRequest) Descriptor() ([]byte, []int)
    func (m *CertificateSigningRequest) Marshal() (dAtA []byte, err error)
    func (m *CertificateSigningRequest) MarshalTo(dAtA []byte) (int, error)
    func (m *CertificateSigningRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)
    func (*CertificateSigningRequest) ProtoMessage()
    func (m *CertificateSigningRequest) Reset()
    func (m *CertificateSigningRequest) Size() (n int)
    func (this *CertificateSigningRequest) String() string
    func (CertificateSigningRequest) SwaggerDoc() map[string]string
    func (m *CertificateSigningRequest) Unmarshal(dAtA []byte) error
    func (m *CertificateSigningRequest) XXX_DiscardUnknown()
    func (m *CertificateSigningRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
    func (m *CertificateSigningRequest) XXX_Merge(src proto.Message)
    func (m *CertificateSigningRequest) XXX_Size() int
    func (m *CertificateSigningRequest) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestCondition
    func (in *CertificateSigningRequestCondition) DeepCopy() *CertificateSigningRequestCondition
    func (in *CertificateSigningRequestCondition) DeepCopyInto(out *CertificateSigningRequestCondition)
    func (*CertificateSigningRequestCondition) Descriptor() ([]byte, []int)
    func (m *CertificateSigningRequestCondition) Marshal() (dAtA []byte, err error)
    func (m *CertificateSigningRequestCondition) MarshalTo(dAtA []byte) (int, error)
    func (m *CertificateSigningRequestCondition) MarshalToSizedBuffer(dAtA []byte) (int, error)
    func (*CertificateSigningRequestCondition) ProtoMessage()
    func (m *CertificateSigningRequestCondition) Reset()
    func (m *CertificateSigningRequestCondition) Size() (n int)
    func (this *CertificateSigningRequestCondition) String() string
    func (CertificateSigningRequestCondition) SwaggerDoc() map[string]string
    func (m *CertificateSigningRequestCondition) Unmarshal(dAtA []byte) error
    func (m *CertificateSigningRequestCondition) XXX_DiscardUnknown()
    func (m *CertificateSigningRequestCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
    func (m *CertificateSigningRequestCondition) XXX_Merge(src proto.Message)
    func (m *CertificateSigningRequestCondition) XXX_Size() int
    func (m *CertificateSigningRequestCondition) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestList
    func (in *CertificateSigningRequestList) DeepCopy() *CertificateSigningRequestList
    func (in *CertificateSigningRequestList) DeepCopyInto(out *CertificateSigningRequestList)
    func (in *CertificateSigningRequestList) DeepCopyObject() runtime.Object
    func (*CertificateSigningRequestList) Descriptor() ([]byte, []int)
    func (m *CertificateSigningRequestList) Marshal() (dAtA []byte, err error)
    func (m *CertificateSigningRequestList) MarshalTo(dAtA []byte) (int, error)
    func (m *CertificateSigningRequestList) MarshalToSizedBuffer(dAtA []byte) (int, error)
    func (*CertificateSigningRequestList) ProtoMessage()
    func (m *CertificateSigningRequestList) Reset()
    func (m *CertificateSigningRequestList) Size() (n int)
    func (this *CertificateSigningRequestList) String() string
    func (CertificateSigningRequestList) SwaggerDoc() map[string]string
    func (m *CertificateSigningRequestList) Unmarshal(dAtA []byte) error
    func (m *CertificateSigningRequestList) XXX_DiscardUnknown()
    func (m *CertificateSigningRequestList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
    func (m *CertificateSigningRequestList) XXX_Merge(src proto.Message)
    func (m *CertificateSigningRequestList) XXX_Size() int
    func (m *CertificateSigningRequestList) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestSpec
    func (in *CertificateSigningRequestSpec) DeepCopy() *CertificateSigningRequestSpec
    func (in *CertificateSigningRequestSpec) DeepCopyInto(out *CertificateSigningRequestSpec)
    func (*CertificateSigningRequestSpec) Descriptor() ([]byte, []int)
    func (m *CertificateSigningRequestSpec) Marshal() (dAtA []byte, err error)
    func (m *CertificateSigningRequestSpec) MarshalTo(dAtA []byte) (int, error)
    func (m *CertificateSigningRequestSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
    func (*CertificateSigningRequestSpec) ProtoMessage()
    func (m *CertificateSigningRequestSpec) Reset()
    func (m *CertificateSigningRequestSpec) Size() (n int)
    func (this *CertificateSigningRequestSpec) String() string
    func (CertificateSigningRequestSpec) SwaggerDoc() map[string]string
    func (m *CertificateSigningRequestSpec) Unmarshal(dAtA []byte) error
    func (m *CertificateSigningRequestSpec) XXX_DiscardUnknown()
    func (m *CertificateSigningRequestSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
    func (m *CertificateSigningRequestSpec) XXX_Merge(src proto.Message)
    func (m *CertificateSigningRequestSpec) XXX_Size() int
    func (m *CertificateSigningRequestSpec) XXX_Unmarshal(b []byte) error
type CertificateSigningRequestStatus
    func (in *CertificateSigningRequestStatus) DeepCopy() *CertificateSigningRequestStatus
    func (in *CertificateSigningRequestStatus) DeepCopyInto(out *CertificateSigningRequestStatus)
    func (*CertificateSigningRequestStatus) Descriptor() ([]byte, []int)
    func (m *CertificateSigningRequestStatus) Marshal() (dAtA []byte, err error)
    func (m *CertificateSigningRequestStatus) MarshalTo(dAtA []byte) (int, error)
    func (m *CertificateSigningRequestStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
    func (*CertificateSigningRequestStatus) ProtoMessage()
    func (m *CertificateSigningRequestStatus) Reset()
    func (m *CertificateSigningRequestStatus) Size() (n int)
    func (this *CertificateSigningRequestStatus) String() string
    func (CertificateSigningRequestStatus) SwaggerDoc() map[string]string
    func (m *CertificateSigningRequestStatus) Unmarshal(dAtA []byte) error
    func (m *CertificateSigningRequestStatus) XXX_DiscardUnknown()
    func (m *CertificateSigningRequestStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
    func (m *CertificateSigningRequestStatus) XXX_Merge(src proto.Message)
    func (m *CertificateSigningRequestStatus) XXX_Size() int
    func (m *CertificateSigningRequestStatus) XXX_Unmarshal(b []byte) error
type ExtraValue
    func (in ExtraValue) DeepCopy() ExtraValue
    func (in ExtraValue) DeepCopyInto(out *ExtraValue)
    func (*ExtraValue) Descriptor() ([]byte, []int)
    func (m ExtraValue) Marshal() (dAtA []byte, err error)
    func (m ExtraValue) MarshalTo(dAtA []byte) (int, error)
    func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error)
    func (*ExtraValue) ProtoMessage()
    func (m *ExtraValue) Reset()
    func (m ExtraValue) Size() (n int)
    func (t ExtraValue) String() string
    func (m *ExtraValue) Unmarshal(dAtA []byte) error
    func (m *ExtraValue) XXX_DiscardUnknown()
    func (m *ExtraValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
    func (m *ExtraValue) XXX_Merge(src proto.Message)
    func (m *ExtraValue) XXX_Size() int
    func (m *ExtraValue) XXX_Unmarshal(b []byte) error
type KeyUsage
type RequestConditionType

Package files

doc.go generated.pb.go register.go types.go types_swagger_doc_generated.go zz_generated.deepcopy.go

Constants

Built in signerName values that are honored by kube-controller-manager. 

const (
    // "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver.
    // Never auto-approved by kube-controller-manager.
    // Can be issued by the "csrsigning" controller in kube-controller-manager.
    KubeAPIServerClientSignerName = "kubernetes.io/kube-apiserver-client"

    // "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver.
    // Can be auto-approved by the "csrapproving" controller in kube-controller-manager.
    // Can be issued by the "csrsigning" controller in kube-controller-manager.
    KubeAPIServerClientKubeletSignerName = "kubernetes.io/kube-apiserver-client-kubelet"

    // "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints,
    // which kube-apiserver can connect to securely.
    // Never auto-approved by kube-controller-manager.
    // Can be issued by the "csrsigning" controller in kube-controller-manager.
    KubeletServingSignerName = "kubernetes.io/kubelet-serving"
)

GroupName is the group name use in this package 

const GroupName = "certificates.k8s.io"

Variables

var (
    ErrInvalidLengthGenerated        = fmt.Errorf("proto: negative length found during unmarshaling")
    ErrIntOverflowGenerated          = fmt.Errorf("proto: integer overflow")
    ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group")
)
var (
    // SchemeBuilder is the scheme builder with scheme init functions to run for this API package
    SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)

    // AddToScheme is a global function that registers this API group & version to a scheme
    AddToScheme = localSchemeBuilder.AddToScheme
)

SchemeGroupVersion is group version used to register these objects 

var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

type CertificateSigningRequest

CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.

Kubelets use this API to obtain:

  1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
  2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).

This API can be used to request client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName), or to obtain certificates from custom non-Kubernetes signers. 

type CertificateSigningRequest struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // spec contains the certificate request, and is immutable after creation.
    // Only the request, signerName, expirationSeconds, and usages fields can be set on creation.
    // Other fields are derived by Kubernetes and cannot be modified by users.
    Spec CertificateSigningRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`

    // status contains information about whether the request is approved or denied,
    // and the certificate issued by the signer, or the failure condition indicating signer failure.
    // +optional
    Status CertificateSigningRequestStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}

func (*CertificateSigningRequest) DeepCopy 

func (in *CertificateSigningRequest) DeepCopy() *CertificateSigningRequest

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequest.

func (*CertificateSigningRequest) DeepCopyInto 

func (in *CertificateSigningRequest) DeepCopyInto(out *CertificateSigningRequest)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateSigningRequest) DeepCopyObject 

func (in *CertificateSigningRequest) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*CertificateSigningRequest) Descriptor 

func (*CertificateSigningRequest) Descriptor() ([]byte, []int)

func (*CertificateSigningRequest) Marshal 

func (m *CertificateSigningRequest) Marshal() (dAtA []byte, err error)

func (*CertificateSigningRequest) MarshalTo 

func (m *CertificateSigningRequest) MarshalTo(dAtA []byte) (int, error)

func (*CertificateSigningRequest) MarshalToSizedBuffer 

func (m *CertificateSigningRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertificateSigningRequest) ProtoMessage 

func (*CertificateSigningRequest) ProtoMessage()

func (*CertificateSigningRequest) Reset 

func (m *CertificateSigningRequest) Reset()

func (*CertificateSigningRequest) Size 

func (m *CertificateSigningRequest) Size() (n int)

func (*CertificateSigningRequest) String 

func (this *CertificateSigningRequest) String() string

func (CertificateSigningRequest) SwaggerDoc 

func (CertificateSigningRequest) SwaggerDoc() map[string]string

func (*CertificateSigningRequest) Unmarshal 

func (m *CertificateSigningRequest) Unmarshal(dAtA []byte) error

func (*CertificateSigningRequest) XXX_DiscardUnknown 

func (m *CertificateSigningRequest) XXX_DiscardUnknown()

func (*CertificateSigningRequest) XXX_Marshal 

func (m *CertificateSigningRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertificateSigningRequest) XXX_Merge 

func (m *CertificateSigningRequest) XXX_Merge(src proto.Message)

func (*CertificateSigningRequest) XXX_Size 

func (m *CertificateSigningRequest) XXX_Size() int

func (*CertificateSigningRequest) XXX_Unmarshal 

func (m *CertificateSigningRequest) XXX_Unmarshal(b []byte) error

type CertificateSigningRequestCondition

CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object 

type CertificateSigningRequestCondition struct {
    // type of the condition. Known conditions are "Approved", "Denied", and "Failed".
    //
    // An "Approved" condition is added via the /approval subresource,
    // indicating the request was approved and should be issued by the signer.
    //
    // A "Denied" condition is added via the /approval subresource,
    // indicating the request was denied and should not be issued by the signer.
    //
    // A "Failed" condition is added via the /status subresource,
    // indicating the signer failed to issue the certificate.
    //
    // Approved and Denied conditions are mutually exclusive.
    // Approved, Denied, and Failed conditions cannot be removed once added.
    //
    // Only one condition of a given type is allowed.
    Type RequestConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RequestConditionType"`
    // status of the condition, one of True, False, Unknown.
    // Approved, Denied, and Failed conditions may not be "False" or "Unknown".
    Status v1.ConditionStatus `json:"status" protobuf:"bytes,6,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"`
    // reason indicates a brief reason for the request state
    // +optional
    Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
    // message contains a human readable message with details about the request state
    // +optional
    Message string `json:"message,omitempty" protobuf:"bytes,3,opt,name=message"`
    // lastUpdateTime is the time of the last update to this condition
    // +optional
    LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdateTime"`
    // lastTransitionTime is the time the condition last transitioned from one status to another.
    // If unset, when a new condition type is added or an existing condition's status is changed,
    // the server defaults this to the current time.
    // +optional
    LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,5,opt,name=lastTransitionTime"`
}

func (*CertificateSigningRequestCondition) DeepCopy 

func (in *CertificateSigningRequestCondition) DeepCopy() *CertificateSigningRequestCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestCondition.

func (*CertificateSigningRequestCondition) DeepCopyInto 

func (in *CertificateSigningRequestCondition) DeepCopyInto(out *CertificateSigningRequestCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateSigningRequestCondition) Descriptor 

func (*CertificateSigningRequestCondition) Descriptor() ([]byte, []int)

func (*CertificateSigningRequestCondition) Marshal 

func (m *CertificateSigningRequestCondition) Marshal() (dAtA []byte, err error)

func (*CertificateSigningRequestCondition) MarshalTo 

func (m *CertificateSigningRequestCondition) MarshalTo(dAtA []byte) (int, error)

func (*CertificateSigningRequestCondition) MarshalToSizedBuffer 

func (m *CertificateSigningRequestCondition) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertificateSigningRequestCondition) ProtoMessage 

func (*CertificateSigningRequestCondition) ProtoMessage()

func (*CertificateSigningRequestCondition) Reset 

func (m *CertificateSigningRequestCondition) Reset()

func (*CertificateSigningRequestCondition) Size 

func (m *CertificateSigningRequestCondition) Size() (n int)

func (*CertificateSigningRequestCondition) String 

func (this *CertificateSigningRequestCondition) String() string

func (CertificateSigningRequestCondition) SwaggerDoc 

func (CertificateSigningRequestCondition) SwaggerDoc() map[string]string

func (*CertificateSigningRequestCondition) Unmarshal 

func (m *CertificateSigningRequestCondition) Unmarshal(dAtA []byte) error

func (*CertificateSigningRequestCondition) XXX_DiscardUnknown 

func (m *CertificateSigningRequestCondition) XXX_DiscardUnknown()

func (*CertificateSigningRequestCondition) XXX_Marshal 

func (m *CertificateSigningRequestCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertificateSigningRequestCondition) XXX_Merge 

func (m *CertificateSigningRequestCondition) XXX_Merge(src proto.Message)

func (*CertificateSigningRequestCondition) XXX_Size 

func (m *CertificateSigningRequestCondition) XXX_Size() int

func (*CertificateSigningRequestCondition) XXX_Unmarshal 

func (m *CertificateSigningRequestCondition) XXX_Unmarshal(b []byte) error

type CertificateSigningRequestList

CertificateSigningRequestList is a collection of CertificateSigningRequest objects 

type CertificateSigningRequestList struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // items is a collection of CertificateSigningRequest objects
    Items []CertificateSigningRequest `json:"items" protobuf:"bytes,2,rep,name=items"`
}

func (*CertificateSigningRequestList) DeepCopy 

func (in *CertificateSigningRequestList) DeepCopy() *CertificateSigningRequestList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestList.

func (*CertificateSigningRequestList) DeepCopyInto 

func (in *CertificateSigningRequestList) DeepCopyInto(out *CertificateSigningRequestList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateSigningRequestList) DeepCopyObject 

func (in *CertificateSigningRequestList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*CertificateSigningRequestList) Descriptor 

func (*CertificateSigningRequestList) Descriptor() ([]byte, []int)

func (*CertificateSigningRequestList) Marshal 

func (m *CertificateSigningRequestList) Marshal() (dAtA []byte, err error)

func (*CertificateSigningRequestList) MarshalTo 

func (m *CertificateSigningRequestList) MarshalTo(dAtA []byte) (int, error)

func (*CertificateSigningRequestList) MarshalToSizedBuffer 

func (m *CertificateSigningRequestList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertificateSigningRequestList) ProtoMessage 

func (*CertificateSigningRequestList) ProtoMessage()

func (*CertificateSigningRequestList) Reset 

func (m *CertificateSigningRequestList) Reset()

func (*CertificateSigningRequestList) Size 

func (m *CertificateSigningRequestList) Size() (n int)

func (*CertificateSigningRequestList) String 

func (this *CertificateSigningRequestList) String() string

func (CertificateSigningRequestList) SwaggerDoc 

func (CertificateSigningRequestList) SwaggerDoc() map[string]string

func (*CertificateSigningRequestList) Unmarshal 

func (m *CertificateSigningRequestList) Unmarshal(dAtA []byte) error

func (*CertificateSigningRequestList) XXX_DiscardUnknown 

func (m *CertificateSigningRequestList) XXX_DiscardUnknown()

func (*CertificateSigningRequestList) XXX_Marshal 

func (m *CertificateSigningRequestList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertificateSigningRequestList) XXX_Merge 

func (m *CertificateSigningRequestList) XXX_Merge(src proto.Message)

func (*CertificateSigningRequestList) XXX_Size 

func (m *CertificateSigningRequestList) XXX_Size() int

func (*CertificateSigningRequestList) XXX_Unmarshal 

func (m *CertificateSigningRequestList) XXX_Unmarshal(b []byte) error

type CertificateSigningRequestSpec

CertificateSigningRequestSpec contains the certificate request. 

type CertificateSigningRequestSpec struct {
    // request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
    // When serialized as JSON or YAML, the data is additionally base64-encoded.
    // +listType=atomic
    Request []byte `json:"request" protobuf:"bytes,1,opt,name=request"`

    // signerName indicates the requested signer, and is a qualified name.
    //
    // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
    //
    // Well-known Kubernetes signers are:
    //  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
    //   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
    //  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
    //   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
    //  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
    //   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
    //
    // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
    //
    // Custom signerNames can also be specified. The signer defines:
    //  1. Trust distribution: how trust (CA bundles) are distributed.
    //  2. Permitted subjects: and behavior when a disallowed subject is requested.
    //  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
    //  4. Required, permitted, or forbidden key usages / extended key usages.
    //  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
    //  6. Whether or not requests for CA certificates are allowed.
    SignerName string `json:"signerName" protobuf:"bytes,7,opt,name=signerName"`

    // expirationSeconds is the requested duration of validity of the issued
    // certificate. The certificate signer may issue a certificate with a different
    // validity duration so a client must check the delta between the notBefore and
    // and notAfter fields in the issued certificate to determine the actual duration.
    //
    // The v1.22+ in-tree implementations of the well-known Kubernetes signers will
    // honor this field as long as the requested duration is not greater than the
    // maximum duration they will honor per the --cluster-signing-duration CLI
    // flag to the Kubernetes controller manager.
    //
    // Certificate signers may not honor this field for various reasons:
    //
    //   1. Old signer that is unaware of the field (such as the in-tree
    //      implementations prior to v1.22)
    //   2. Signer whose configured maximum is shorter than the requested duration
    //   3. Signer whose configured minimum is longer than the requested duration
    //
    // The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
    //
    // +optional
    ExpirationSeconds *int32 `json:"expirationSeconds,omitempty" protobuf:"varint,8,opt,name=expirationSeconds"`

    // usages specifies a set of key usages requested in the issued certificate.
    //
    // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
    //
    // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
    //
    // Valid values are:
    //  "signing", "digital signature", "content commitment",
    //  "key encipherment", "key agreement", "data encipherment",
    //  "cert sign", "crl sign", "encipher only", "decipher only", "any",
    //  "server auth", "client auth",
    //  "code signing", "email protection", "s/mime",
    //  "ipsec end system", "ipsec tunnel", "ipsec user",
    //  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
    // +listType=atomic
    Usages []KeyUsage `json:"usages,omitempty" protobuf:"bytes,5,opt,name=usages"`

    // username contains the name of the user that created the CertificateSigningRequest.
    // Populated by the API server on creation and immutable.
    // +optional
    Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"`
    // uid contains the uid of the user that created the CertificateSigningRequest.
    // Populated by the API server on creation and immutable.
    // +optional
    UID string `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"`
    // groups contains group membership of the user that created the CertificateSigningRequest.
    // Populated by the API server on creation and immutable.
    // +listType=atomic
    // +optional
    Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
    // extra contains extra attributes of the user that created the CertificateSigningRequest.
    // Populated by the API server on creation and immutable.
    // +optional
    Extra map[string]ExtraValue `json:"extra,omitempty" protobuf:"bytes,6,rep,name=extra"`
}

func (*CertificateSigningRequestSpec) DeepCopy 

func (in *CertificateSigningRequestSpec) DeepCopy() *CertificateSigningRequestSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestSpec.

func (*CertificateSigningRequestSpec) DeepCopyInto 

func (in *CertificateSigningRequestSpec) DeepCopyInto(out *CertificateSigningRequestSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateSigningRequestSpec) Descriptor 

func (*CertificateSigningRequestSpec) Descriptor() ([]byte, []int)

func (*CertificateSigningRequestSpec) Marshal 

func (m *CertificateSigningRequestSpec) Marshal() (dAtA []byte, err error)

func (*CertificateSigningRequestSpec) MarshalTo 

func (m *CertificateSigningRequestSpec) MarshalTo(dAtA []byte) (int, error)

func (*CertificateSigningRequestSpec) MarshalToSizedBuffer 

func (m *CertificateSigningRequestSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertificateSigningRequestSpec) ProtoMessage 

func (*CertificateSigningRequestSpec) ProtoMessage()

func (*CertificateSigningRequestSpec) Reset 

func (m *CertificateSigningRequestSpec) Reset()

func (*CertificateSigningRequestSpec) Size 

func (m *CertificateSigningRequestSpec) Size() (n int)

func (*CertificateSigningRequestSpec) String 

func (this *CertificateSigningRequestSpec) String() string

func (CertificateSigningRequestSpec) SwaggerDoc 

func (CertificateSigningRequestSpec) SwaggerDoc() map[string]string

func (*CertificateSigningRequestSpec) Unmarshal 

func (m *CertificateSigningRequestSpec) Unmarshal(dAtA []byte) error

func (*CertificateSigningRequestSpec) XXX_DiscardUnknown 

func (m *CertificateSigningRequestSpec) XXX_DiscardUnknown()

func (*CertificateSigningRequestSpec) XXX_Marshal 

func (m *CertificateSigningRequestSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertificateSigningRequestSpec) XXX_Merge 

func (m *CertificateSigningRequestSpec) XXX_Merge(src proto.Message)

func (*CertificateSigningRequestSpec) XXX_Size 

func (m *CertificateSigningRequestSpec) XXX_Size() int

func (*CertificateSigningRequestSpec) XXX_Unmarshal 

func (m *CertificateSigningRequestSpec) XXX_Unmarshal(b []byte) error

type CertificateSigningRequestStatus

CertificateSigningRequestStatus contains conditions used to indicate approved/denied/failed status of the request, and the issued certificate. 

type CertificateSigningRequestStatus struct {
    // conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed".
    // +listType=map
    // +listMapKey=type
    // +optional
    Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`

    // certificate is populated with an issued certificate by the signer after an Approved condition is present.
    // This field is set via the /status subresource. Once populated, this field is immutable.
    //
    // If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty.
    // If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
    //
    // Validation requirements:
    //  1. certificate must contain one or more PEM blocks.
    //  2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data
    //   must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280.
    //  3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated,
    //   to allow for explanatory text as described in section 5.2 of RFC7468.
    //
    // If more than one PEM block is present, and the definition of the requested spec.signerName
    // does not indicate otherwise, the first block is the issued certificate,
    // and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.
    //
    // The certificate is encoded in PEM format.
    //
    // When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of:
    //
    //     base64(
    //     -----BEGIN CERTIFICATE-----
    //     ...
    //     -----END CERTIFICATE-----
    //     )
    //
    // +listType=atomic
    // +optional
    Certificate []byte `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"`
}

func (*CertificateSigningRequestStatus) DeepCopy 

func (in *CertificateSigningRequestStatus) DeepCopy() *CertificateSigningRequestStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestStatus.

func (*CertificateSigningRequestStatus) DeepCopyInto 

func (in *CertificateSigningRequestStatus) DeepCopyInto(out *CertificateSigningRequestStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateSigningRequestStatus) Descriptor 

func (*CertificateSigningRequestStatus) Descriptor() ([]byte, []int)

func (*CertificateSigningRequestStatus) Marshal 

func (m *CertificateSigningRequestStatus) Marshal() (dAtA []byte, err error)

func (*CertificateSigningRequestStatus) MarshalTo 

func (m *CertificateSigningRequestStatus) MarshalTo(dAtA []byte) (int, error)

func (*CertificateSigningRequestStatus) MarshalToSizedBuffer 

func (m *CertificateSigningRequestStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertificateSigningRequestStatus) ProtoMessage 

func (*CertificateSigningRequestStatus) ProtoMessage()

func (*CertificateSigningRequestStatus) Reset 

func (m *CertificateSigningRequestStatus) Reset()

func (*CertificateSigningRequestStatus) Size 

func (m *CertificateSigningRequestStatus) Size() (n int)

func (*CertificateSigningRequestStatus) String 

func (this *CertificateSigningRequestStatus) String() string

func (CertificateSigningRequestStatus) SwaggerDoc 

func (CertificateSigningRequestStatus) SwaggerDoc() map[string]string

func (*CertificateSigningRequestStatus) Unmarshal 

func (m *CertificateSigningRequestStatus) Unmarshal(dAtA []byte) error

func (*CertificateSigningRequestStatus) XXX_DiscardUnknown 

func (m *CertificateSigningRequestStatus) XXX_DiscardUnknown()

func (*CertificateSigningRequestStatus) XXX_Marshal 

func (m *CertificateSigningRequestStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertificateSigningRequestStatus) XXX_Merge 

func (m *CertificateSigningRequestStatus) XXX_Merge(src proto.Message)

func (*CertificateSigningRequestStatus) XXX_Size 

func (m *CertificateSigningRequestStatus) XXX_Size() int

func (*CertificateSigningRequestStatus) XXX_Unmarshal 

func (m *CertificateSigningRequestStatus) XXX_Unmarshal(b []byte) error

type ExtraValue

ExtraValue masks the value so protobuf can generate +protobuf.nullable=true +protobuf.options.(gogoproto.goproto_stringer)=false 

type ExtraValue []string

func (ExtraValue) DeepCopy 

func (in ExtraValue) DeepCopy() ExtraValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.

func (ExtraValue) DeepCopyInto 

func (in ExtraValue) DeepCopyInto(out *ExtraValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExtraValue) Descriptor 

func (*ExtraValue) Descriptor() ([]byte, []int)

func (ExtraValue) Marshal 

func (m ExtraValue) Marshal() (dAtA []byte, err error)

func (ExtraValue) MarshalTo 

func (m ExtraValue) MarshalTo(dAtA []byte) (int, error)

func (ExtraValue) MarshalToSizedBuffer 

func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ExtraValue) ProtoMessage 

func (*ExtraValue) ProtoMessage()

func (*ExtraValue) Reset 

func (m *ExtraValue) Reset()

func (ExtraValue) Size 

func (m ExtraValue) Size() (n int)

func (ExtraValue) String 

func (t ExtraValue) String() string

func (*ExtraValue) Unmarshal 

func (m *ExtraValue) Unmarshal(dAtA []byte) error

func (*ExtraValue) XXX_DiscardUnknown 

func (m *ExtraValue) XXX_DiscardUnknown()

func (*ExtraValue) XXX_Marshal 

func (m *ExtraValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtraValue) XXX_Merge 

func (m *ExtraValue) XXX_Merge(src proto.Message)

func (*ExtraValue) XXX_Size 

func (m *ExtraValue) XXX_Size() int

func (*ExtraValue) XXX_Unmarshal 

func (m *ExtraValue) XXX_Unmarshal(b []byte) error

type KeyUsage

KeyUsage specifies valid usage contexts for keys. See: 

https://tools.ietf.org/html/rfc5280#section-4.2.1.3
https://tools.ietf.org/html/rfc5280#section-4.2.1.12

+enum 

type KeyUsage string

Valid key usages 

const (
    UsageSigning           KeyUsage = "signing"
    UsageDigitalSignature  KeyUsage = "digital signature"
    UsageContentCommitment KeyUsage = "content commitment"
    UsageKeyEncipherment   KeyUsage = "key encipherment"
    UsageKeyAgreement      KeyUsage = "key agreement"
    UsageDataEncipherment  KeyUsage = "data encipherment"
    UsageCertSign          KeyUsage = "cert sign"
    UsageCRLSign           KeyUsage = "crl sign"
    UsageEncipherOnly      KeyUsage = "encipher only"
    UsageDecipherOnly      KeyUsage = "decipher only"
    UsageAny               KeyUsage = "any"
    UsageServerAuth        KeyUsage = "server auth"
    UsageClientAuth        KeyUsage = "client auth"
    UsageCodeSigning       KeyUsage = "code signing"
    UsageEmailProtection   KeyUsage = "email protection"
    UsageSMIME             KeyUsage = "s/mime"
    UsageIPsecEndSystem    KeyUsage = "ipsec end system"
    UsageIPsecTunnel       KeyUsage = "ipsec tunnel"
    UsageIPsecUser         KeyUsage = "ipsec user"
    UsageTimestamping      KeyUsage = "timestamping"
    UsageOCSPSigning       KeyUsage = "ocsp signing"
    UsageMicrosoftSGC      KeyUsage = "microsoft sgc"
    UsageNetscapeSGC       KeyUsage = "netscape sgc"
)

type RequestConditionType

RequestConditionType is the type of a CertificateSigningRequestCondition 

type RequestConditionType string

Well-known condition types for certificate requests. 

const (
    // Approved indicates the request was approved and should be issued by the signer.
    CertificateApproved RequestConditionType = "Approved"
    // Denied indicates the request was denied and should not be issued by the signer.
    CertificateDenied RequestConditionType = "Denied"
    // Failed indicates the signer failed to issue the certificate.
    CertificateFailed RequestConditionType = "Failed"
)