GroupName is the group name use in this package
const GroupName = "certificates.k8s.io"
var (
ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow")
ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group")
)
var (
// SchemeBuilder is the scheme builder with scheme init functions to run for this API package
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// AddToScheme is a global function that registers this API group & version to a scheme
AddToScheme = localSchemeBuilder.AddToScheme
)
SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
func Kind(kind string) schema.GroupKind
Kind takes an unqualified kind and returns a Group qualified GroupKind
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
ClusterTrustBundle is a cluster-scoped container for X.509 trust anchors (root certificates).
ClusterTrustBundle objects are considered to be readable by any authenticated user in the cluster, because they can be mounted by pods using the `clusterTrustBundle` projection. All service accounts have read access to ClusterTrustBundles by default. Users who only have namespace-level access to a cluster can read ClusterTrustBundles by impersonating a serviceaccount that they have access to.
It can be optionally associated with a particular assigner, in which case it contains one valid set of trust anchors for that signer. Signers may have multiple associated ClusterTrustBundles; each is an independent set of trust anchors for that signer. Admission control is used to enforce that only users with permissions on the signer can create or modify the corresponding bundle.
type ClusterTrustBundle struct {
metav1.TypeMeta `json:",inline"`
// metadata contains the object metadata.
// +optional
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// spec contains the signer (if any) and trust anchors.
Spec ClusterTrustBundleSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
}
func (in *ClusterTrustBundle) APILifecycleDeprecated() (major, minor int)
APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (in *ClusterTrustBundle) APILifecycleIntroduced() (major, minor int)
APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *ClusterTrustBundle) APILifecycleRemoved() (major, minor int)
APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *ClusterTrustBundle) DeepCopy() *ClusterTrustBundle
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTrustBundle.
func (in *ClusterTrustBundle) DeepCopyInto(out *ClusterTrustBundle)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterTrustBundle) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterTrustBundle) Descriptor() ([]byte, []int)
func (m *ClusterTrustBundle) Marshal() (dAtA []byte, err error)
func (m *ClusterTrustBundle) MarshalTo(dAtA []byte) (int, error)
func (m *ClusterTrustBundle) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*ClusterTrustBundle) ProtoMessage()
func (m *ClusterTrustBundle) Reset()
func (m *ClusterTrustBundle) Size() (n int)
func (this *ClusterTrustBundle) String() string
func (ClusterTrustBundle) SwaggerDoc() map[string]string
func (m *ClusterTrustBundle) Unmarshal(dAtA []byte) error
func (m *ClusterTrustBundle) XXX_DiscardUnknown()
func (m *ClusterTrustBundle) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (m *ClusterTrustBundle) XXX_Merge(src proto.Message)
func (m *ClusterTrustBundle) XXX_Size() int
func (m *ClusterTrustBundle) XXX_Unmarshal(b []byte) error
ClusterTrustBundleList is a collection of ClusterTrustBundle objects
type ClusterTrustBundleList struct {
metav1.TypeMeta `json:",inline"`
// metadata contains the list metadata.
//
// +optional
metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// items is a collection of ClusterTrustBundle objects
Items []ClusterTrustBundle `json:"items" protobuf:"bytes,2,rep,name=items"`
}
func (in *ClusterTrustBundleList) APILifecycleDeprecated() (major, minor int)
APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (in *ClusterTrustBundleList) APILifecycleIntroduced() (major, minor int)
APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *ClusterTrustBundleList) APILifecycleRemoved() (major, minor int)
APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *ClusterTrustBundleList) DeepCopy() *ClusterTrustBundleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTrustBundleList.
func (in *ClusterTrustBundleList) DeepCopyInto(out *ClusterTrustBundleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterTrustBundleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterTrustBundleList) Descriptor() ([]byte, []int)
func (m *ClusterTrustBundleList) Marshal() (dAtA []byte, err error)
func (m *ClusterTrustBundleList) MarshalTo(dAtA []byte) (int, error)
func (m *ClusterTrustBundleList) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*ClusterTrustBundleList) ProtoMessage()
func (m *ClusterTrustBundleList) Reset()
func (m *ClusterTrustBundleList) Size() (n int)
func (this *ClusterTrustBundleList) String() string
func (ClusterTrustBundleList) SwaggerDoc() map[string]string
func (m *ClusterTrustBundleList) Unmarshal(dAtA []byte) error
func (m *ClusterTrustBundleList) XXX_DiscardUnknown()
func (m *ClusterTrustBundleList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (m *ClusterTrustBundleList) XXX_Merge(src proto.Message)
func (m *ClusterTrustBundleList) XXX_Size() int
func (m *ClusterTrustBundleList) XXX_Unmarshal(b []byte) error
ClusterTrustBundleSpec contains the signer and trust anchors.
type ClusterTrustBundleSpec struct {
// signerName indicates the associated signer, if any.
//
// In order to create or update a ClusterTrustBundle that sets signerName,
// you must have the following cluster-scoped permission:
// group=certificates.k8s.io resource=signers resourceName=<the signer name>
// verb=attest.
//
// If signerName is not empty, then the ClusterTrustBundle object must be
// named with the signer name as a prefix (translating slashes to colons).
// For example, for the signer name `example.com/foo`, valid
// ClusterTrustBundle object names include `example.com:foo:abc` and
// `example.com:foo:v1`.
//
// If signerName is empty, then the ClusterTrustBundle object's name must
// not have such a prefix.
//
// List/watch requests for ClusterTrustBundles can filter on this field
// using a `spec.signerName=NAME` field selector.
//
// +optional
SignerName string `json:"signerName,omitempty" protobuf:"bytes,1,opt,name=signerName"`
// trustBundle contains the individual X.509 trust anchors for this
// bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.
//
// The data must consist only of PEM certificate blocks that parse as valid
// X.509 certificates. Each certificate must include a basic constraints
// extension with the CA bit set. The API server will reject objects that
// contain duplicate certificates, or that use PEM block headers.
//
// Users of ClusterTrustBundles, including Kubelet, are free to reorder and
// deduplicate certificate blocks in this file according to their own logic,
// as well as to drop PEM block headers and inter-block data.
TrustBundle string `json:"trustBundle" protobuf:"bytes,2,opt,name=trustBundle"`
}
func (in *ClusterTrustBundleSpec) DeepCopy() *ClusterTrustBundleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTrustBundleSpec.
func (in *ClusterTrustBundleSpec) DeepCopyInto(out *ClusterTrustBundleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterTrustBundleSpec) Descriptor() ([]byte, []int)
func (m *ClusterTrustBundleSpec) Marshal() (dAtA []byte, err error)
func (m *ClusterTrustBundleSpec) MarshalTo(dAtA []byte) (int, error)
func (m *ClusterTrustBundleSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*ClusterTrustBundleSpec) ProtoMessage()
func (m *ClusterTrustBundleSpec) Reset()
func (m *ClusterTrustBundleSpec) Size() (n int)
func (this *ClusterTrustBundleSpec) String() string
func (ClusterTrustBundleSpec) SwaggerDoc() map[string]string
func (m *ClusterTrustBundleSpec) Unmarshal(dAtA []byte) error
func (m *ClusterTrustBundleSpec) XXX_DiscardUnknown()
func (m *ClusterTrustBundleSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (m *ClusterTrustBundleSpec) XXX_Merge(src proto.Message)
func (m *ClusterTrustBundleSpec) XXX_Size() int
func (m *ClusterTrustBundleSpec) XXX_Unmarshal(b []byte) error