pulumi-kubernetes-kotlin/com.pulumi.kubernetes.certificates.v1.kotlin.outputs/CertificateSigningRequestSpec

CertificateSigningRequestSpec

data class CertificateSigningRequestSpec(val expirationSeconds: Int? = null, val extra: Map<String, List<String>>? = null, val groups: List<String>? = null, val request: String, val signerName: String, val uid: String? = null, val usages: List<String>? = null, val username: String? = null)

CertificateSigningRequestSpec contains the certificate request.

Constructors

Link copied to clipboard
fun CertificateSigningRequestSpec(expirationSeconds: Int? = null, extra: Map<String, List<String>>? = null, groups: List<String>? = null, request: String, signerName: String, uid: String? = null, usages: List<String>? = null, username: String? = null)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val expirationSeconds: Int? = null

expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration. The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager. Certificate signers may not honor this field for various reasons:

Link copied to clipboard
val extra: Map<String, List<String>>? = null

extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

Link copied to clipboard
val groups: List<String>? = null

groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

Link copied to clipboard
val request: String

request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.

Link copied to clipboard
val signerName: String

signerName indicates the requested signer, and is a qualified name. List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. Well-known Kubernetes signers are:

Link copied to clipboard
val uid: String? = null

uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

Link copied to clipboard
val usages: List<String>? = null

usages specifies a set of key usages requested in the issued certificate. Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". Valid values are: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"

Link copied to clipboard
val username: String? = null

username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.