Class V1alpha1PodCertificateRequestSpec
PodCertificateRequestSpec describes the certificate request. All fields are
immutable after creation.
Inheritance
V1alpha1PodCertificateRequestSpec
Assembly: KubernetesClient.dll
Syntax
public record V1alpha1PodCertificateRequestSpec : IEquatable<V1alpha1PodCertificateRequestSpec>
Constructors
View Source
V1alpha1PodCertificateRequestSpec()
Declaration
public V1alpha1PodCertificateRequestSpec()
View Source
V1alpha1PodCertificateRequestSpec(V1alpha1PodCertificateRequestSpec)
Declaration
protected V1alpha1PodCertificateRequestSpec(V1alpha1PodCertificateRequestSpec original)
Parameters
Properties
View Source
EqualityContract
Declaration
protected virtual Type EqualityContract { get; }
Property Value
View Source
MaxExpirationSeconds
maxExpirationSeconds is the maximum lifetime permitted for the certificate.
If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will
reject values shorter than 3600 (1 hour). The maximum allowable value is
7862400 (91 days).
The signer implementation is then free to issue a certificate with any lifetime
shorter than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour).
This constraint is enforced by kube-apiserver. kubernetes.io signers will
never issue certificates with a lifetime longer than 24 hours.
Declaration
[JsonPropertyName("maxExpirationSeconds")]
public int? MaxExpirationSeconds { get; set; }
Property Value
View Source
NodeName
nodeName is the name of the node the pod is assigned to.
Declaration
[JsonPropertyName("nodeName")]
public string NodeName { get; set; }
Property Value
View Source
NodeUID
nodeUID is the UID of the node the pod is assigned to.
Declaration
[JsonPropertyName("nodeUID")]
public string NodeUID { get; set; }
Property Value
View Source
PkixPublicKey
pkixPublicKey is the PKIX-serialized public key the signer will issue the
certificate to.
The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or
ED25519. Note that this list may be expanded in the future.
Signer implementations do not need to support all key types supported by
kube-apiserver and kubelet. If a signer does not support the key type used for
a given PodCertificateRequest, it must deny the request by setting a
status.conditions entry with a type of "Denied" and a reason of
"UnsupportedKeyType". It may also suggest a key type that it does support in the
message field.
Declaration
[JsonPropertyName("pkixPublicKey")]
public byte[] PkixPublicKey { get; set; }
Property Value
View Source
PodName
podName is the name of the pod into which the certificate will be mounted.
Declaration
[JsonPropertyName("podName")]
public string PodName { get; set; }
Property Value
View Source
PodUID
podUID is the UID of the pod into which the certificate will be mounted.
Declaration
[JsonPropertyName("podUID")]
public string PodUID { get; set; }
Property Value
View Source
ProofOfPossession
proofOfPossession proves that the requesting kubelet holds the private key
corresponding to pkixPublicKey.
It is contructed by signing the ASCII bytes of the pod's UID using
pkixPublicKey.
kube-apiserver validates the proof of possession during creation of the
PodCertificateRequest.
If the key is an RSA key, then the signature is over the ASCII bytes of the pod
UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function
crypto/rsa.SignPSS with nil options).
If the key is an ECDSA key, then the signature is as described by SEC 1,
Version 2.0 (as implemented by the golang
library function crypto/ecdsa.SignASN1)
If the key is an ED25519 key, the the signature is as described by the ED25519
Specification (as implemented by the golang library
crypto/ed25519.Sign).
Declaration
[JsonPropertyName("proofOfPossession")]
public byte[] ProofOfPossession { get; set; }
Property Value
View Source
ServiceAccountName
serviceAccountName is the name of the service account the pod is running as.
Declaration
[JsonPropertyName("serviceAccountName")]
public string ServiceAccountName { get; set; }
Property Value
View Source
ServiceAccountUID
serviceAccountUID is the UID of the service account the pod is running as.
Declaration
[JsonPropertyName("serviceAccountUID")]
public string ServiceAccountUID { get; set; }
Property Value
View Source
SignerName
signerName indicates the requested signer.
All signer names beginning with kubernetes.io are reserved for use by the
Kubernetes project. There is currently one well-known signer documented by the
Kubernetes project, kubernetes.io/kube-apiserver-client-pod, which will issue
client certificates understood by kube-apiserver. It is currently
unimplemented.
Declaration
[JsonPropertyName("signerName")]
public string SignerName { get; set; }
Property Value
Methods
View Source
Equals(object?)
Declaration
public override bool Equals(object? obj)
Parameters
| Type |
Name |
Description |
| object |
obj |
|
Returns
Overrides
View Source
Equals(V1alpha1PodCertificateRequestSpec?)
Declaration
public virtual bool Equals(V1alpha1PodCertificateRequestSpec? other)
Parameters
Returns
View Source
GetHashCode()
Declaration
public override int GetHashCode()
Returns
Overrides
View Source
PrintMembers(StringBuilder)
Declaration
protected virtual bool PrintMembers(StringBuilder builder)
Parameters
Returns
View Source
ToString()
Declaration
public override string ToString()
Returns
Overrides
Operators
View Source
operator ==(V1alpha1PodCertificateRequestSpec?, V1alpha1PodCertificateRequestSpec?)
Declaration
public static bool operator ==(V1alpha1PodCertificateRequestSpec? left, V1alpha1PodCertificateRequestSpec? right)
Parameters
Returns
View Source
operator !=(V1alpha1PodCertificateRequestSpec?, V1alpha1PodCertificateRequestSpec?)
Declaration
public static bool operator !=(V1alpha1PodCertificateRequestSpec? left, V1alpha1PodCertificateRequestSpec? right)
Parameters
Returns
Implements