struct Kubernetes::PodCertificateRequestStatus

Overview

PodCertificateRequestStatus describes the status of the request, and holds the certificate data if the request is issued.

Included Modules

Defined in:

generated/models/io_k8s_api_certificates_v1beta1.cr

Constructors

Macro Summary

Instance Method Summary

Constructor Detail

def self.new(ctx : YAML::ParseContext, node : YAML::Nodes::Node) #

def self.new(pull : ::JSON::PullParser) #

def self.new(*, __pull_for_json_serializable pull : ::JSON::PullParser) #

def self.new(*, __context_for_yaml_serializable ctx : YAML::ParseContext, __node_for_yaml_serializable node : YAML::Nodes::Node) #

Macro Detail

macro field(name, type = nil, **options, &block) #

Helper macro for defining fields with automatic camelCase conversion


Instance Method Detail

def begin_refresh_at : Time | Nil #

beginRefreshAt is the time at which the kubelet should begin trying to refresh the certificate. This field is set via the /status subresource, and must be set at the same time as certificateChain. Once populated, this field is immutable. This field is only a hint. Kubelet may start refreshing before or after this time if necessary.


def begin_refresh_at=(begin_refresh_at : Time | Nil) #

beginRefreshAt is the time at which the kubelet should begin trying to refresh the certificate. This field is set via the /status subresource, and must be set at the same time as certificateChain. Once populated, this field is immutable. This field is only a hint. Kubelet may start refreshing before or after this time if necessary.


def certificate_chain : String | Nil #

certificateChain is populated with an issued certificate by the signer. This field is set via the /status subresource. Once populated, this field is immutable. If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. Validation requirements:

  1. certificateChain must consist of one or more PEM-formatted certificates.
  2. Each entry must be a valid PEM-wrapped, DER-encoded ASN.1 Certificate as described in section 4 of RFC5280. If more than one block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. When projecting the chain into a pod volume, kubelet will drop any data in-between the PEM blocks, as well as any PEM block headers.

def certificate_chain=(certificate_chain : String | Nil) #

certificateChain is populated with an issued certificate by the signer. This field is set via the /status subresource. Once populated, this field is immutable. If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. Validation requirements:

  1. certificateChain must consist of one or more PEM-formatted certificates.
  2. Each entry must be a valid PEM-wrapped, DER-encoded ASN.1 Certificate as described in section 4 of RFC5280. If more than one block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. When projecting the chain into a pod volume, kubelet will drop any data in-between the PEM blocks, as well as any PEM block headers.

def conditions : Array(Condition) | Nil #

conditions applied to the request. The types "Issued", "Denied", and "Failed" have special handling. At most one of these conditions may be present, and they must have status "True". If the request is denied with Reason=UnsupportedKeyType, the signer may suggest a key type that will work in the message field.


def conditions=(conditions : Array(Condition) | Nil) #

conditions applied to the request. The types "Issued", "Denied", and "Failed" have special handling. At most one of these conditions may be present, and they must have status "True". If the request is denied with Reason=UnsupportedKeyType, the signer may suggest a key type that will work in the message field.


def not_after : Time | Nil #

notAfter is the time at which the certificate expires. The value must be the same as the notAfter value in the leaf certificate in certificateChain. This field is set via the /status subresource. Once populated, it is immutable. The signer must set this field at the same time it sets certificateChain.


def not_after=(not_after : Time | Nil) #

notAfter is the time at which the certificate expires. The value must be the same as the notAfter value in the leaf certificate in certificateChain. This field is set via the /status subresource. Once populated, it is immutable. The signer must set this field at the same time it sets certificateChain.


def not_before : Time | Nil #

notBefore is the time at which the certificate becomes valid. The value must be the same as the notBefore value in the leaf certificate in certificateChain. This field is set via the /status subresource. Once populated, it is immutable. The signer must set this field at the same time it sets certificateChain.


def not_before=(not_before : Time | Nil) #

notBefore is the time at which the certificate becomes valid. The value must be the same as the notBefore value in the leaf certificate in certificateChain. This field is set via the /status subresource. Once populated, it is immutable. The signer must set this field at the same time it sets certificateChain.