Skip to content

certificates_v1beta1

CertificateSigningRequest

class lightkube.models.certificates_v1beta1.CertificateSigningRequest(apiVersion=None, kind=None, metadata=None, spec=None, status=None)

Describes a certificate signing request

parameters

  • apiVersion str - (optional) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info
  • kind str - (optional) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info
  • metadata meta_v1.ObjectMeta - (optional)
  • spec CertificateSigningRequestSpec - (optional) The certificate request itself and any additional information.
  • status CertificateSigningRequestStatus - (optional) Derived information about the request.

CertificateSigningRequestCondition

class lightkube.models.certificates_v1beta1.CertificateSigningRequestCondition(type, lastTransitionTime=None, lastUpdateTime=None, message=None, reason=None, status=None)

parameters

  • type str - type of the condition. Known conditions include "Approved", "Denied", and "Failed".
  • lastTransitionTime meta_v1.Time - (optional) lastTransitionTime is the time the condition last transitioned from one status to another. If unset, when a new condition type is added or an existing condition's status is changed, the server defaults this to the current time.
  • lastUpdateTime meta_v1.Time - (optional) timestamp for the last update to this condition
  • message str - (optional) human readable message with details about the request state
  • reason str - (optional) brief reason for the request state
  • status str - (optional) Status of the condition, one of True, False, Unknown. Approved, Denied, and Failed conditions may not be "False" or "Unknown". Defaults to "True". If unset, should be treated as "True".

CertificateSigningRequestList

class lightkube.models.certificates_v1beta1.CertificateSigningRequestList(items, apiVersion=None, kind=None, metadata=None)

parameters

  • items CertificateSigningRequest -
  • apiVersion str - (optional) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info
  • kind str - (optional) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info
  • metadata meta_v1.ListMeta - (optional)

CertificateSigningRequestSpec

class lightkube.models.certificates_v1beta1.CertificateSigningRequestSpec(request, extra=None, groups=None, signerName=None, uid=None, usages=None, username=None)

This information is immutable after the request is created. Only the Request and Usages fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.

parameters

  • request str - Base64-encoded PKCS#10 CSR data
  • extra dict - (optional) Extra information about the requesting user. See user.Info interface for details.
  • groups List[str] - (optional) Group information about the requesting user. See user.Info interface for details.
  • signerName str - (optional) Requested signer for the request. It is a qualified name in the form: scope-hostname.io/name. If empty, it will be defaulted:
  • If it's a kubelet client certificate, it is assigned "kubernetes.io/kube-apiserver-client-kubelet".
  • If it's a kubelet serving certificate, it is assigned "kubernetes.io/kubelet-serving".
  • Otherwise, it is assigned "kubernetes.io/legacy-unknown". Distribution of trust for signers happens out of band. You can select on this field using spec.signerName.
  • uid str - (optional) UID information about the requesting user. See user.Info interface for details.
  • usages List[str] - (optional) allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid values are: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
  • username str - (optional) Information about the requesting user. See user.Info interface for details.

CertificateSigningRequestStatus

class lightkube.models.certificates_v1beta1.CertificateSigningRequestStatus(certificate=None, conditions=None)

parameters

  • certificate str - (optional) If request was approved, the controller will place the issued certificate here.
  • conditions CertificateSigningRequestCondition - (optional) Conditions applied to the request, such as approval or denial.