extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.
signerName indicates the requested signer, and is a qualified name.
List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
Well-known Kubernetes signers are:
More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
Custom signerNames can also be specified. The signer defines:
uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
usages specifies a set of key usages requested in the issued certificate.
Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
Valid values are: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
Generated using TypeDoc
CertificateSigningRequestSpec contains the certificate request.
io.k8s.api.certificates.v1.CertificateSigningRequestSpec