kubernetes_asyncio.client.models.v1_pod_certificate_projection module

Kubernetes

No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) # noqa: E501

The version of the OpenAPI document: v1.34.3 Generated by: https://openapi-generator.tech

class kubernetes_asyncio.client.models.v1_pod_certificate_projection.V1PodCertificateProjection(certificate_chain_path=None, credential_bundle_path=None, key_path=None, key_type=None, max_expiration_seconds=None, signer_name=None, local_vars_configuration=None)

Bases: object

NOTE: This class is auto generated by OpenAPI Generator. Ref: https://openapi-generator.tech

Do not edit the class manually.

attribute_map = {'certificate_chain_path': 'certificateChainPath', 'credential_bundle_path': 'credentialBundlePath', 'key_path': 'keyPath', 'key_type': 'keyType', 'max_expiration_seconds': 'maxExpirationSeconds', 'signer_name': 'signerName'}

property certificate_chain_path

Gets the certificate_chain_path of this V1PodCertificateProjection. # noqa: E501

Write the certificate chain at this path in the projected volume. Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. # noqa: E501

Returns:

The certificate_chain_path of this V1PodCertificateProjection. # noqa: E501

Return type:

str

property credential_bundle_path

Gets the credential_bundle_path of this V1PodCertificateProjection. # noqa: E501

Write the credential bundle at this path in the projected volume. The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key. The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates). Using credentialBundlePath lets your Pod’s application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key. # noqa: E501

Returns:

The credential_bundle_path of this V1PodCertificateProjection. # noqa: E501

Return type:

str

property key_path

Gets the key_path of this V1PodCertificateProjection. # noqa: E501

Write the key at this path in the projected volume. Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. # noqa: E501

Returns:

The key_path of this V1PodCertificateProjection. # noqa: E501

Return type:

str

property key_type

Gets the key_type of this V1PodCertificateProjection. # noqa: E501

The type of keypair Kubelet will generate for the pod. Valid values are “RSA3072”, “RSA4096”, “ECDSAP256”, “ECDSAP384”, “ECDSAP521”, and “ED25519”. # noqa: E501

Returns:

The key_type of this V1PodCertificateProjection. # noqa: E501

Return type:

str

property max_expiration_seconds

Gets the max_expiration_seconds of this V1PodCertificateProjection. # noqa: E501

maxExpirationSeconds is the maximum lifetime permitted for the certificate. Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection. If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). The signer implementation is then free to issue a certificate with any lifetime shorter than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. kubernetes.io signers will never issue certificates with a lifetime longer than 24 hours. # noqa: E501

Returns:

The max_expiration_seconds of this V1PodCertificateProjection. # noqa: E501

Return type:

int

openapi_types = {'certificate_chain_path': 'str', 'credential_bundle_path': 'str', 'key_path': 'str', 'key_type': 'str', 'max_expiration_seconds': 'int', 'signer_name': 'str'}

property signer_name

Gets the signer_name of this V1PodCertificateProjection. # noqa: E501

Kubelet’s generated CSRs will be addressed to this signer. # noqa: E501

Returns:

The signer_name of this V1PodCertificateProjection. # noqa: E501

Return type:

str

to_dict(serialize=False)

Returns the model properties as a dict

to_str()

Returns the string representation of the model