kubernetes_asyncio.client.models.v1alpha1_pod_certificate_request_spec module

Kubernetes

No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) # noqa: E501

The version of the OpenAPI document: v1.34.3 Generated by: https://openapi-generator.tech

class kubernetes_asyncio.client.models.v1alpha1_pod_certificate_request_spec.V1alpha1PodCertificateRequestSpec(max_expiration_seconds=None, node_name=None, node_uid=None, pkix_public_key=None, pod_name=None, pod_uid=None, proof_of_possession=None, service_account_name=None, service_account_uid=None, signer_name=None, local_vars_configuration=None)

Bases: object

NOTE: This class is auto generated by OpenAPI Generator. Ref: https://openapi-generator.tech

Do not edit the class manually.

attribute_map = {'max_expiration_seconds': 'maxExpirationSeconds', 'node_name': 'nodeName', 'node_uid': 'nodeUID', 'pkix_public_key': 'pkixPublicKey', 'pod_name': 'podName', 'pod_uid': 'podUID', 'proof_of_possession': 'proofOfPossession', 'service_account_name': 'serviceAccountName', 'service_account_uid': 'serviceAccountUID', 'signer_name': 'signerName'}
property max_expiration_seconds

Gets the max_expiration_seconds of this V1alpha1PodCertificateRequestSpec. # noqa: E501

maxExpirationSeconds is the maximum lifetime permitted for the certificate. If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). The signer implementation is then free to issue a certificate with any lifetime shorter than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. kubernetes.io signers will never issue certificates with a lifetime longer than 24 hours. # noqa: E501

Returns:

The max_expiration_seconds of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

int

property node_name

Gets the node_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

nodeName is the name of the node the pod is assigned to. # noqa: E501

Returns:

The node_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

property node_uid

Gets the node_uid of this V1alpha1PodCertificateRequestSpec. # noqa: E501

nodeUID is the UID of the node the pod is assigned to. # noqa: E501

Returns:

The node_uid of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

openapi_types = {'max_expiration_seconds': 'int', 'node_name': 'str', 'node_uid': 'str', 'pkix_public_key': 'str', 'pod_name': 'str', 'pod_uid': 'str', 'proof_of_possession': 'str', 'service_account_name': 'str', 'service_account_uid': 'str', 'signer_name': 'str'}
property pkix_public_key

Gets the pkix_public_key of this V1alpha1PodCertificateRequestSpec. # noqa: E501

pkixPublicKey is the PKIX-serialized public key the signer will issue the certificate to. The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future. Signer implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of “Denied” and a reason of “UnsupportedKeyType”. It may also suggest a key type that it does support in the message field. # noqa: E501

Returns:

The pkix_public_key of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

property pod_name

Gets the pod_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

podName is the name of the pod into which the certificate will be mounted. # noqa: E501

Returns:

The pod_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

property pod_uid

Gets the pod_uid of this V1alpha1PodCertificateRequestSpec. # noqa: E501

podUID is the UID of the pod into which the certificate will be mounted. # noqa: E501

Returns:

The pod_uid of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

property proof_of_possession

Gets the proof_of_possession of this V1alpha1PodCertificateRequestSpec. # noqa: E501

proofOfPossession proves that the requesting kubelet holds the private key corresponding to pkixPublicKey. It is contructed by signing the ASCII bytes of the pod’s UID using pkixPublicKey. kube-apiserver validates the proof of possession during creation of the PodCertificateRequest. If the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options). If the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1) If the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign). # noqa: E501

Returns:

The proof_of_possession of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

property service_account_name

Gets the service_account_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

serviceAccountName is the name of the service account the pod is running as. # noqa: E501

Returns:

The service_account_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

property service_account_uid

Gets the service_account_uid of this V1alpha1PodCertificateRequestSpec. # noqa: E501

serviceAccountUID is the UID of the service account the pod is running as. # noqa: E501

Returns:

The service_account_uid of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

property signer_name

Gets the signer_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

signerName indicates the requested signer. All signer names beginning with kubernetes.io are reserved for use by the Kubernetes project. There is currently one well-known signer documented by the Kubernetes project, kubernetes.io/kube-apiserver-client-pod, which will issue client certificates understood by kube-apiserver. It is currently unimplemented. # noqa: E501

Returns:

The signer_name of this V1alpha1PodCertificateRequestSpec. # noqa: E501

Return type:

str

to_dict(serialize=False)

Returns the model properties as a dict

to_str()

Returns the string representation of the model