avionix.kube.certificates

class avionix.kube.certificates.CertificateSigningRequest(metadata, spec, api_version=None)
Parameters
class avionix.kube.certificates.CertificateSigningRequestCondition(last_update_time, message, reason, type)
Parameters

  • last_update_time (time) – timestamp for the last update to this condition

  • message (str) – human readable message with details about the request state

  • reason (str) – brief reason for the request state

  • type (str) – request approval state, currently Approved or Denied.

class avionix.kube.certificates.CertificateSigningRequestList(metadata, items, api_version=None)
Parameters
class avionix.kube.certificates.CertificateSigningRequestSpec(extra, groups, request, signer_name, usages, username, uid=None)
Parameters

  • extra (dict) – Extra information about the requesting user. See user.Info interface for details.

  • groups (List[str]) – Group information about the requesting user. See user.Info interface for details.

  • request (str) – Base64-encoded PKCS#10 CSR data

  • signer_name (str) – Requested signer for the request. It is a qualified name in the form: scope-hostname.io/name. If empty, it will be defaulted: 1. If it’s a kubelet client certificate, it is assigned “kubernetes.io/kube-apiserver-client-kubelet”. 2. If it’s a kubelet serving certificate, it is assigned “kubernetes.io/kubelet-serving”. 3. Otherwise, it is assigned “kubernetes.io/legacy-unknown”. Distribution of trust for signers happens out of band. You can select on this field using spec.signerName.

  • usages (List[str]) – allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12

  • username (str) – Information about the requesting user. See user.Info interface for details.

  • uid (Optional[str]) – UID information about the requesting user. See user.Info interface for details.