avionix.kube.certificates

class avionix.kube.certificates.CertificateSigningRequest(metadata, spec, api_version=None)

Parameters

• metadata (ObjectMeta) – None

• spec (CertificateSigningRequestSpec) – The certificate request itself and any additional information.

• api_version (Optional[str]) – APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources # noqa

class avionix.kube.certificates.CertificateSigningRequestSpec(request, signer_name=None, usages=None)

Parameters

• request (str) – Base64-encoded PKCS#10 CSR data

• signer_name (Optional[str]) – Requested signer for the request. It is a qualified name in the form: scope-hostname.io/name. If empty, it will be defaulted: 1. If it’s a kubelet client certificate, it is assigned “kubernetes.io/kube-apiserver-client-kubelet”. 2. If it’s a kubelet serving certificate, it is assigned “kubernetes.io/kubelet-serving”. 3. Otherwise, it is assigned “kubernetes.io/legacy-unknown”. Distribution of trust for signers happens out of band. You can select on this field using spec.signerName.

• usages (Optional[List[str]]) – allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12