Struct PodCertificateProjection 

pub struct PodCertificateProjection {
    pub certificate_chain_path: Option<String>,
    pub credential_bundle_path: Option<String>,
    pub key_path: Option<String>,
    pub key_type: String,
    pub max_expiration_seconds: Option<i32>,
    pub signer_name: String,
}

PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.

Fields

certificate_chain_path: Option<String>

Write the certificate chain at this path in the projected volume.

Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.

credential_bundle_path: Option<String>

Write the credential bundle at this path in the projected volume.

The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key.

The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates).

Using credentialBundlePath lets your Pod’s application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.

key_path: Option<String>

Write the key at this path in the projected volume.

Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.

key_type: String

The type of keypair Kubelet will generate for the pod.

Valid values are “RSA3072”, “RSA4096”, “ECDSAP256”, “ECDSAP384”, “ECDSAP521”, and “ED25519”.

max_expiration_seconds: Option<i32>

maxExpirationSeconds is the maximum lifetime permitted for the certificate.

Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection.

If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).

The signer implementation is then free to issue a certificate with any lifetime shorter than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. kubernetes.io signers will never issue certificates with a lifetime longer than 24 hours.

signer_name: String

Kubelet’s generated CSRs will be addressed to this signer.

Trait Implementations

impl Clone for PodCertificateProjection

fn clone(&self) -> PodCertificateProjection

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PodCertificateProjection

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl DeepMerge for PodCertificateProjection

fn merge_from(&mut self, other: Self)

Merge other into self.

impl Default for PodCertificateProjection

fn default() -> PodCertificateProjection

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for PodCertificateProjection

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>

where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for PodCertificateProjection

fn eq(&self, other: &PodCertificateProjection) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for PodCertificateProjection

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>

where S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for PodCertificateProjection