Package org.cdk8s.plus28.k8s

Interface ClusterTrustBundleSpecV1Alpha1

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

ClusterTrustBundleSpecV1Alpha1.Jsii$Proxy

@Generated(value="jsii-pacmak/1.102.0 (build e354887)",
           date="2024-08-03T12:13:25.658Z")
@Stability(Stable)
public interface ClusterTrustBundleSpecV1Alpha1
extends software.amazon.jsii.JsiiSerializable

ClusterTrustBundleSpec contains the signer and trust anchors.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	ClusterTrustBundleSpecV1Alpha1.Builder	A builder for ClusterTrustBundleSpecV1Alpha1
static class	ClusterTrustBundleSpecV1Alpha1.Jsii$Proxy	An implementation for ClusterTrustBundleSpecV1Alpha1

Method Summary

Modifier and Type	Method	Description
static ClusterTrustBundleSpecV1Alpha1.Builder	builder()
default String	getSignerName()	signerName indicates the associated signer, if any.
String	getTrustBundle()	trustBundle contains the individual X.509 trust anchors for this bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Detail

getTrustBundle

@Stability(Stable)
@NotNull
String getTrustBundle()

trustBundle contains the individual X.509 trust anchors for this bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.

The data must consist only of PEM certificate blocks that parse as valid X.509 certificates. Each certificate must include a basic constraints extension with the CA bit set. The API server will reject objects that contain duplicate certificates, or that use PEM block headers.

Users of ClusterTrustBundles, including Kubelet, are free to reorder and deduplicate certificate blocks in this file according to their own logic, as well as to drop PEM block headers and inter-block data.

getSignerName

@Stability(Stable)
@Nullable
default String getSignerName()

signerName indicates the associated signer, if any.

In order to create or update a ClusterTrustBundle that sets signerName, you must have the following cluster-scoped permission: group=certificates.k8s.io resource=signers resourceName= verb=attest.

If signerName is not empty, then the ClusterTrustBundle object must be named with the signer name as a prefix (translating slashes to colons). For example, for the signer name example.com/foo, valid ClusterTrustBundle object names include example.com:foo:abc and example.com:foo:v1.

If signerName is empty, then the ClusterTrustBundle object's name must not have such a prefix.

List/watch requests for ClusterTrustBundles can filter on this field using a spec.signerName=NAME field selector.

builder

@Stability(Stable)
static ClusterTrustBundleSpecV1Alpha1.Builder builder()

Returns:

a ClusterTrustBundleSpecV1Alpha1.Builder of ClusterTrustBundleSpecV1Alpha1