1/* 2Copyright 2019 The Kubernetes Authors. 3 4Licensed under the Apache License, Version 2.0 (the "License"); 5you may not use this file except in compliance with the License. 6You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10Unless required by applicable law or agreed to in writing, software 11distributed under the License is distributed on an "AS IS" BASIS, 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13See the License for the specific language governing permissions and 14limitations under the License. 15*/ 16 17package config 18 19import ( 20 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21) 22 23// CSRSigningControllerConfiguration contains elements describing CSRSigningController. 24type CSRSigningControllerConfiguration struct { 25 // clusterSigningCertFile is the filename containing a PEM-encoded 26 // X509 CA certificate used to issue cluster-scoped certificates 27 ClusterSigningCertFile string 28 // clusterSigningCertFile is the filename containing a PEM-encoded 29 // RSA or ECDSA private key used to issue cluster-scoped certificates 30 ClusterSigningKeyFile string 31 32 // kubeletServingSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kubelet-serving signer 33 KubeletServingSignerConfiguration CSRSigningConfiguration 34 // kubeletClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client-kubelet 35 KubeletClientSignerConfiguration CSRSigningConfiguration 36 // kubeAPIServerClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client 37 KubeAPIServerClientSignerConfiguration CSRSigningConfiguration 38 // legacyUnknownSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/legacy-unknown 39 LegacyUnknownSignerConfiguration CSRSigningConfiguration 40 41 // clusterSigningDuration is the max length of duration signed certificates will be given. 42 // Individual CSRs may request shorter certs by setting spec.expirationSeconds. 43 ClusterSigningDuration metav1.Duration 44} 45 46// CSRSigningConfiguration holds information about a particular CSR signer 47type CSRSigningConfiguration struct { 48 // certFile is the filename containing a PEM-encoded 49 // X509 CA certificate used to issue certificates 50 CertFile string 51 // keyFile is the filename containing a PEM-encoded 52 // RSA or ECDSA private key used to issue certificates 53 KeyFile string 54} 55