Package io.kubernetes.client.proto

Class V1Certificates.CertificateSigningRequestSpec.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderType>
com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>
io.kubernetes.client.proto.V1Certificates.CertificateSigningRequestSpec.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, V1Certificates.CertificateSigningRequestSpecOrBuilder, Cloneable
Enclosing class:
V1Certificates.CertificateSigningRequestSpec
public static final class V1Certificates.CertificateSigningRequestSpec.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder> implements V1Certificates.CertificateSigningRequestSpecOrBuilder
 CertificateSigningRequestSpec contains the certificate request.
Protobuf type k8s.io.api.certificates.v1.CertificateSigningRequestSpec

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetMapField

      protected com.google.protobuf.MapField internalGetMapField(int number)
      Overrides:
      internalGetMapField in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • internalGetMutableMapField

      protected com.google.protobuf.MapField internalGetMutableMapField(int number)
      Overrides:
      internalGetMutableMapField in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • clear

      public V1Certificates.CertificateSigningRequestSpec.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • getDefaultInstanceForType

      public V1Certificates.CertificateSigningRequestSpec getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public V1Certificates.CertificateSigningRequestSpec build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public V1Certificates.CertificateSigningRequestSpec buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public V1Certificates.CertificateSigningRequestSpec.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • setField

      public V1Certificates.CertificateSigningRequestSpec.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • clearField

      public V1Certificates.CertificateSigningRequestSpec.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • clearOneof

      public V1Certificates.CertificateSigningRequestSpec.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • setRepeatedField

      public V1Certificates.CertificateSigningRequestSpec.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • addRepeatedField

      public V1Certificates.CertificateSigningRequestSpec.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • mergeFrom

      public V1Certificates.CertificateSigningRequestSpec.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • mergeFrom

      public V1Certificates.CertificateSigningRequestSpec.Builder mergeFrom(V1Certificates.CertificateSigningRequestSpec other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • mergeFrom

      public V1Certificates.CertificateSigningRequestSpec.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>
      Throws:
      IOException

    • hasRequest

      public boolean hasRequest()
       request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
 When serialized as JSON or YAML, the data is additionally base64-encoded.
 +listType=atomic
      optional bytes request = 1;
      Specified by:
      hasRequest in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getRequest

      public com.google.protobuf.ByteString getRequest()
       request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
 When serialized as JSON or YAML, the data is additionally base64-encoded.
 +listType=atomic
      optional bytes request = 1;
      Specified by:
      getRequest in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • setRequest

      public V1Certificates.CertificateSigningRequestSpec.Builder setRequest(com.google.protobuf.ByteString value)
       request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
 When serialized as JSON or YAML, the data is additionally base64-encoded.
 +listType=atomic
      optional bytes request = 1;

    • clearRequest

      public V1Certificates.CertificateSigningRequestSpec.Builder clearRequest()
       request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
 When serialized as JSON or YAML, the data is additionally base64-encoded.
 +listType=atomic
      optional bytes request = 1;

    • hasSignerName

      public boolean hasSignerName()
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;
      Specified by:
      hasSignerName in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getSignerName

      public String getSignerName()
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;
      Specified by:
      getSignerName in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getSignerNameBytes

      public com.google.protobuf.ByteString getSignerNameBytes()
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;
      Specified by:
      getSignerNameBytes in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • setSignerName

      public V1Certificates.CertificateSigningRequestSpec.Builder setSignerName(String value)
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;

    • clearSignerName

      public V1Certificates.CertificateSigningRequestSpec.Builder clearSignerName()
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;

    • setSignerNameBytes

      public V1Certificates.CertificateSigningRequestSpec.Builder setSignerNameBytes(com.google.protobuf.ByteString value)
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;

    • hasExpirationSeconds

      public boolean hasExpirationSeconds()
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;
      Specified by:
      hasExpirationSeconds in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getExpirationSeconds

      public int getExpirationSeconds()
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;
      Specified by:
      getExpirationSeconds in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • setExpirationSeconds

      public V1Certificates.CertificateSigningRequestSpec.Builder setExpirationSeconds(int value)
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;

    • clearExpirationSeconds

      public V1Certificates.CertificateSigningRequestSpec.Builder clearExpirationSeconds()
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;

    • getUsagesList

      public com.google.protobuf.ProtocolStringList getUsagesList()
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;
      Specified by:
      getUsagesList in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getUsagesCount

      public int getUsagesCount()
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;
      Specified by:
      getUsagesCount in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getUsages

      public String getUsages(int index)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;
      Specified by:
      getUsages in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getUsagesBytes

      public com.google.protobuf.ByteString getUsagesBytes(int index)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;
      Specified by:
      getUsagesBytes in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • setUsages

      public V1Certificates.CertificateSigningRequestSpec.Builder setUsages(int index, String value)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • addUsages

      public V1Certificates.CertificateSigningRequestSpec.Builder addUsages(String value)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • addAllUsages

      public V1Certificates.CertificateSigningRequestSpec.Builder addAllUsages(Iterable<String> values)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • clearUsages

      public V1Certificates.CertificateSigningRequestSpec.Builder clearUsages()
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • addUsagesBytes

      public V1Certificates.CertificateSigningRequestSpec.Builder addUsagesBytes(com.google.protobuf.ByteString value)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • hasUsername

      public boolean hasUsername()
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;
      Specified by:
      hasUsername in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getUsername

      public String getUsername()
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;
      Specified by:
      getUsername in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getUsernameBytes

      public com.google.protobuf.ByteString getUsernameBytes()
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;
      Specified by:
      getUsernameBytes in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • setUsername

      public V1Certificates.CertificateSigningRequestSpec.Builder setUsername(String value)
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;

    • clearUsername

      public V1Certificates.CertificateSigningRequestSpec.Builder clearUsername()
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;

    • setUsernameBytes

      public V1Certificates.CertificateSigningRequestSpec.Builder setUsernameBytes(com.google.protobuf.ByteString value)
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;

    • hasUid

      public boolean hasUid()
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;
      Specified by:
      hasUid in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getUid

      public String getUid()
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;
      Specified by:
      getUid in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getUidBytes

      public com.google.protobuf.ByteString getUidBytes()
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;
      Specified by:
      getUidBytes in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • setUid

      public V1Certificates.CertificateSigningRequestSpec.Builder setUid(String value)
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;

    • clearUid

      public V1Certificates.CertificateSigningRequestSpec.Builder clearUid()
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;

    • setUidBytes

      public V1Certificates.CertificateSigningRequestSpec.Builder setUidBytes(com.google.protobuf.ByteString value)
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;

    • getGroupsList

      public com.google.protobuf.ProtocolStringList getGroupsList()
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;
      Specified by:
      getGroupsList in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getGroupsCount

      public int getGroupsCount()
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;
      Specified by:
      getGroupsCount in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getGroups

      public String getGroups(int index)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;
      Specified by:
      getGroups in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getGroupsBytes

      public com.google.protobuf.ByteString getGroupsBytes(int index)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;
      Specified by:
      getGroupsBytes in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • setGroups

      public V1Certificates.CertificateSigningRequestSpec.Builder setGroups(int index, String value)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • addGroups

      public V1Certificates.CertificateSigningRequestSpec.Builder addGroups(String value)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • addAllGroups

      public V1Certificates.CertificateSigningRequestSpec.Builder addAllGroups(Iterable<String> values)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • clearGroups

      public V1Certificates.CertificateSigningRequestSpec.Builder clearGroups()
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • addGroupsBytes

      public V1Certificates.CertificateSigningRequestSpec.Builder addGroupsBytes(com.google.protobuf.ByteString value)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getExtraCount

      public int getExtraCount()
      Description copied from interface: V1Certificates.CertificateSigningRequestSpecOrBuilder
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;
      Specified by:
      getExtraCount in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • containsExtra

      public boolean containsExtra(String key)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;
      Specified by:
      containsExtra in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getExtra

      @Deprecated public Map<String,V1Certificates.ExtraValue> getExtra()
      Deprecated.
      Use getExtraMap() instead.
      Specified by:
      getExtra in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getExtraMap

      public Map<String,V1Certificates.ExtraValue> getExtraMap()
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;
      Specified by:
      getExtraMap in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getExtraOrDefault

      public V1Certificates.ExtraValue getExtraOrDefault(String key, V1Certificates.ExtraValue defaultValue)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;
      Specified by:
      getExtraOrDefault in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • getExtraOrThrow

      public V1Certificates.ExtraValue getExtraOrThrow(String key)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;
      Specified by:
      getExtraOrThrow in interface V1Certificates.CertificateSigningRequestSpecOrBuilder

    • clearExtra

      public V1Certificates.CertificateSigningRequestSpec.Builder clearExtra()

    • removeExtra

      public V1Certificates.CertificateSigningRequestSpec.Builder removeExtra(String key)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;

    • getMutableExtra

      @Deprecated public Map<String,V1Certificates.ExtraValue> getMutableExtra()
      Deprecated.
      Use alternate mutation accessors instead.

    • putExtra

      public V1Certificates.CertificateSigningRequestSpec.Builder putExtra(String key, V1Certificates.ExtraValue value)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;

    • putAllExtra

      public V1Certificates.CertificateSigningRequestSpec.Builder putAllExtra(Map<String,V1Certificates.ExtraValue> values)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;

    • setUnknownFields

      public final V1Certificates.CertificateSigningRequestSpec.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>

    • mergeUnknownFields

      public final V1Certificates.CertificateSigningRequestSpec.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<V1Certificates.CertificateSigningRequestSpec.Builder>