Package io.kubernetes.client.util

Class CSRUtils

java.lang.Object
io.kubernetes.client.util.CSRUtils
public class CSRUtils extends Object

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    CSR_USAGE_CLIENT_AUTH
     
    static final String
    SIGNER_NAME_KUBE_APISERVER_CLIENT
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    CSRUtils()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static void
    approve(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjName)
    Approves a CertificateSigningRequest by requesting "/approve" subresource.
    static byte[]
    createAndWaitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient bootstrapApiClient, io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
    Creates the given CertificateSigningRequest object if it doesn't exist, then waits until it's approved.
    static boolean
    createIfAbsent(io.kubernetes.client.openapi.ApiClient apiClient, io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
    Creates if the CertificateSigningRequest is absent in the cluster.
    static Optional<byte[]>
    getCertificate(io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
    Gets certificate data from the CertificateSigningRequest object.
    static boolean
    isIdentical(io.kubernetes.client.openapi.models.V1CertificateSigningRequest left, io.kubernetes.client.openapi.models.V1CertificateSigningRequest right)
    Checks if the two CertificateSigningRequest is identical.
    static io.kubernetes.client.openapi.models.V1CertificateSigningRequest
    newV1CertificateSigningRequest(String csrObjName, byte[] csrBytes)
     
    static io.kubernetes.client.openapi.models.V1CertificateSigningRequest
    newV1CertificateSigningRequest(String csrObjName, byte[] csrBytes, String signerName, String usage)
     
    static byte[]
    sign(KeyPair keyPair, String commonName)
    Sign CSR from the key-pair.
    static byte[]
    sign(KeyPair keyPair, String csrAlgo, String subjects)
    Sign CSR from the key-pair.
    static byte[]
    sign(KeyPair keyPair, String csrAlgo, String commonName, String organizationName)
    Sign CSR from the key-pair.
    static byte[]
    waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjectName)
    Wait until the CertificateSigningRequest is approved within a timeout of 30 minutes.
    static byte[]
    waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjectName, Duration retryInterval, Duration timeout)
    Wait until the CertificateSigningRequest is approved within a timeout of 30 minutes.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • CSRUtils

      public CSRUtils()

  • Method Details

    • approve

      public static void approve(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjName) throws io.kubernetes.client.openapi.ApiException
      Approves a CertificateSigningRequest by requesting "/approve" subresource.
      Parameters:
      apiClient - the api client
      csrObjName - the csr obj name
      Throws:
      io.kubernetes.client.openapi.ApiException - the api exception

    • createAndWaitUntilCertificateSigned

      public static byte[] createAndWaitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient bootstrapApiClient, io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr) throws CSRNotApprovedException, io.kubernetes.client.openapi.ApiException
      Creates the given CertificateSigningRequest object if it doesn't exist, then waits until it's approved.

      It's short-cut combo of CSRUtils#createIfAbsent and CSRUtils#waitUntilCertificateSigned

      Parameters:
      bootstrapApiClient - the bootstrap api client
      csr - the csr
      Returns:
      the bytes of CSR [ ]
      Throws:
      CSRNotApprovedException - the csr not approved exception
      io.kubernetes.client.openapi.ApiException - the api exception

    • createIfAbsent

      public static boolean createIfAbsent(io.kubernetes.client.openapi.ApiClient apiClient, io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr) throws io.kubernetes.client.openapi.ApiException
      Creates if the CertificateSigningRequest is absent in the cluster.
      Parameters:
      apiClient - the api client
      csr - the csr
      Returns:
      the boolean represents whether the CSR is actually created.
      Throws:
      io.kubernetes.client.openapi.ApiException - the api exception

    • waitUntilCertificateSigned

      public static byte[] waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjectName) throws CSRNotApprovedException
      Wait until the CertificateSigningRequest is approved within a timeout of 30 minutes.
      Parameters:
      apiClient - the api client
      csrObjectName - the csr object name
      Returns:
      the byte [ ]
      Throws:
      CSRNotApprovedException - the csr not approved exception

    • waitUntilCertificateSigned

      public static byte[] waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjectName, Duration retryInterval, Duration timeout) throws CSRNotApprovedException
      Wait until the CertificateSigningRequest is approved within a timeout of 30 minutes.
      Parameters:
      apiClient - the api client
      csrObjectName - the csr object name
      retryInterval - the retry interval
      timeout - the timeout
      Returns:
      the byte [ ]
      Throws:
      CSRNotApprovedException - the csr not approved exception

    • getCertificate

      public static Optional<byte[]> getCertificate(io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
      Gets certificate data from the CertificateSigningRequest object.
      Parameters:
      csr - the csr
      Returns:
      the certificate

    • isIdentical

      public static boolean isIdentical(io.kubernetes.client.openapi.models.V1CertificateSigningRequest left, io.kubernetes.client.openapi.models.V1CertificateSigningRequest right)
      Checks if the two CertificateSigningRequest is identical.
      Parameters:
      left - the left
      right - the right
      Returns:
      the boolean

    • sign

      public static byte[] sign(KeyPair keyPair, String commonName) throws CSRSigningException
      Sign CSR from the key-pair.
      Parameters:
      keyPair - the key pair
      commonName - the common name
      Returns:
      the byte [ ]
      Throws:
      CSRSigningException - the csr signing exception

    • sign

      public static byte[] sign(KeyPair keyPair, String csrAlgo, String commonName, String organizationName) throws CSRSigningException
      Sign CSR from the key-pair.
      Parameters:
      keyPair - the key pair
      csrAlgo - the csr algo
      commonName - the common name
      organizationName - the organization name
      Returns:
      the byte [ ]
      Throws:
      CSRSigningException - the csr signing exception

    • sign

      public static byte[] sign(KeyPair keyPair, String csrAlgo, String subjects) throws CSRSigningException
      Sign CSR from the key-pair.
      Parameters:
      keyPair - the key pair
      csrAlgo - the csr algo
      subjects - the subjects
      Returns:
      the byte [ ]
      Throws:
      CSRSigningException - the csr signing exception

    • newV1CertificateSigningRequest

      public static io.kubernetes.client.openapi.models.V1CertificateSigningRequest newV1CertificateSigningRequest(String csrObjName, byte[] csrBytes)

    • newV1CertificateSigningRequest

      public static io.kubernetes.client.openapi.models.V1CertificateSigningRequest newV1CertificateSigningRequest(String csrObjName, byte[] csrBytes, String signerName, String usage)