github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

Clarify external CSR signerName description

Browse Source
This commit is contained in:
mengjiao.liu 2021-02-25 16:34:37 +08:00
parent 27c89b9aec
commit 3a09f7e5e4
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/apis/certificates/types.go
View File

@ -49,6 +49,12 @@ type CertificateSigningRequestSpec struct {
// `scope-hostname.io/name`.
// Distribution of trust for signers happens out of band.
// You can select on this field using `spec.signerName`.
// Kubernetes provides built-in signers that each have a well-known signerName:
// 1. kubernetes.io/kube-apiserver-client
// 2. kubernetes.io/kube-apiserver-client-kubelet
// 3. kubernetes.io/kubelet-serving
// 4. kubernetes.io/legacy-unknown
// Custom signerNames can also be specified and that those are external signers and as such the control plane signer will not issue certificates.
SignerName string
// usages specifies a set of usage contexts the key will be