Package io.fabric8.openshift.api.model.operator.v1

Class ClientTLS

  • All Implemented Interfaces:
    io.fabric8.kubernetes.api.builder.Editable<ClientTLSBuilder>, io.fabric8.kubernetes.api.model.KubernetesResource, Serializable
    @Generated("io.fabric8.kubernetes.schema.generator.model.ModelGenerator")
public class ClientTLS
extends Object
implements io.fabric8.kubernetes.api.builder.Editable<ClientTLSBuilder>, io.fabric8.kubernetes.api.model.KubernetesResource
    ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.
    See Also:
    Serialized Form

    • Constructor Detail

      • ClientTLS

        public ClientTLS()
        No args constructor for use in serialization

      • ClientTLS

        public ClientTLS​(List<String> allowedSubjectPatterns,
                 io.fabric8.openshift.api.model.config.v1.ConfigMapNameReference clientCA,
                 String clientCertificatePolicy)

    • Method Detail

      • getAllowedSubjectPatterns

        public List<String> getAllowedSubjectPatterns()
        allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.

      • setAllowedSubjectPatterns

        public void setAllowedSubjectPatterns​(List<String> allowedSubjectPatterns)
        allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.

      • getClientCA

        public io.fabric8.openshift.api.model.config.v1.ConfigMapNameReference getClientCA()
        ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.

      • setClientCA

        public void setClientCA​(io.fabric8.openshift.api.model.config.v1.ConfigMapNameReference clientCA)
        ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.

      • getClientCertificatePolicy

        public String getClientCertificatePolicy()
        clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values "Required" or "Optional".


        Note that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.

      • setClientCertificatePolicy

        public void setClientCertificatePolicy​(String clientCertificatePolicy)
        clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values "Required" or "Optional".


        Note that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.

      • getAdditionalProperties

        public Map<String,​Object> getAdditionalProperties()

      • setAdditionalProperty

        public void setAdditionalProperty​(String name,
                                  Object value)

      • setAdditionalProperties

        public void setAdditionalProperties​(Map<String,​Object> additionalProperties)