Package io.kubernetes.client.openapi.models

Class V1PodCertificateProjection

java.lang.Object
io.kubernetes.client.openapi.models.V1PodCertificateProjection
@Generated(value="org.openapitools.codegen.languages.JavaClientCodegen", date="2025-09-11T18:00:16.154662Z[Etc/UTC]", comments="Generator version: 7.13.0") public class V1PodCertificateProjection extends Object
PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.

  • Field Details

  • Constructor Details

    • V1PodCertificateProjection

      public V1PodCertificateProjection()

  • Method Details

    • certificateChainPath

      public V1PodCertificateProjection certificateChainPath(@Nullable String certificateChainPath)

    • getCertificateChainPath

      @Nullable public String getCertificateChainPath()
      Write the certificate chain at this path in the projected volume. Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.
      Returns:
      certificateChainPath

    • setCertificateChainPath

      public void setCertificateChainPath(@Nullable String certificateChainPath)

    • credentialBundlePath

      public V1PodCertificateProjection credentialBundlePath(@Nullable String credentialBundlePath)

    • getCredentialBundlePath

      @Nullable public String getCredentialBundlePath()
      Write the credential bundle at this path in the projected volume. The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key. The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates). Using credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.
      Returns:
      credentialBundlePath

    • setCredentialBundlePath

      public void setCredentialBundlePath(@Nullable String credentialBundlePath)

    • keyPath

      public V1PodCertificateProjection keyPath(@Nullable String keyPath)

    • getKeyPath

      @Nullable public String getKeyPath()
      Write the key at this path in the projected volume. Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.
      Returns:
      keyPath

    • setKeyPath

      public void setKeyPath(@Nullable String keyPath)

    • keyType

      public V1PodCertificateProjection keyType(@Nonnull String keyType)

    • getKeyType

      @Nonnull public String getKeyType()
      The type of keypair Kubelet will generate for the pod. Valid values are \"RSA3072\", \"RSA4096\", \"ECDSAP256\", \"ECDSAP384\", \"ECDSAP521\", and \"ED25519\".
      Returns:
      keyType

    • setKeyType

      public void setKeyType(@Nonnull String keyType)

    • maxExpirationSeconds

      public V1PodCertificateProjection maxExpirationSeconds(@Nullable Integer maxExpirationSeconds)

    • getMaxExpirationSeconds

      @Nullable public Integer getMaxExpirationSeconds()
      maxExpirationSeconds is the maximum lifetime permitted for the certificate. Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection. If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). The signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.
      Returns:
      maxExpirationSeconds

    • setMaxExpirationSeconds

      public void setMaxExpirationSeconds(@Nullable Integer maxExpirationSeconds)

    • signerName

      public V1PodCertificateProjection signerName(@Nonnull String signerName)

    • getSignerName

      @Nonnull public String getSignerName()
      Kubelet's generated CSRs will be addressed to this signer.
      Returns:
      signerName

    • setSignerName

      public void setSignerName(@Nonnull String signerName)

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • validateJsonElement

      public static void validateJsonElement(com.google.gson.JsonElement jsonElement) throws IOException
      Validates the JSON Element and throws an exception if issues found
      Parameters:
      jsonElement - JSON Element
      Throws:
      IOException - if the JSON Element is invalid with respect to V1PodCertificateProjection

    • fromJson

      public static V1PodCertificateProjection fromJson(String jsonString) throws IOException
      Create an instance of V1PodCertificateProjection given an JSON string
      Parameters:
      jsonString - JSON string
      Returns:
      An instance of V1PodCertificateProjection
      Throws:
      IOException - if the JSON string is invalid with respect to V1PodCertificateProjection

    • toJson

      public String toJson()
      Convert an instance of V1PodCertificateProjection to an JSON string
      Returns:
      JSON string