Table of Contents
CertificateRequests are generated by the Gloo Mesh agent installed on managed clusters. They are used to request a signed certificate from the certificate issuer (the Gloo Mesh server) based on a private key generated by the agent (which never leaves the managed cluster).
When Gloo Mesh creates an IssuedCertificate on a managed cluster, the local Gloo Mesh Agent will generate a CertificateRequest corresponding to it.
Gloo Mesh will then process the certificate signing request contained in the
CertificateRequestSpec and write the signed SSL certificate back as a Kubernetes secret in the managed cluster, and update the
CertificateRequestStatus to point to that secret.
|certificateSigningRequest||bytes||Base64-encoded data for the PKCS#10 Certificate Signing Request issued by the Gloo Mesh agent deployed in the managed cluster, corresponding to the IssuedRequest received by the Gloo Mesh agent.|
|observedGeneration||int64||The most recent generation observed in the the CertificateRequest metadata. If the
|error||string||Any error observed which prevented the CertificateRequest from being processed. If the error is empty, the request has been processed successfully|
|state||certificates.mesh.gloo.solo.io.CertificateRequestStatus.State||The current state of the CertificateRequest workflow reported by the issuer.|
|signedCertificate||bytes||The signed intermediate certificate issued by the CA.|
|signingRootCa||bytes||The root CA used by the issuer to sign the certificate.|
|certChain||bytes||The cert chain of signing CA.|
Possible states in which a CertificateRequest can exist.
|PENDING||0||The CertificateRequest has yet to be picked up by the issuer.|
|FINISHED||1||The issuer has replied to the request and the
|FAILED||2||Processing the certificate workflow failed.|