CertificateRequests are generated by the CertificateRequesting Agent installed on managed clusters. They are used to request a signed certificate from Gloo Mesh based on a private key generated by the Agent (which never leaves the managed cluster). When Gloo Mesh creates an IssuedCertificate on a managed cluster, the local CertificateRequesting Agent will generate a CertificateRequest corresponding to it. Gloo Mesh will then process the Certificate Signing Request contained in the CertificateRequestSpec and write the signed SSL certificate back as a secret in the managed cluster, and update the CertificateRequest Status to point to that secret.
Field
Type
Label
Description
certificateSigningRequest
bytes
Base64-encoded data for the PKCS#10 Certificate Signing Request issued by the CertificateRequesting Agent deployed in the managed cluster, corresponding to the IssuedRequest received by the CertificateRequesting Agent.
CertificateRequestStatus
Field
Type
Label
Description
observedGeneration
int64
The most recent generation observed in the the CertificateRequest metadata. If the observedGeneration does not match generation, the CA has not processed the most recent version of this request.
error
string
Any error observed which prevented the CertificateRequest from being processed. If the error is empty, the request has been processed successfully
