Table of Contents
CertificateRequests are generated by the CertificateRequesting Agent installed on managed clusters. They are used to request a signed certificate from Service Mesh Hub based on a private key generated by the Agent (which never leaves the managed cluster).
When Service Mesh Hub creates an IssuedCertificate on a managed cluster, the local CertificateRequesting Agent will generate a CertificateRequest corresponding to it.
Service Mesh Hub will then process the Certificate Signing Request contained in the CertificateRequestSpec and write the signed SSL certificate back as a secret in the managed cluster, and update the CertificateRequest Status to point to that secret.
|certificateSigningRequest||bytes||Base64-encoded data for the PKCS#10 Certificate Signing Request issued by the CertificateRequesting Agent deployed in the managed cluster, corresponding to the IssuedRequest received by the CertificateRequesting Agent.|
|observedGeneration||int64||The most recent generation observed in the the CertificateRequest metadata. If the observedGeneration does not match generation, the CA has not processed the most recent version of this request.|
|error||string||Any error observed which prevented the CertificateRequest from being processed. If the error is empty, the request has been processed successfully|
|state||CertificateRequestStatus.State||The current state of the CertificateRequest workflow reported by the Issuer.|
|signedCertificate||bytes||The signed intermediate certificate issued by the CA.|
|signingRootCa||bytes||The root CA used by the CA to sign the certificate.|
Possible states in which a CertificateRequest can exist.
|PENDING||0||The CertificateRequest has yet to be picked up by the issuer.|
|FINISHED||1||The Issuer has replied to the request and the signedCertificate and SigningRootCa status fields will be populated.|
|FAILED||2||Processing the certificate workflow failed.|