From a55b1057be6aabb6ed88666d69901a6377e9198b Mon Sep 17 00:00:00 2001 From: Craig Rodrigues Date: Wed, 17 Jul 2024 20:27:14 -0700 Subject: [PATCH 1/2] Add links to CertificateSigningRequest API Signed-off-by: Craig Rodrigues --- .../certificate-signing-requests.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md index 6a7c29364363f..a2d4c0f7cd0fc 100644 --- a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md +++ b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md @@ -31,14 +31,16 @@ There is also experimental (alpha) support for distributing [trust bundles](#clu {{< feature-state for_k8s_version="v1.19" state="stable" >}} -A CertificateSigningRequest (CSR) resource is used to request that a certificate be signed +A [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/) +(CSR) resource is used to request that a certificate be signed by a denoted signer, after which the request may be approved or denied before finally being signed. ### Request signing process -The CertificateSigningRequest resource type allows a client to ask for an X.509 certificate +The [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/) +resource type allows a client to ask for an X.509 certificate be issued, based on a signing request. The CertificateSigningRequest object includes a PEM-encoded PKCS#10 signing request in the `spec.request` field. The CertificateSigningRequest denotes the signer (the @@ -285,7 +287,8 @@ Non-PEM content may appear before or after the CERTIFICATE PEM blocks and is unv to allow for explanatory text as described in [section 5.2 of RFC7468](https://www.rfc-editor.org/rfc/rfc7468#section-5.2). When encoded in JSON or YAML, this field is base-64 encoded. -A CertificateSigningRequest containing the example certificate above would look like this: +A [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/) +containing the example certificate above would look like this: ```yaml apiVersion: certificates.k8s.io/v1 @@ -505,7 +508,9 @@ openssl req -new -key myuser.key -out myuser.csr -subj "/CN=myuser" ### Create a CertificateSigningRequest {#create-certificatessigningrequest} -Create a CertificateSigningRequest and submit it to a Kubernetes Cluster via kubectl. Below is a script to generate the CertificateSigningRequest. +Create a [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/) +and submit it to a Kubernetes Cluster via kubectl. Below is a script to generate the +[CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/). ```shell cat < Date: Thu, 18 Jul 2024 14:52:26 +0800 Subject: [PATCH 2/2] Update certificate-signing-requests.md --- .../access-authn-authz/certificate-signing-requests.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md index a2d4c0f7cd0fc..727128aaa3eae 100644 --- a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md +++ b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md @@ -39,8 +39,7 @@ finally being signed. ### Request signing process -The [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/) -resource type allows a client to ask for an X.509 certificate +The CertificateSigningRequest resource type allows a client to ask for an X.509 certificate be issued, based on a signing request. The CertificateSigningRequest object includes a PEM-encoded PKCS#10 signing request in the `spec.request` field. The CertificateSigningRequest denotes the signer (the @@ -287,8 +286,7 @@ Non-PEM content may appear before or after the CERTIFICATE PEM blocks and is unv to allow for explanatory text as described in [section 5.2 of RFC7468](https://www.rfc-editor.org/rfc/rfc7468#section-5.2). When encoded in JSON or YAML, this field is base-64 encoded. -A [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/) -containing the example certificate above would look like this: +A CertificateSigningRequest containing the example certificate above would look like this: ```yaml apiVersion: certificates.k8s.io/v1 @@ -510,7 +508,7 @@ openssl req -new -key myuser.key -out myuser.csr -subj "/CN=myuser" Create a [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/) and submit it to a Kubernetes Cluster via kubectl. Below is a script to generate the -[CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/). +CertificateSigningRequest. ```shell cat <