kubernetes-client/csharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
70b63864414a205edb5c24887dc673535a47d97b
csharp/examples/csrApproval/Program.cs
Boshi Lian 5de1c25cf1 migrate to record (#1665) 
* migrate to record

* chore: update project files and clean up unused references

* refactor: convert classes to records and simplify constructors for IntOrString, ResourceQuantity, and V1Patch

* fix: define IsExternalInit to resolve CS0518 error in IntOrString

* refactor: change IntOrString and ResourceQuantity from records to structs, update implicit conversions, and simplify null checks

* refactor: add JsonPropertyName attribute to Value property in IntOrString struct

* refactor: simplify V1Patch constructor and improve argument validation

* refactor: remove unnecessary CultureInfo parameter in ToInt method

* Update src/KubernetesClient/Models/ResourceQuantity.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/KubernetesClient/Models/IntOrString.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Revert "Update src/KubernetesClient/Models/ResourceQuantity.cs"

This reverts commit 62b20a691554659e28d419067220dc1a0620133b.

* refactor: remove commented-out formatting check and simplify build command

* refactor: remove IValidate.cs from project references in Aot and Classic

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-09-22 14:20:13 -07:00

86 lines
3.0 KiB
C#
Raw Blame History

using Json.Patch;
using k8s;
using k8s.Models;
using System.Net;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Text.Json;
string GenerateCertificate(string name)
{
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddIpAddress(IPAddress.Loopback);
sanBuilder.AddIpAddress(IPAddress.IPv6Loopback);
sanBuilder.AddDnsName("localhost");
sanBuilder.AddDnsName(Environment.MachineName);
var distinguishedName = new X500DistinguishedName(name);
using var rsa = RSA.Create(4096);
var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, false));
request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension([new ("1.3.6.1.5.5.7.3.1")], false));
request.CertificateExtensions.Add(sanBuilder.Build());
var csr = request.CreateSigningRequest();
var pemKey = "-----BEGIN CERTIFICATE REQUEST-----\r\n" +
Convert.ToBase64String(csr) +
"\r\n-----END CERTIFICATE REQUEST-----";
return pemKey;
}
var config = KubernetesClientConfiguration.BuildConfigFromConfigFile();
IKubernetes client = new Kubernetes(config);
Console.WriteLine("Starting Request!");
var name = "demo";
var x509 = GenerateCertificate(name);
var encodedCsr = Encoding.UTF8.GetBytes(x509);
var request = new V1CertificateSigningRequest
{
ApiVersion = "certificates.k8s.io/v1",
Kind = "CertificateSigningRequest",
Metadata = new V1ObjectMeta
{
Name = name,
},
Spec = new V1CertificateSigningRequestSpec
{
Request = encodedCsr,
SignerName = "kubernetes.io/kube-apiserver-client",
Usages = new List<string> { "client auth" },
ExpirationSeconds = 600, // minimum should be 10 minutes
},
};
await client.CertificatesV1.CreateCertificateSigningRequestAsync(request).ConfigureAwait(false);
var serializeOptions = new JsonSerializerOptions
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
WriteIndented = true,
};
var readCert = await client.CertificatesV1.ReadCertificateSigningRequestAsync(name).ConfigureAwait(false);
var old = JsonSerializer.SerializeToDocument(readCert, serializeOptions);
var replace = new List<V1CertificateSigningRequestCondition>
{
new V1CertificateSigningRequestCondition
{
Type = "Approved",
Status = "True",
Reason = "Approve",
Message = "This certificate was approved by k8s client",
LastUpdateTime = DateTime.UtcNow,
LastTransitionTime = DateTime.UtcNow,
},
};
readCert.Status.Conditions = replace;
var expected = JsonSerializer.SerializeToDocument(readCert, serializeOptions);
var patch = old.CreatePatch(expected);
await client.CertificatesV1.PatchCertificateSigningRequestApprovalAsync(new V1Patch(patch, V1Patch.PatchType.JsonPatch), name).ConfigureAwait(false);
Reference in New Issue View Git Blame Copy Permalink