public final fun check (Ljava/lang/String;[Ljava/security/cert/Certificate;)V
	public fun equals (Ljava/lang/Object;)Z
	public final fun findMatchingPins (Ljava/lang/String;)Ljava/util/List;
	public final fun getPins ()Ljava/util/Set;
	public fun hashCode ()I
	public static final fun pin (Ljava/security/cert/Certificate;)Ljava/lang/String;

  //
  // +optional
  optional ServiceReference service = 1;

  // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
  // If unspecified, system trust roots on the apiserver are used.
  // +optional
  optional bytes caBundle = 2;

  optional IngressLoadBalancerStatus loadBalancer = 1;
}

// IngressTLS describes the transport layer security associated with an ingress.
message IngressTLS {
  // hosts is a list of hosts included in the TLS certificate. The values in
  // this list must match the name/s used in the tlsSecret. Defaults to the
  // wildcard host setting for the loadbalancer controller fulfilling this
  // Ingress, if left unspecified.
  // +listType=atomic

pkg crypto/tls, type Certificate struct, SignedCertificateTimestamps [][]uint8
pkg crypto/tls, type ConnectionState struct, OCSPResponse []uint8
pkg crypto/tls, type ConnectionState struct, SignedCertificateTimestamps [][]uint8
pkg crypto/x509, method (*CertificateRequest) CheckSignature() error
pkg crypto/x509, type Certificate struct, UnhandledCriticalExtensions []asn1.ObjectIdentifier

		defer cancel()
		transport, err := s.NewHTTPTransportWithClientCerts(ctx, clientCert, clientKey)
		if err != nil {
			internalLogIf(ctx, fmt.Errorf("Unable to load client key and cert, please check your client certificate configuration: %w", err))
		}
		if transport == nil {
			// Client certs are not readable return default transport.
			return s.NewHTTPTransportWithTimeout(1 * time.Minute)
		}
		return transport
	}

- X.509 client certificate authentication to kube-apiserver now produces credential IDs (derived from the certificate's signature) for use by audit logging. ([#125634](https://github.com/kubernetes/kubernetes/pull/125634), [@ahmedtd](https://github.com/ahmedtd)) [SIG API Machinery, Auth and Testing]

github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=

Isso poderia ser outro contêiner, por exemplo, com <a href="https://traefik.io/" class="external-link" target="_blank">Traefik</a>, lidando com **HTTPS** e aquisição **automática** de **certificados**.

/// tip

Traefik tem integrações com Docker, Kubernetes e outros, portanto, é muito fácil configurar e configurar o HTTPS para seus contêineres com ele.

///

  optional IngressLoadBalancerStatus loadBalancer = 1;
}

// IngressTLS describes the transport layer security associated with an Ingress.
message IngressTLS {
  // Hosts are a list of hosts included in the TLS certificate. The values in
  // this list must match the name/s used in the tlsSecret. Defaults to the
  // wildcard host setting for the loadbalancer controller fulfilling this
  // Ingress, if left unspecified.
  // +optional

  // +optional
  optional int64 limitBytes = 8;

  // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the
  // serving certificate of the backend it is connecting to.  This will make the HTTPS connection between the apiserver
  // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real