Packages:
Resource Types:
(Appears on:TokenRequestSpec)
ContextObject identifies the object the token is requested for.
| Field | Description |
|---|---|
kindstring |
Kind of the object the token is requested for. Valid kinds are 'Shoot', 'Seed', etc. |
apiVersionstring |
API version of the object the token is requested for. |
namestring |
Name of the object the token is requested for. |
namespacestring |
(Optional)
Namespace of the object the token is requested for. |
uidUID |
UID of the object the token is requested for. |
CredentialsBinding represents a binding to credentials in the same or another namespace.
| Field | Description |
|---|---|
metadataObjectMeta |
Refer to the Kubernetes API documentation for the fields of the metadata field.
|
providerCredentialsBindingProvider |
Provider defines the provider type of the CredentialsBinding. |
credentialsRefObjectReference |
CredentialsRef is a reference to a resource holding the credentials. |
quotasObjectReference array |
(Optional)
Quotas is a list of references to Quota objects in the same or another namespace. |
(Appears on:CredentialsBinding)
CredentialsBindingProvider defines the provider type of the CredentialsBinding.
| Field | Description |
|---|---|
typestring |
Type is the type of the provider. |
(Appears on:WorkloadIdentitySpec)
TargetSystem represents specific configurations for the system that will accept the JWTs.
| Field | Description |
|---|---|
typestring |
Type is the type of the target system. |
providerConfigRawExtension |
(Optional)
ProviderConfig is the configuration passed to extension resource. |
TokenRequest is a resource that is used to request WorkloadIdentity tokens.
| Field | Description |
|---|---|
metadataObjectMeta |
Refer to the Kubernetes API documentation for the fields of the metadata field.
|
specTokenRequestSpec |
Spec holds configuration settings for the requested token. |
statusTokenRequestStatus |
Status bears the issued token with additional information back to the client. |
(Appears on:TokenRequest)
TokenRequestSpec holds configuration settings for the requested token.
| Field | Description |
|---|---|
contextObjectContextObject |
(Optional)
ContextObject identifies the object the token is requested for. |
expirationSecondsinteger |
(Optional)
ExpirationSeconds specifies for how long the requested token should be valid. |
(Appears on:TokenRequest)
TokenRequestStatus bears the issued token with additional information back to the client.
| Field | Description |
|---|---|
tokenstring |
Token is the issued token. |
expirationTimestampTime |
ExpirationTimestamp is the time of expiration of the returned token. |
WorkloadIdentity is resource that allows workloads to be presented before external systems by giving them identities managed by the Gardener API server. The identity of such workload is represented by JSON Web Token issued by the Gardener API server. Workload identities are designed to be used by components running in the Gardener environment, seed or runtime cluster, that make use of identity federation inspired by the OIDC protocol.
| Field | Description |
|---|---|
metadataObjectMeta |
Refer to the Kubernetes API documentation for the fields of the metadata field.
|
specWorkloadIdentitySpec |
Spec configures the JSON Web Token issued by the Gardener API server. |
statusWorkloadIdentityStatus |
Status contain the latest observed status of the WorkloadIdentity. |
(Appears on:WorkloadIdentity)
WorkloadIdentitySpec configures the JSON Web Token issued by the Gardener API server.
| Field | Description |
|---|---|
audiencesstring array |
Audiences specify the list of recipients that the JWT is intended for. |
targetSystemTargetSystem |
TargetSystem represents specific configurations for the system that will accept the JWTs. |
(Appears on:WorkloadIdentity)
WorkloadIdentityStatus contain the latest observed status of the WorkloadIdentity.
| Field | Description |
|---|---|
substring |
Sub contains the computed value of the subject that is going to be set in JWTs 'sub' claim. |