Security

그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그

4 minute read

Packages:

security.gardener.cloud/v1alpha1

security.gardener.cloud/v1alpha1

Package v1alpha1 is a version of the API.

Resource Types:

CredentialsBinding

CredentialsBinding represents a binding to credentials in the same or another namespace.

Field	Description
`apiVersion` string	`security.gardener.cloud/v1alpha1`
`kind` string	`CredentialsBinding`
`metadata` Kubernetes meta/v1.ObjectMeta	(Optional) Standard object metadata. Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`provider` CredentialsBindingProvider	Provider defines the provider type of the CredentialsBinding. This field is immutable.
`credentialsRef` Kubernetes core/v1.ObjectReference	CredentialsRef is a reference to a resource holding the credentials. Accepted resources are core/v1.Secret and security.gardener.cloud/v1alpha1.WorkloadIdentity This field is immutable.
`quotas` []Kubernetes core/v1.ObjectReference	(Optional) Quotas is a list of references to Quota objects in the same or another namespace. This field is immutable.

WorkloadIdentity

WorkloadIdentity is resource that allows workloads to be presented before external systems by giving them identities managed by the Gardener API server. The identity of such workload is represented by JSON Web Token issued by the Gardener API server. Workload identities are designed to be used by components running in the Gardener environment, seed or runtime cluster, that make use of identity federation inspired by the OIDC protocol.

Field Description

apiVersion
string security.gardener.cloud/v1alpha1

kind
string WorkloadIdentity

metadata
Kubernetes meta/v1.ObjectMeta

(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec
WorkloadIdentitySpec

Spec configures the JSON Web Token issued by the Gardener API server.

`audiences` []string	Audiences specify the list of recipients that the JWT is intended for. The values of this field will be set in the ‘aud’ claim.
`targetSystem` TargetSystem	TargetSystem represents specific configurations for the system that will accept the JWTs.

status
WorkloadIdentityStatus

Status contain the latest observed status of the WorkloadIdentity.

ContextObject

(Appears on: TokenRequestSpec)

ContextObject identifies the object the token is requested for.

Field	Description
`kind` string	Kind of the object the token is requested for. Valid kinds are ‘Shoot’, ‘Seed’, etc.
`apiVersion` string	API version of the object the token is requested for.
`name` string	Name of the object the token is requested for.
`namespace` string	(Optional) Namespace of the object the token is requested for.
`uid` k8s.io/apimachinery/pkg/types.UID	UID of the object the token is requested for.

CredentialsBindingProvider

(Appears on: CredentialsBinding)

CredentialsBindingProvider defines the provider type of the CredentialsBinding.

Field	Description
`type` string	Type is the type of the provider.

TargetSystem

(Appears on: WorkloadIdentitySpec)

TargetSystem represents specific configurations for the system that will accept the JWTs.

Field	Description
`type` string	Type is the type of the target system.
`providerConfig` k8s.io/apimachinery/pkg/runtime.RawExtension	(Optional) ProviderConfig is the configuration passed to extension resource.

TokenRequest

TokenRequest is a resource that is used to request WorkloadIdentity tokens.

Field Description

metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec
TokenRequestSpec

Spec holds configuration settings for the requested token.

`contextObject` ContextObject	(Optional) ContextObject identifies the object the token is requested for.
`expirationSeconds` int64	(Optional) ExpirationSeconds specifies for how long the requested token should be valid.

status
TokenRequestStatus

Status bears the issued token with additional information back to the client.

TokenRequestSpec

(Appears on: TokenRequest)

TokenRequestSpec holds configuration settings for the requested token.

Field	Description
`contextObject` ContextObject	(Optional) ContextObject identifies the object the token is requested for.
`expirationSeconds` int64	(Optional) ExpirationSeconds specifies for how long the requested token should be valid.

TokenRequestStatus

(Appears on: TokenRequest)

TokenRequestStatus bears the issued token with additional information back to the client.

Field	Description
`token` string	Token is the issued token.
`expirationTimestamp` Kubernetes meta/v1.Time	ExpirationTimestamp is the time of expiration of the returned token.

WorkloadIdentitySpec

(Appears on: WorkloadIdentity)

WorkloadIdentitySpec configures the JSON Web Token issued by the Gardener API server.

Field	Description
`audiences` []string	Audiences specify the list of recipients that the JWT is intended for. The values of this field will be set in the ‘aud’ claim.
`targetSystem` TargetSystem	TargetSystem represents specific configurations for the system that will accept the JWTs.

WorkloadIdentityStatus

(Appears on: WorkloadIdentity)

WorkloadIdentityStatus contain the latest observed status of the WorkloadIdentity.

Field	Description
`sub` string	Sub contains the computed value of the subject that is going to be set in JWTs ‘sub’ claim.

Generated with gen-crd-api-reference-docs