Repositories
v1v

kubernetes/authentication-resources

v1
Published by: Kubernetes1Updated

Kubernetes v1 authentication resources provide mechanisms for verifying identities within the cluster. These include ServiceAccounts, TokenRequests, TokenReviews, and CertificateSigningRequests, forming a robust system for secure access control in Kubernetes clusters.

v1
|

Authentication

Add API authentication details

HEADERS
X-APIKEY
string
Send X-APIKEY in Header

Readme

User instructions for this resource

The ServiceAccount template is designed to create a Kubernetes ServiceAccount, which provides an identity for processes that run in a Pod. It uses a combination of facets and variables to allow for flexible configurations.

Variables

  • __SA_ID__: This global variable represents the identifier for the ServiceAccount, used to access specific fields in the request values.

Collection Breakdown

  1. Base
{
    "kind": "ServiceAccount",
    "facets": ["master"],
    "metadata": {
        "name": "{{ __SA_ID__.metadata.name }}",
        "namespace": "{{ __SA_ID__.metadata.namespace }}"
    },
    "apiVersion": "v1"
}

This section is always included (due to the master facet). It sets the kind, apiVersion, and metadata for the ServiceAccount resource.

  1. Automount Service Account Token
{
    "facets": ["addon:automounttoken"],
    "automountServiceAccountToken": "{{ __SA_ID__.automountServiceAccountToken }}"
}

This optional section allows control over whether the ServiceAccount's token is automatically mounted to pods.

  1. Image Pull Secrets
{
    "facets": ["addon:imagepullsecrets"],
    "imagePullSecrets": "{{ __SA_ID__.imagePullSecrets }}"
}

This optional section allows specification of image pull secrets for the ServiceAccount.

  1. Secrets
{
    "facets": ["addon:secrets"],
    "secrets": "{{ __SA_ID__.secrets }}"
}

This optional section allows additional secrets to be associated with the ServiceAccount.

Design Decisions

  1. Modularity: The template is divided into multiple sections with separate facets, allowing users to include only the necessary parts of a ServiceAccount definition.

  2. Flexibility: The use of facets allows for optional inclusion of various ServiceAccount features, making the template suitable for both simple and complex ServiceAccount configurations.

  3. Namespace Awareness: The template includes the namespace in the metadata, ensuring that ServiceAccounts can be created in specific namespaces.

  4. Security Features: The template includes options for controlling token mounting and associating secrets, which are important security considerations for ServiceAccounts.

  5. Image Pull Integration: The template allows for easy configuration of image pull secrets, which is often necessary for accessing private container registries.

Examples

Check Request Body tab section to play around with interactive examples.

Install(Example)

The Curl tab in the request section below provides the curl command for your resource.

curl -s -X POST "https://configfacets.com/apis/repos/kubernetes/authentication-resources/v1/resources/collections/serviceaccount/exec?format=json" -H "X-CORRELATION-ID: 80903458-c0f5-303f-bcfa-cf014156c437" -H "X-APIKEY: a64ea1713093e02315eed8517c2674d8" -d '{"facets":["master"],"values":{"basic_sa":{"metadata":{"name":"example-sa","namespace":"default"}}},"globalvars":{"__SA_ID__":"basic_sa"}}' | kubectl apply -f -

Collection API

POST/apis/repos/kubernetes/authentication-resources/v1/resources/collections/serviceaccount/exec
REQUEST
QUERY-STRING PARAMETERS
format
string
No sources available.
API Server https://configfacets.com
API Key
Not set
RESPONSES
No content available.