Nikhil Jindal
@@ -814,6 +814,10 @@ type PodSpec struct {
|
||||
// NodeSelector is a selector which must be true for the pod to fit on a node
|
||||
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
|
||||
|
||||
// ServiceAccount is the name of the ServiceAccount to use to run this pod
|
||||
// The pod will be allowed to use secrets referenced by the ServiceAccount
|
||||
ServiceAccount string `json:"serviceAccount"`
|
||||
|
||||
// Host is a request to schedule this pod onto a specific host. If it is non-empty,
|
||||
// the the scheduler simply schedules this pod onto that host, assuming that it fits
|
||||
// resource requirements.
|
||||
@@ -1035,6 +1039,26 @@ type Service struct {
|
||||
Status ServiceStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// ServiceAccount binds together:
|
||||
// * a name, understood by users, and perhaps by peripheral systems, for an identity
|
||||
// * a principal that can be authenticated and authorized
|
||||
// * a set of secrets
|
||||
type ServiceAccount struct {
|
||||
TypeMeta `json:",inline"`
|
||||
ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount
|
||||
Secrets []ObjectReference `json:"secrets"`
|
||||
}
|
||||
|
||||
// ServiceAccountList is a list of ServiceAccount objects
|
||||
type ServiceAccountList struct {
|
||||
TypeMeta `json:",inline"`
|
||||
ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
Items []ServiceAccount `json:"items"`
|
||||
}
|
||||
|
||||
// Endpoints is a collection of endpoints that implement the actual service. Example:
|
||||
// Name: "mysvc",
|
||||
// Subsets: [
|
||||
@@ -1805,7 +1829,25 @@ const MaxSecretSize = 1 * 1024 * 1024
|
||||
type SecretType string
|
||||
|
||||
const (
|
||||
SecretTypeOpaque SecretType = "Opaque" // Default; arbitrary user-defined data
|
||||
// SecretTypeOpaque is the default; arbitrary user-defined data
|
||||
SecretTypeOpaque SecretType = "Opaque"
|
||||
|
||||
// SecretTypeServiceAccountToken contains a token that identifies a service account to the API
|
||||
//
|
||||
// Required fields:
|
||||
// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies
|
||||
// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies
|
||||
// - Secret.Data["token"] - a token that identifies the service account to the API
|
||||
SecretTypeServiceAccountToken SecretType = "kubernetes.io/service-account-token"
|
||||
|
||||
// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
|
||||
ServiceAccountNameKey = "kubernetes.io/service-account.name"
|
||||
// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
|
||||
ServiceAccountUIDKey = "kubernetes.io/service-account.uid"
|
||||
// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets
|
||||
ServiceAccountTokenKey = "token"
|
||||
// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets
|
||||
ServiceAccountKubeconfigKey = "kubernetes.kubeconfig"
|
||||
)
|
||||
|
||||
type SecretList struct {
|
||||
|
||||
Reference in New Issue
Block a user