PodIdentityAssociation

eks.services.k8s.aws/v1alpha1

TypeLink
GoDoceks-controller/apis/v1alpha1#PodIdentityAssociation

Metadata

PropertyValue
ScopeNamespaced
KindPodIdentityAssociation
ListKindPodIdentityAssociationList
Pluralpodidentityassociations
Singularpodidentityassociation

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

Spec

clientRequestToken: string
clusterName: string
clusterRef: 
  from: 
    name: string
    namespace: string
namespace: string
roleARN: string
roleRef: 
  from: 
    name: string
    namespace: string
serviceAccount: string
tags: {}
FieldDescription
clientRequestToken
Optional		string
A unique, case-sensitive identifier that you provide to ensure the idempotency
of the request.
clusterName
Optional		string
The name of the cluster to create the association in.
clusterRef
Optional		object
AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference
type to provide more user friendly syntax for references using ‘from’ field
Ex:
APIIDRef:

from:
name: my-api
clusterRef.from
Optional		object
AWSResourceReference provides all the values necessary to reference another
k8s resource for finding the identifier(Id/ARN/Name)
clusterRef.from.name
Optional		string
clusterRef.from.namespace
Optional		string
namespace
Required		string
The name of the Kubernetes namespace inside the cluster to create the association
in. The service account and the pods that use the service account must be
in this namespace.
roleARN
Optional		string
The Amazon Resource Name (ARN) of the IAM role to associate with the service
account. The EKS Pod Identity agent manages credentials to assume this role
for applications in the containers in the pods that use this service account.
roleRef
Optional		object
AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference
type to provide more user friendly syntax for references using ‘from’ field
Ex:
APIIDRef:

from:
name: my-api
roleRef.from
Optional		object
AWSResourceReference provides all the values necessary to reference another
k8s resource for finding the identifier(Id/ARN/Name)
roleRef.from.name
Optional		string
roleRef.from.namespace
Optional		string
serviceAccount
Required		string
The name of the Kubernetes service account inside the cluster to associate
the IAM credentials with.
tags
Optional		object
Metadata that assists with categorization and organization. Each tag consists
of a key and an optional value. You define both. Tags don’t propagate to
any other cluster or Amazon Web Services resources.

The following basic restrictions apply to tags:

* Maximum number of tags per resource – 50

* For each resource, each tag key must be unique, and each tag key can
have only one value.

* Maximum key length – 128 Unicode characters in UTF-8

* Maximum value length – 256 Unicode characters in UTF-8

* If your tagging schema is used across multiple services and resources,
remember that other services may have restrictions on allowed characters.
Generally allowed characters are: letters, numbers, and spaces representable
in UTF-8, and the following characters: + - = . _ : / @.

* Tag keys and values are case-sensitive.

* Do not use aws:, AWS:, or any upper or lowercase combination of such
as a prefix for either keys or values as it is reserved for Amazon Web
Services use. You cannot edit or delete tag keys or values with this prefix.
Tags with this prefix do not count against your tags per resource limit.

Status

ackResourceMetadata: 
  arn: string
  ownerAccountID: string
  region: string
associationARN: string
associationID: string
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
createdAt: string
modifiedAt: string
ownerARN: string
FieldDescription
ackResourceMetadata
Optional		object
All CRs managed by ACK have a common Status.ACKResourceMetadata member
that is used to contain resource sync state, account ownership,
constructed ARN for the resource
ackResourceMetadata.arn
Optional		string
ARN is the Amazon Resource Name for the resource. This is a
globally-unique identifier and is set only by the ACK service controller
once the controller has orchestrated the creation of the resource OR
when it has verified that an “adopted” resource (a resource where the
ARN annotation was set by the Kubernetes user on the CR) exists and
matches the supplied CR’s Spec field values.
https://github.com/aws/aws-controllers-k8s/issues/270
ackResourceMetadata.ownerAccountID
Required		string
OwnerAccountID is the AWS Account ID of the account that owns the
backend AWS service API resource.
ackResourceMetadata.region
Required		string
Region is the AWS region in which the resource exists or will exist.
associationARN
Optional		string
The Amazon Resource Name (ARN) of the association.
associationID
Optional		string
The ID of the association.
conditions
Optional		array
All CRS managed by ACK have a common Status.Conditions member that
contains a collection of ackv1alpha1.Condition objects that describe
the various terminal states of the CR and its backend AWS service API
resource
conditions.[]
Required		object
Condition is the common struct used by all CRDs managed by ACK service
controllers to indicate terminal states of the CR and its backend AWS
service API resource
conditions.[].message
Optional		string
A human readable message indicating details about the transition.
conditions.[].reason
Optional		string
The reason for the condition’s last transition.
conditions.[].status
Optional		string
Status of the condition, one of True, False, Unknown.
conditions.[].type
Optional		string
Type is the type of the Condition
createdAt
Optional		string
The timestamp that the association was created at.
modifiedAt
Optional		string
The most recent timestamp that the association was modified at
ownerARN
Optional		string
If defined, the Pod Identity Association is owned by an Amazon EKS Addon.