ECRAuthorizationToken
generators.external-secrets.io / v1alpha1
apiVersion: generators.external-secrets.io/v1alpha1
kind: ECRAuthorizationToken
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object
ECRAuthorizationTokenSpec defines the desired state to generate an AWS ECR authorization token.
auth object
Auth defines how to authenticate with AWS
jwt object
AWSJWTAuth provides configuration to authenticate against AWS using service account tokens.
serviceAccountRef object
ServiceAccountSelector is a reference to a ServiceAccount resource.
audiences
[]string
Audience specifies the `aud` claim for the service account token
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
then this audiences will be appended to the list
name
string required
The name of the ServiceAccount resource being referred to.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
namespace
string
Namespace of the resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63secretRef object
AWSAuthSecretRef holds secret references for AWS credentials
both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
accessKeyIDSecretRef object
The AccessKeyID is used for authentication
key
string
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
pattern:
^[-._a-zA-Z0-9]+$minLength:
1maxLength:
253
name
string
The name of the Secret resource being referred to.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
namespace
string
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63secretAccessKeySecretRef object
The SecretAccessKey is used for authentication
key
string
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
pattern:
^[-._a-zA-Z0-9]+$minLength:
1maxLength:
253
name
string
The name of the Secret resource being referred to.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
namespace
string
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63sessionTokenSecretRef object
The SessionToken used for authentication
This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
key
string
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
pattern:
^[-._a-zA-Z0-9]+$minLength:
1maxLength:
253
name
string
The name of the Secret resource being referred to.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
namespace
string
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
region
string required
Region specifies the region to operate in.
role
string
You can assume a role before making calls to the
desired AWS service.
scope
string
Scope specifies the ECR service scope.
Valid options are private and public.
No matches. Try .spec.auth for an exact path