CredentialsRequest is the Schema for the credentialsrequests API
CredentialsRequest is the Schema for the credentialsrequests API
object
spec
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
|
CredentialsRequestSpec defines the desired state of CredentialsRequest |
|
|
CredentialsRequestStatus defines the observed state of CredentialsRequest |
CredentialsRequestSpec defines the desired state of CredentialsRequest
object
secretRef
Property | Type | Description |
---|---|---|
|
`` |
ProviderSpec contains the cloud provider specific credentials specification. |
|
|
SecretRef points to the secret where the credentials should be stored once generated. |
|
|
ServiceAccountNames contains a list of ServiceAccounts that will use permissions associated with this CredentialsRequest. This is not used by CCO, but the information is needed for being able to properly set up access control in the cloud provider when the ServiceAccounts are used as part of the cloud credentials flow. |
SecretRef points to the secret where the credentials should be stored once generated.
object
Property | Type | Description |
---|---|---|
|
|
API version of the referent. |
|
|
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. |
|
|
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
|
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
|
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
|
|
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
CredentialsRequestStatus defines the observed state of CredentialsRequest
object
lastSyncGeneration
provisioned
Property | Type | Description |
---|---|---|
|
|
Conditions includes detailed status for the CredentialsRequest |
|
|
CredentialsRequestCondition contains details for any of the conditions on a CredentialsRequest object |
|
|
LastSyncCloudCredsSecretResourceVersion is the resource version of the cloud credentials secret resource when the credentials request resource was last synced. Used to determine if the the cloud credentials have been updated since the last sync. |
|
|
LastSyncGeneration is the generation of the credentials request resource that was last synced. Used to determine if the object has changed and requires a sync. |
|
|
LastSyncTimestamp is the time that the credentials were last synced. |
|
`` |
ProviderStatus contains cloud provider specific status. |
|
|
Provisioned is true once the credentials have been initially provisioned. |
Conditions includes detailed status for the CredentialsRequest
array
CredentialsRequestCondition contains details for any of the conditions on a CredentialsRequest object
object
status
type
Property | Type | Description |
---|---|---|
|
|
LastProbeTime is the last time we probed the condition |
|
|
LastTransitionTime is the last time the condition transitioned from one status to another. |
|
|
Message is a human-readable message indicating details about the last transition |
|
|
Reason is a unique, one-word, CamelCase reason for the condition’s last transition |
|
|
Status is the status of the condition |
|
|
Type is the specific type of the condition |
The following API endpoints are available:
/apis/cloudcredential.openshift.io/v1/credentialsrequests
GET
: list objects of kind CredentialsRequest
/apis/cloudcredential.openshift.io/v1/namespaces/{namespace}/credentialsrequests
DELETE
: delete collection of CredentialsRequest
GET
: list objects of kind CredentialsRequest
POST
: create a CredentialsRequest
/apis/cloudcredential.openshift.io/v1/namespaces/{namespace}/credentialsrequests/{name}
DELETE
: delete a CredentialsRequest
GET
: read the specified CredentialsRequest
PATCH
: partially update the specified CredentialsRequest
PUT
: replace the specified CredentialsRequest
/apis/cloudcredential.openshift.io/v1/namespaces/{namespace}/credentialsrequests/{name}/status
GET
: read status of the specified CredentialsRequest
PATCH
: partially update status of the specified CredentialsRequest
PUT
: replace status of the specified CredentialsRequest
Parameter | Type | Description |
---|---|---|
|
|
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
|
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
|
A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
|
A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the cont |