Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrGKEAnnotationInvalid = fmt.Errorf("gke annotation %q has invalid google service account email", gkeAnnotation)
Functions ¶
func GoogleEmail ¶
func GoogleEmail(sa *corev1.ServiceAccount) (*string, error)
GoogleEmail returns the Google service account email from the same annotation used in native GCP Workload Identity Federation for GKE. The annotation is:
iam.gke.io/gcp-service-account
Types ¶
type Reference ¶ added in v0.7.0
func ReferenceFromNode ¶ added in v0.7.0
ReferenceFromNode returns a ServiceAccount reference from the Node object annotations or labels. Annotations take precedence over labels because we encourage users to use annotations instead of labels in this case since. Labels are more impactful to etcd since they are indexed, and we don't need indexing here so we prefer annotations.
The ServiceAccount reference is retrieved from the following pair of annotations or labels:
gke-metadata-server.matheuscscp.io/serviceAccountName
gke-metadata-server.matheuscscp.io/serviceAccountNamespace
If the annotations or labels are not found, defaultRef is returned.
func ReferenceFromObject ¶ added in v0.7.0
func ReferenceFromObject(sa *corev1.ServiceAccount) *Reference
ReferenceFromObject returns a ServiceAccount reference from a ServiceAccount object.
func ReferenceFromPod ¶ added in v0.7.0
ReferenceFromPod returns a ServiceAccount reference from a Pod object.
func ReferenceFromToken ¶ added in v0.8.2
ReferenceFromToken returns a ServiceAccount reference from a ServiceAccount Token.
Source Files
Directories