Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GoogleEmail ¶
func GoogleEmail(sa *corev1.ServiceAccount) (string, error)
GoogleEmail returns the Google service account email from the same annotation used in native GKE Workload Identity. The annotation is:
iam.gke.io/gcp-service-account
func IsGoogleEmail ¶ added in v0.3.0
IsGoogleEmail returns true if the string is a valid Google service account email. The email must match the following pattern:
^[a-zA-Z0-9-]+@[a-zA-Z0-9-]+\.iam\.gserviceaccount\.com$
Types ¶
type Reference ¶ added in v0.7.0
func ReferenceFromNode ¶ added in v0.7.0
ReferenceFromNode returns a ServiceAccount reference from the Node object annotations or labels. Annotations take precedence over labels because we encourage users to use annotations instead of labels in this case since. Labels are more impactful to etcd since they are indexed, and we don't need indexing here so we prefer annotations.
The ServiceAccount reference is retrieved from the following pair of annotations or labels:
gke-metadata-server.matheuscscp.io/serviceAccountName
gke-metadata-server.matheuscscp.io/serviceAccountNamespace
If the annotations or labels are not found, defaultRef is returned.
func ReferenceFromObject ¶ added in v0.7.0
func ReferenceFromObject(sa *corev1.ServiceAccount) *Reference
ReferenceFromObject returns a ServiceAccount reference from a ServiceAccount object.
func ReferenceFromPod ¶ added in v0.7.0
ReferenceFromPod returns a ServiceAccount reference from a Pod object.
Source Files
Directories