Package org.cdk8s.plus24

Class ServiceAccount

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

org.cdk8s.plus24.Resource

org.cdk8s.plus24.ServiceAccount

All Implemented Interfaces:

IApiEndpoint, IApiResource, IResource, IServiceAccount, ISubject, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
           date="2023-07-08T00:25:14.296Z")
@Stability(Stable)
public class ServiceAccount
extends Resource
implements IServiceAccount, ISubject

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

See Also:

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ServiceAccount.Builder	A fluent builder for ServiceAccount.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface org.cdk8s.plus24.IApiEndpoint

IApiEndpoint.Jsii$Default

Nested classes/interfaces inherited from interface org.cdk8s.plus24.IApiResource

IApiResource.Jsii$Default

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface org.cdk8s.plus24.IResource

IResource.Jsii$Default

Nested classes/interfaces inherited from interface org.cdk8s.plus24.IServiceAccount

IServiceAccount.Jsii$Default, IServiceAccount.Jsii$Proxy

Nested classes/interfaces inherited from interface org.cdk8s.plus24.ISubject

ISubject.Jsii$Default, ISubject.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	ServiceAccount(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	ServiceAccount(software.amazon.jsii.JsiiObjectRef objRef)
	ServiceAccount(software.constructs.Construct scope, String id)
	ServiceAccount(software.constructs.Construct scope, String id, ServiceAccountProps props)

Method Summary

Modifier and Type	Method	Description
void	addSecret(ISecret secr)	Allow a secret to be accessed by pods using this service account.
static IServiceAccount	fromServiceAccountName(software.constructs.Construct scope, String id, String name)	Imports a service account from the cluster as a reference.
static IServiceAccount	fromServiceAccountName(software.constructs.Construct scope, String id, String name, FromServiceAccountNameOptions options)	Imports a service account from the cluster as a reference.
protected org.cdk8s.ApiObject	getApiObject()	The underlying cdk8s API object.
Boolean	getAutomountToken()	Whether or not a token is automatically mounted for this service account.
String	getResourceType()	The name of a resource type as it appears in the relevant API endpoint.
List<ISecret>	getSecrets()	List of secrets allowed to be used by pods running using this service account.
SubjectConfiguration	toSubjectConfiguration()	Return the subject configuration.

Methods inherited from class org.cdk8s.plus24.Resource

asApiResource, asNonApiResource, getApiGroup, getApiVersion, getKind, getMetadata, getName, getPermissions, getResourceName

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.cdk8s.plus24.IApiResource

getApiGroup, getResourceName

Methods inherited from interface org.cdk8s.plus24.IResource

getApiVersion, getKind, getName

Methods inherited from interface org.cdk8s.plus24.IServiceAccount

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

ServiceAccount

protected ServiceAccount(software.amazon.jsii.JsiiObjectRef objRef)

ServiceAccount

protected ServiceAccount(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

ServiceAccount

@Stability(Stable)
public ServiceAccount(@NotNull
                      software.constructs.Construct scope,
                      @NotNull
                      String id,
                      @Nullable
                      ServiceAccountProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

ServiceAccount

@Stability(Stable)
public ServiceAccount(@NotNull
                      software.constructs.Construct scope,
                      @NotNull
                      String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

fromServiceAccountName

@Stability(Stable)
@NotNull
public static IServiceAccount fromServiceAccountName(@NotNull
                                                     software.constructs.Construct scope,
                                                     @NotNull
                                                     String id,
                                                     @NotNull
                                                     String name,
                                                     @Nullable
                                                     FromServiceAccountNameOptions options)

Imports a service account from the cluster as a reference.

Parameters:

scope - This parameter is required.

id - This parameter is required.

name - The name of the service account resource. This parameter is required.

options - additional options.

fromServiceAccountName

@Stability(Stable)
@NotNull
public static IServiceAccount fromServiceAccountName(@NotNull
                                                     software.constructs.Construct scope,
                                                     @NotNull
                                                     String id,
                                                     @NotNull
                                                     String name)

Imports a service account from the cluster as a reference.

Parameters:

scope - This parameter is required.

id - This parameter is required.

name - The name of the service account resource. This parameter is required.

addSecret

@Stability(Stable)
public void addSecret(@NotNull
                      ISecret secr)

Allow a secret to be accessed by pods using this service account.

Parameters:

secr - The secret. This parameter is required.

toSubjectConfiguration

@Stability(Stable)
@NotNull
public SubjectConfiguration toSubjectConfiguration()

Return the subject configuration.

Specified by:

toSubjectConfiguration in interface ISubject

See Also:

ISubect.toSubjectConfiguration()

getApiObject

@Stability(Stable)
@NotNull
protected org.cdk8s.ApiObject getApiObject()

The underlying cdk8s API object.

Specified by:

getApiObject in class Resource

See Also:

base.Resource.apiObject

getAutomountToken

@Stability(Stable)
@NotNull
public Boolean getAutomountToken()

Whether or not a token is automatically mounted for this service account.

getResourceType

@Stability(Stable)
@NotNull
public String getResourceType()

The name of a resource type as it appears in the relevant API endpoint.

Specified by:

getResourceType in interface IApiResource

Specified by:

getResourceType in class Resource

See Also:

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources

getSecrets

@Stability(Stable)
@NotNull
public List<ISecret> getSecrets()

List of secrets allowed to be used by pods running using this service account.

Returns a copy. To add a secret, use addSecret().