UNPKG

cdk8s-plus-25

Version:

cdk8s+ is a software development framework that provides high level abstractions for authoring Kubernetes applications. cdk8s-plus-25 synthesizes Kubernetes manifests for Kubernetes 1.25.0

github.com/cdk8s-team/cdk8s-plus

cdk8s-team/cdk8s-plus

84 lines (83 loc) 3.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import { ApiObject } from 'cdk8s'; import { Construct } from 'constructs'; import * as base from './base'; import * as rb from './role-binding'; import * as secret from './secret'; export interface IServiceAccount extends base.IResource, rb.ISubject { } /** * Properties for initialization of `ServiceAccount`. */ export interface ServiceAccountProps extends base.ResourceProps { /** * List of secrets allowed to be used by pods running using this * ServiceAccount. * * @see https://kubernetes.io/docs/concepts/configuration/secret */ readonly secrets?: secret.ISecret[]; /** * Indicates whether pods running as this service account * should have an API token automatically mounted. Can be overridden at the pod level. * * @default false * @see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server */ readonly automountToken?: boolean; } export interface FromServiceAccountNameOptions { /** * The name of the namespace the service account belongs to. * * @default "default" */ readonly namespaceName?: string; } /** * A service account provides an identity for processes that run in a Pod. * * When you (a human) access the cluster (for example, using kubectl), you are * authenticated by the apiserver as a particular User Account (currently this * is usually admin, unless your cluster administrator has customized your * cluster). Processes in containers inside pods can also contact the apiserver. * When they do, they are authenticated as a particular Service Account (for * example, default). * * @see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account */ export declare class ServiceAccount extends base.Resource implements IServiceAccount, rb.ISubject { /** * Imports a service account from the cluster as a reference. * @param name The name of the service account resource. * @param options additional options. */ static fromServiceAccountName(scope: Construct, id: string, name: string, options?: FromServiceAccountNameOptions): IServiceAccount; /** * @see base.Resource.apiObject */ protected readonly apiObject: ApiObject; readonly resourceType = "serviceaccounts"; private readonly _secrets; /** * Whether or not a token is automatically mounted for this * service account. */ readonly automountToken: boolean; constructor(scope: Construct, id: string, props?: ServiceAccountProps); /** * Allow a secret to be accessed by pods using this service account. * @param secr The secret */ addSecret(secr: secret.ISecret): void; /** * List of secrets allowed to be used by pods running using this service * account. * * Returns a copy. To add a secret, use `addSecret()`. */ get secrets(): secret.ISecret[]; /** * @see ISubect.toSubjectConfiguration() */ toSubjectConfiguration(): rb.SubjectConfiguration; }