11.8.2. 路径
11.8.2.1. 创建 ManagedServiceAccount
POST /apis/multicluster.openshift.io/v1alpha1/ManagedServiceAccounts
11.8.2.1.1. 描述
创建 ManagedServiceAccount。
11.8.2.1.2. 参数
| 类型 | Name | 描述 | 模式 |
|---|---|---|---|
| Header |
COOKIE | 身份验证:Bearer {ACCESS_TOKEN} ; ACCESS_TOKEN 是用户访问令牌。 | 字符串 |
| Body |
body | 描述要创建的 ManagedServiceAccount 的参数。 | ManagedServiceAccount |
11.8.2.1.3. 响应
| HTTP 代码 | 描述 | 模式 |
|---|---|---|
| 200 | 成功 | 无内容 |
| 403 | 禁止访问 | 无内容 |
| 404 | 未找到资源 | 无内容 |
| 500 | 内部服务错误 | 无内容 |
| 503 | 服务不可用 | 无内容 |
11.8.2.1.4. 使用
-
managedserviceaccount/yaml
11.8.2.1.5. Tags
- managedserviceaccount.multicluster.openshift.io
11.8.2.1.5.1. 请求正文
{
"apiVersion": "apiextensions.k8s.io/v1",
"kind": "CustomResourceDefinition",
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.4.1"
},
"creationTimestamp": null,
"name": "managedserviceaccount.authentication.open-cluster-management.io"
},
"spec": {
"group": "authentication.open-cluster-management.io",
"names": {
"kind": "ManagedServiceAccount",
"listKind": "ManagedServiceAccountList",
"plural": "managedserviceaccounts",
"singular": "managedserviceaccount"
},
"scope": "Namespaced",
"versions": [
{
"name": "v1alpha1",
"schema": {
"openAPIV3Schema": {
"description": "ManagedServiceAccount is the Schema for the managedserviceaccounts\nAPI",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation\nof an object. Servers should convert recognized schemas to the latest\ninternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this\nobject represents. Servers may infer this from the endpoint the client\nsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ManagedServiceAccountSpec defines the desired state of ManagedServiceAccount",
"properties": {
"rotation": {
"description": "Rotation is the policy for rotation the credentials.",
"properties": {
"enabled": {
"default": true,
"description": "Enabled prescribes whether the ServiceAccount token\nwill be rotated from the upstream",
"type": "boolean"
},
"validity": {
"default": "8640h0m0s",
"description": "Validity is the duration for which the signed ServiceAccount\ntoken is valid.",
"type": "string"
}
},
"type": "object"
},
"ttlSecondsAfterCreation": {
"description": "ttlSecondsAfterCreation limits the lifetime of a ManagedServiceAccount.\nIf the ttlSecondsAfterCreation field is set, the ManagedServiceAccount\nwill be automatically deleted regardless of the ManagedServiceAccount's\nstatus. When the ManagedServiceAccount is deleted, its lifecycle\nguarantees (e.g. finalizers) will be honored. If this field is unset,\nthe ManagedServiceAccount won't be automatically deleted. If this\nfield is set to zero, the ManagedServiceAccount becomes eligible\nfor deletion immediately after its creation. In order to use ttlSecondsAfterCreation,\nthe EphemeralIdentity feature gate must be enabled.",
"exclusiveMinimum": true,
"format": "int32",
"minimum": 0,
"type": "integer"
}
},
"required": [
"rotation"
],
"type": "object"
},
"status": {
"description": "ManagedServiceAccountStatus defines the observed state of\nManagedServiceAccount",
"properties": {
"conditions": {
"description": "Conditions is the condition list.",
"items": {
"description": "Condition contains details for one aspect of the current\nstate of this API Resource. --- This struct is intended for direct\nuse as an array at the field path .status.conditions. For example,\ntype FooStatus struct{ // Represents the observations of a\nfoo's current state. // Known .status.conditions.type are:\n\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\n // +patchStrategy=merge // +listType=map // +listMapKey=type\n Conditions []metav1.Condition `json:\"conditions,omitempty\"\npatchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n // other fields }",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition\ntransitioned from one status to another. This should be when\nthe underlying condition changed. If that is not known, then\nusing the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating\ndetails about the transition. This may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation\nthat the condition was set based upon. For instance, if .metadata.generation\nis currently 12, but the .status.conditions[x].observedGeneration\nis 9, the condition is out of date with respect to the current\nstate of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating\nthe reason for the condition's last transition. Producers\nof specific condition types may define expected values and\nmeanings for this field, and whether the values are considered\na guaranteed API. The value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n--- Many .condition.type values are consistent across resources\nlike Available, but because arbitrary conditions can be useful\n(see .node.status.conditions), the ability to deconflict is\nimportant. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"expirationTimestamp": {
"description": "ExpirationTimestamp is the time when the token will expire.",
"format": "date-time",
"type": "string"
},
"tokenSecretRef": {
"description": "TokenSecretRef is a reference to the corresponding ServiceAccount's\nSecret, which stores the CA certficate and token from the managed\ncluster.",
"properties": {
"lastRefreshTimestamp": {
"description": "LastRefreshTimestamp is the timestamp indicating\nwhen the token in the Secret is refreshed.",
"format": "date-time",
"type": "string"
},
"name": {
"description": "Name is the name of the referenced secret.",
"type": "string"
}
},
"required": [
"lastRefreshTimestamp",
"name"
],
"type": "object"
}
},
"type": "object"
}
},
"type": "object"
}
},
"served": true,
"storage": true,
"subresources": {
"status": {}
}
}
]
},
"status": {
"acceptedNames": {
"kind": "",
"plural": ""
},
"conditions": [],
"storedVersions": []
}
}