Auth
data class AuthBackendConfigArgs(val backend: Output<String>? = null, val disableIssValidation: Output<Boolean>? = null, val disableLocalCaJwt: Output<Boolean>? = null, val issuer: Output<String>? = null, val kubernetesCaCert: Output<String>? = null, val kubernetesHost: Output<String>? = null, val namespace: Output<String>? = null, val pemKeys: Output<List<String>>? = null, val tokenReviewerJwt: Output<String>? = null) : ConvertibleToJava<AuthBackendConfigArgs>
Manages an Kubernetes auth backend config in a Vault server. See the [Vault
documentation](https://www.vaultproject.io/docs/auth/kubernetes.html) for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kubernetes = new vault.AuthBackend("kubernetes", {type: "kubernetes"});
const example = new vault.kubernetes.AuthBackendConfig("example", {
backend: kubernetes.path,
kubernetesHost: "http://example.com:443",
kubernetesCaCert: `-----BEGIN CERTIFICATE-----
example
-----END CERTIFICATE-----`,
tokenReviewerJwt: "ZXhhbXBsZQo=",
issuer: "api",
disableIssValidation: true,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
kubernetes = vault.AuthBackend("kubernetes", type="kubernetes")
example = vault.kubernetes.AuthBackendConfig("example",
backend=kubernetes.path,
kubernetes_host="http://example.com:443",
kubernetes_ca_cert="""-----BEGIN CERTIFICATE-----
example
-----END CERTIFICATE-----""",
token_reviewer_jwt="ZXhhbXBsZQo=",
issuer="api",
disable_iss_validation=True)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var kubernetes = new Vault.AuthBackend("kubernetes", new()
{
Type = "kubernetes",
});
var example = new Vault.Kubernetes.AuthBackendConfig("example", new()
{
Backend = kubernetes.Path,
KubernetesHost = "http://example.com:443",
KubernetesCaCert = @"-----BEGIN CERTIFICATE-----
example
-----END CERTIFICATE-----",
TokenReviewerJwt = "ZXhhbXBsZQo=",
Issuer = "api",
DisableIssValidation = true,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kubernetes"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kubernetes, err := vault.NewAuthBackend(ctx, "kubernetes", &vault.AuthBackendArgs{
Type: pulumi.String("kubernetes"),
})
if err != nil {
return err
}
_, err = kubernetes.NewAuthBackendConfig(ctx, "example", &kubernetes.AuthBackendConfigArgs{
Backend: kubernetes.Path,
KubernetesHost: pulumi.String("http://example.com:443"),
KubernetesCaCert: pulumi.String("-----BEGIN CERTIFICATE-----\nexample\n-----END CERTIFICATE-----"),
TokenReviewerJwt: pulumi.String("ZXhhbXBsZQo="),
Issuer: pulumi.String("api"),
DisableIssValidation: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.kubernetes.AuthBackendConfig;
import com.pulumi.vault.kubernetes.AuthBackendConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kubernetes = new AuthBackend("kubernetes", AuthBackendArgs.builder()
.type("kubernetes")
.build());
var example = new AuthBackendConfig("example", AuthBackendConfigArgs.builder()
.backend(kubernetes.path())
.kubernetesHost("http://example.com:443")
.kubernetesCaCert("""
-----BEGIN CERTIFICATE-----
example
-----END CERTIFICATE----- """)
.tokenReviewerJwt("ZXhhbXBsZQo=")
.issuer("api")
.disableIssValidation("true")
.build());
}
}Content copied to clipboard
resources:
kubernetes:
type: vault:AuthBackend
properties:
type: kubernetes
example:
type: vault:kubernetes:AuthBackendConfig
properties:
backend: ${kubernetes.path}
kubernetesHost: http://example.com:443
kubernetesCaCert: |-
-----BEGIN CERTIFICATE-----
example
-----END CERTIFICATE-----
tokenReviewerJwt: ZXhhbXBsZQo=
issuer: api
disableIssValidation: 'true'Content copied to clipboard
Import
Kubernetes authentication backend can be imported using the path, e.g.
$ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/configContent copied to clipboard
Constructors
Link copied to clipboard
constructor(backend: Output<String>? = null, disableIssValidation: Output<Boolean>? = null, disableLocalCaJwt: Output<Boolean>? = null, issuer: Output<String>? = null, kubernetesCaCert: Output<String>? = null, kubernetesHost: Output<String>? = null, namespace: Output<String>? = null, pemKeys: Output<List<String>>? = null, tokenReviewerJwt: Output<String>? = null)
Properties
Link copied to clipboard
Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
Link copied to clipboard
Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
Link copied to clipboard
PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
Link copied to clipboard
Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
Link copied to clipboard
Link copied to clipboard
A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.