You are viewing documentation for Kubernetes version: v1.30
Kubernetes v1.30 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date information, see the latest version.
Kubelet Configuration (v1)
Resource Types
CredentialProviderConfig
CredentialProviderConfig is the configuration containing information about each exec credential provider. Kubelet reads this configuration from disk and enables each provider as specified by the CredentialProvider type.
Field | Description |
---|---|
apiVersion string | kubelet.config.k8s.io/v1 |
kind string | CredentialProviderConfig |
providers [Required][]CredentialProvider
|
providers is a list of credential provider plugins that will be enabled by the kubelet. Multiple providers may match against a single image, in which case credentials from all providers will be returned to the kubelet. If multiple providers are called for a single image, the results are combined. If providers return overlapping auth keys, the value from the provider earlier in this list is used. |
CredentialProvider
Appears in:
CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only invoked when an image being pulled matches the images handled by the plugin (see matchImages).
Field | Description |
---|---|
name [Required]string
|
name is the required name of the credential provider. It must match the name of the provider executable as seen by the kubelet. The executable must be in the kubelet's bin directory (set by the --image-credential-provider-bin-dir flag). |
matchImages [Required][]string
|
matchImages is a required list of strings used to match against images in order to determine if this provider should be invoked. If one of the strings matches the requested image from the kubelet, the plugin will be invoked and given a chance to provide credentials. Images are expected to contain the registry domain and URL path. Each entry in matchImages is a pattern which can optionally contain a port and a path. Globs can be used in the domain, but not in the port or the path. Globs are supported as subdomains like '*.k8s.io' or 'k8s.*.io', and top-level-domains such as 'k8s.*'. Matching partial subdomains like 'app*.k8s.io' is also supported. Each glob can only match a single subdomain segment, so '*.io' does not match '*.k8s.io'. A match exists between an image and a matchImage when all of the below are true:
Example values of matchImages:
|
defaultCacheDuration [Required]meta/v1.Duration
|
defaultCacheDuration is the default duration the plugin will cache credentials in-memory if a cache duration is not provided in the plugin response. This field is required. |
apiVersion [Required]string
|
Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse MUST use the same encoding version as the input. Current supported values are:
|
args []string
|
Arguments to pass to the command when executing it. |
env []ExecEnvVar
|
Env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin. |
ExecEnvVar
Appears in:
ExecEnvVar is used for setting environment variables when executing an exec-based credential plugin.
Field | Description |
---|---|
name [Required]string
|
No description provided. |
value [Required]string
|
No description provided. |
This page is automatically generated.
If you plan to report an issue with this page, mention that the page is auto-generated in your issue description. The fix may need to happen elsewhere in the Kubernetes project.