public interface K8sAuth
Kubernetes authentication method API.
  • Field Details

  • Method Details

    • createRole

      Registers a role in the auth method. Role types have specific entities that can perform login operations against this endpoint. Constraints specific to the role type must be set on the role. These are applied to the authenticated entities attempting to login.
      Parameters:
      request - create role request
      Returns:
      when the role is created
    • deleteRole

      Deletes the previously registered role.
      Parameters:
      request - delete role request
      Returns:
      when the role is deleted
    • login

      Login.Response login(Login.Request request)
      Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and a role name for some entity. It verifies the JWT signature to authenticate that entity and then authorizes the entity for the given role.
      Parameters:
      request - login request
      Returns:
      login response
    • configure

      Configure this authentication method.

      The Kubernetes auth method validates service account JWTs and verifies their existence with the Kubernetes TokenReview API. This endpoint configures the public key used to validate the JWT signature and the necessary information to access the Kubernetes API.

      Caveats

      If Vault is running in a Kubernetes Pod, the kubernetes_ca_cert and token_reviewer_jwt parameters will automatically default to the local CA cert (/var/run/secrets/kubernetes.io/serviceaccount/ca.crt) and local service account JWT (/var/run/secrets/kubernetes.io/serviceaccount/token). This behavior may be disabled by setting disable_local_ca_jwt to true. When Vault is running in a non-Kubernetes environment, either kubernetes_ca_cert or pem_keys must be set by the user.

      Parameters:
      request - request to configure
      Returns:
      when configured