Kubernetes Targets
You can define a K8s target to be used with dynamic secrets for the following supported K8s types:
EKS
To create EKS target define the following parameters:
-Name- A unique name for the target. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the target.
-Access Key ID- The access key ID of the IAM user to be used to connect to the EKS.
-Secret Access Key- The secret access key of the IAM user.
-Region- The region on which the cluster resides.
-EKS Cluster Name- The cluster name.
-EKS Cluster URL Endpoint- The URL of the cluster.
-EKS Cluster CA Certificate- A base64-encoded representation of the cluster CA certificate.
-n, --name *Target name
--comment Comment about the target
--eks-cluster-name *EKS cluster name
--eks-cluster-endpoint *EKS cluster endpoint (i.e., https://<IP> of the cluster)
--eks-cluster-ca-cert *EKS cluster base-64 encoded certificate
--eks-access-key-id EKS access key ID
--eks-secret-access-key EKS secret access key
--eks-region[=us-east-2] EKS region
-k, --key Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
--profile Use a specific profile from your akeyless/profiles/ folder
--username Optional username for various authentication flows
--password Optional password for various authentication flows
--uid-token The universal identity token, Required only for universal_identity authentication
-h, --help display help information
--json[=false] Set output format to JSON
--no-creds-cleanup[=false] Do not clean local temporary expired creds
GKE
To create GKE target define the following parameters:
-Name- A unique name for the target. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the target.
-GKE Cluster Name (optional)- The GKE cluster name. If no value is configured, this will default to gks-cluster-< service account name >.
-GKE Cluster CA Certificate - A base64-encoded representation of the cluster CA certificate.
-GKE Cluster URL Endpoint- The URL of the cluster.
-GKE Service Account Email- The email of the service account ([email protected]).
-GKE Service Account Key- The RSA private key generated for this service account to access. This must be a proper PEM encoded PKCS1 or PKCS8 private key. The input string must have actual new lines instead of \n characters.
-n, --name *Target name
--comment Comment about the target
--gke-account-email *GKE service account email
--gke-account-key-file-path File path to GKE service account key
--gke-account-key GKE service account key
--gke-cluster-endpoint *GKE cluster endpoint, i.e., cluster URI https://<DNS/IP>.
--gke-cluster-ca-cert *GKE Base-64 encoded cluster certificate
--gke-cluster-name GKE cluster name
-k, --key Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
--profile Use a specific profile from your akeyless/profiles/ folder
--username Optional username for various authentication flows
--password Optional password for various authentication flows
--uid-token The universal identity token, Required only for universal_identity authentication
-h, --help display help information
--json[=false] Set output format to JSON
--no-creds-cleanup[=false] Do not clean local temporary expired creds
K8S Generic
To create a Generic K8s target define the following parameters:
-Name- A unique name for the target. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the target.
-k8s-cluster-endpoint- The DNS or IP address of the cluster, in https:// format.
-k8s-cluster-ca-cert- The Base-64 encoded cluster certificate.
-k8s-cluster-token- A JWT authentication token authorized to create service account tokens.
-n, --name *Target name
-e, --k8s-cluster-endpoint *K8S Cluster endpoint. https:// , <DNS / IP> of the cluster.
-c, --k8s-cluster-ca-cert *K8S Cluster certificate. Base 64 encoded certificate.
-t, --k8s-cluster-token *K8S Cluster authentication token.
-k, --key Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
--comment Comment about the target
--profile Use a specific profile from your akeyless/profiles/ folder
--username Optional username for various authentication flows
--password Optional password for various authentication flows
--uid-token The universal identity token, Required only for universal_identity authentication
-h, --help display help information
--json[=false] Set output format to JSON
--no-creds-cleanup[=false] Do not clean local temporary expired creds
Updated 10 months ago