Client Authentication (v1)

    Appears in:

    Cluster contains information to allow an exec plugin to communicate with the kubernetes cluster being authenticated to.

    To ensure that this struct contains everything someone would need to communicate with a kubernetes cluster (just like they would via a kubeconfig), the fields should shadow “k8s.io/client-go/tools/clientcmd/api/v1”.Cluster, with the exception of CertificateAuthority, since CA data will always be passed to the plugin as bytes.

    Appears in:

    ExecCredentialSpec holds request and runtime specific information provided by the transport.

    Appears in:

    ExecCredentialStatus holds credentials for the transport to use.

    Token and ClientKeyData are sensitive fields. This data should only be transmitted in-memory between client and exec plugin process. Exec plugin itself should at least be protected via file permissions.