Property UseOKEWorkloadIdentity
UseOKEWorkloadIdentity
Gets or sets a value that determines whether to use authorization
for Oracle Container Engine for Kubernetes (OKE) workload
identity. This authorization can only be used inside Kubernetes
pods.
Declaration
public bool UseOKEWorkloadIdentity { get; set; }Property Value
| Type | Description |
|---|---|
| Boolean |
true to use an OKE workload identity, otherwise
false. The default is false. The true value
is exclusive with Credentials, ConfigFile,
ProfileName, CredentialsProvider,
UseResourcePrincipal,
UseInstancePrincipal and
UseSessionToken.
|
Remarks
For information on Container Engine for Kubernetes, see Overview of Container Engine for Kubernetes . Also see Granting Workloads Access to OCI Resources for more details on OKE workload identity.
Using OKE workload identity requires service account token. By
default, the provider will load service account token from the
default file path
/var/run/secrets/kubernetes.io/serviceaccount/token.
You may override this and provide your own service account token
by creating IAMAuthorizationProvider in 3 different
ways:
- By calling CreateWithOKEWorkloadIdentity(String) and passing service account token string.
- By calling CreateWithOKEWorkloadIdentityAndTokenFile(String) and passing a path to service account token file. Alternatively, you may set ServiceAccountTokenFile property. This file will be read every time the SDK needs to obtain security token from IAM.
- By calling CreateWithOKEWorkloadIdentity(Func<CancellationToken, Task<String>>) and passing a custom provider delegate to load service account token. This delegate will be invoked every time the SDK needs to obtain security token from IAM.