{ "description": "ECRAuthorizationToken uses the GetAuthorizationToken API to retrieve an authorization token.\nThe authorization token is valid for 12 hours.\nThe authorizationToken returned is a base64 encoded string that can be decoded\nand used in a docker login command to authenticate to a registry.\nFor more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ECRAuthorizationTokenSpec defines the desired state to generate an AWS ECR authorization token.", "properties": { "auth": { "description": "Auth defines how to authenticate with AWS", "properties": { "jwt": { "description": "AWSJWTAuth provides configuration to authenticate against AWS using service account tokens.", "properties": { "serviceAccountRef": { "description": "ServiceAccountSelector is a reference to a ServiceAccount resource.", "properties": { "audiences": { "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", "items": { "type": "string" }, "type": "array" }, "name": { "description": "The name of the ServiceAccount resource being referred to.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "secretRef": { "description": "AWSAuthSecretRef holds secret references for AWS credentials\nboth AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.", "properties": { "accessKeyIDSecretRef": { "description": "The AccessKeyID is used for authentication", "properties": { "key": { "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", "maxLength": 253, "minLength": 1, "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, "type": "object", "additionalProperties": false }, "secretAccessKeySecretRef": { "description": "The SecretAccessKey is used for authentication", "properties": { "key": { "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", "maxLength": 253, "minLength": 1, "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, "type": "object", "additionalProperties": false }, "sessionTokenSecretRef": { "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", "properties": { "key": { "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", "maxLength": 253, "minLength": 1, "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "region": { "description": "Region specifies the region to operate in.", "type": "string" }, "role": { "description": "You can assume a role before making calls to the\ndesired AWS service.", "type": "string" }, "scope": { "description": "Scope specifies the ECR service scope.\nValid options are private and public.", "type": "string" } }, "required": [ "region" ], "type": "object", "additionalProperties": false } }, "type": "object" }