identity_selector.proto

Package : core.zephyr.solo.io

Top

identity_selector.proto

Table of Contents

IdentitySelector

Selector capable of selecting specific service identities. Useful for binding policy rules. Either (namespaces, cluster, service_account_names) or service_accounts can be specified. If all fields are omitted, any source identity is permitted.

Field Type Label Description
matcher IdentitySelector.Matcher
serviceAccountRefs IdentitySelector.ServiceAccountRefs

IdentitySelector.Matcher

Field Type Label Description
namespaces []string repeated Namespaces to allow. If not set, any namespace is allowed.
clusters []string repeated Cluster to allow. If not set, any cluster is allowed.

IdentitySelector.ServiceAccountRefs

Field Type Label Description
serviceAccounts []ResourceRef repeated List of ServiceAccounts to allow. If not set, any ServiceAccount is allowed.