This resource is part of the v1alpha1 API and is subject to change. Fields and behavior may change in future releases.
Identity
| |
|---|
| Group | iam.miloapis.com |
| Version | v1alpha1 |
| Kind | ServiceAccount |
| Scope | Platform |
Overview
A ServiceAccount represents a non-human identity that can authenticate to Datum Cloud, for use by automation, CI pipelines, and other machine-to-machine workloads. Once created, the platform computes a stable email address for the identity, and you control whether it can authenticate by setting its state. Set the state to Inactive to immediately prohibit new authentication and revoke existing sessions, then back to Active to restore access.
Spec fields
| Field | Type | Required | Description |
|---|
spec.state | string | No | The activation state of the service account, one of Active or Inactive. Active allows the service account to authenticate; Inactive prohibits authentication and revokes all existing sessions. This state can be safely changed as needed. |
Status fields (read-only)
| Field | Type | Description |
|---|
status.conditions | []Object | Conditions that represent the current status of the ServiceAccount. |
status.email | string | The computed email of the service account, following the pattern {name}@{namespace}.{project}.{global-suffix}. |
status.state | string | The current activation state (Active or Inactive) as observed from the auth provider. Tracks the state from the previous generation and is updated once a state change is successfully propagated. |
Usage
apiVersion: iam.miloapis.com/v1alpha1
kind: ServiceAccount
metadata:
name: ci-deployer
spec:
state: Active
datumctl apply -f serviceaccount.yaml
datumctl get serviceaccounts.iam.miloapis.com
datumctl describe serviceaccounts.iam.miloapis.com ci-deployer
Run datumctl explain serviceaccounts.iam.miloapis.com --recursive to see the full, live field tree for this resource.