Creating a Pod Identity Association

Function

This API is used to create a pod identity association to associate a service account of the container cluster with an IAM agency.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
cce:podIdentityAssociation:create	Write	podidentityassociation *	-	-	-
cce:podIdentityAssociation:create	Write	-	g:EnterpriseProjectId g:TagKeys g:RequestTag/<tag-key> cce:ClusterId	-	-

URI

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/pod-identity-associations

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Details: Project ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. Constraints: None Options: Project IDs of the account Default value: N/A
cluster_id	Yes	String	Details: Cluster ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. Constraints: None Options: Cluster IDs Default value: N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Definition Type (or format) of the request body. The default value is application/json. Other values of this field will be provided for specific APIs, if any. Constraints GET requests are not validated. Default Value N/A
X-Auth-Token	Yes	String	Details: Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a User Token. Constraints: None Options: N/A Default value: N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
namespace	Yes	String	Definition Namespace of the service account associated with a pod identity association Constraints The value cannot be changed. Range N/A Default Value N/A
serviceAccount	Yes	String	Definition Name of the service account associated with a pod identity association Constraints Only one pod identity association can be created for a service account. Range N/A Default Value N/A
agencyName	Yes	String	Definition Name of the agency to be associated with a pod identity association. The agency can be a general agency or a trust agency. Constraints N/A Range N/A Default Value N/A
tags	No	Array of ResourceTag objects	Definition Resource tag list of a pod identity association Constraints N/A

**Table 4** ResourceTag
Parameter	Mandatory	Type	Description
key	No	String	Details: Key Constraints: None Options: The value cannot be empty and cannot start or end with spaces. A maximum of 128 characters is supported. The value can contain letters, digits, and spaces in UTF-8 format. The value can contain the following special characters: _.:=+-@ The value cannot start with _sys_. Default value: N/A
value	No	String	Details: Value Constraints: None Options: The value can be null but not the default. Max characters: 255 Letters, digits, and spaces in UTF-8 format are supported. The value can contain the following special characters: _.:/=+-@ Default value: N/A

Response Parameters

Status code: 201

**Table 5** Response body parameters
Parameter	Type	Description
uid	String	Definition UID of a pod identity association Constraints The value cannot be changed. Range N/A Default Value N/A
clusterId	String	Definition ID of the cluster that the pod identity association belongs to Constraints The value cannot be changed. Range N/A Default Value N/A
namespace	String	Definition Namespace of the service account associated with a pod identity association Constraints The value cannot be changed. Range N/A Default Value N/A
serviceAccount	String	Definition Name of the service account associated with a pod identity association Constraints The value cannot be changed. Range N/A Default Value N/A
agencyName	String	Definition Name of the agency associated with a pod identity association Constraints N/A Range N/A Default Value N/A
tags	Array of ResourceTag objects	Definition Resource tag list of a pod identity association Constraints N/A
createdAt	String	Definition Time when a pod identity association was created Constraints N/A Range N/A Default Value N/A
modifiedAt	String	Definition Time when a pod identity association was last updated Constraints N/A Range N/A Default Value N/A

**Table 6** ResourceTag
Parameter	Type	Description
key	String	Details: Key Constraints: None Options: The value cannot be empty and cannot start or end with spaces. A maximum of 128 characters is supported. The value can contain letters, digits, and spaces in UTF-8 format. The value can contain the following special characters: _.:=+-@ The value cannot start with _sys_. Default value: N/A
value	String	Details: Value Constraints: None Options: The value can be null but not the default. Max characters: 255 Letters, digits, and spaces in UTF-8 format are supported. The value can contain the following special characters: _.:/=+-@ Default value: N/A

Example Requests

Create a pod identity association.

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/pod-identity-associations

{
  "namespace" : "example-namespace",
  "serviceAccount" : "example-serviceaccount",
  "agencyName" : "example-agency",
  "tags" : [ {
    "key" : "example-tag-key",
    "value" : "example-tag-val"
  } ]
}

Example Responses

Status code: 201

A pod identity association has been created in the specified cluster.

{
  "uid" : "402358e8-2e3a-4531-bae7-fe9cbxxxxxx1",
  "clusterId" : "402358e8-2e3a-4531-bae7-fe9cbxxxxxx1",
  "namespace" : "example-namespace",
  "serviceAccount" : "example-serviceaccount",
  "agencyName" : "example-agency",
  "tags" : [ {
    "key" : "example-tag-key",
    "value" : "example-tag-val"
  } ],
  "createdAt" : "",
  "modifiedAt" : ""
}

Status Codes

Status Code	Description
201	A pod identity association has been created in the specified cluster.

Error Codes

See Error Codes.

Parent Topic: Permissions Management

Previous topic: Deleting an Access Policy

Next topic: Querying Pod Identity Associations of a Specified Cluster

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot