github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Concepts/azurepodidentityexception.md

github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Concepts/azurepodidentityexception.md (about)

     1  ---
     2  title: "AzurePodIdentityException"
     3  linkTitle: "AzurePodIdentityException"
     4  weight: 4
     5  date: 2020-11-03
     6  description: >
     7    Allow pods with certain labels to access IMDS without being intercepted by NMI.
     8  ---
     9  
    10  <details>
    11  <summary>Examples</summary>
    12  
    13  ```yaml
    14  apiVersion: "aadpodidentity.k8s.io/v1"
    15  kind: AzurePodIdentityException
    16  metadata:
    17    name: aks-addon-exception
    18    namespace: kube-system
    19  spec:
    20    podLabels:
    21      kubernetes.azure.com/managedby: aks
    22  ```
    23  
    24  </details>
    25  
    26  ## `AzurePodIdentityException`
    27  
    28  | Field                                                                                                                   | Description                                                                                                                                                                                                                                                                                         |
    29  |-------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
    30  | `apiVersion`<br>*string*                                                                                                | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.  |
    31  | `kind`<br>*string*                                                                                                      | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds. |
    32  | `metadata`<br>[*`ObjectMeta`*](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta) | Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata                                                                                                                                                                 |
    33  | `spec`<br>[*`AzurePodIdentityExceptionSpec`*](#azurepodidentityexceptionspec)                                           | Describes the specifications of which pods are allowed to access IMDS without being intercepted by NMI.                                                                                                                                                                                             |
    34  
    35  ## `AzurePodIdentityExceptionSpec`
    36  
    37  | Field                              | Description                                           |
    38  |------------------------------------|-------------------------------------------------------|
    39  | `podLabels`<br>*map[string]string* | Pods with matching labels will bypass NMI validation. |