k8s

package
v0.0.0-...-3897c64 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2023 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type TokenClient

type TokenClient struct {
	// contains filtered or unexported fields
}

TokenClient is a client for Kubernetes Token API

func NewTokenClient

func NewTokenClient(kubeClient kubernetes.Interface) *TokenClient

NewTokenClient creates a new TokenClient The client will be used to request a token for token requests configured in the CSIDriver.

func (*TokenClient) DeleteServiceAccountToken

func (c *TokenClient) DeleteServiceAccountToken(podUID types.UID)

DeleteServiceAccountToken should be invoked when pod got deleted. It simply clean token manager cache.

func (*TokenClient) GetServiceAccountToken

func (c *TokenClient) GetServiceAccountToken(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)

GetServiceAccountToken gets a service account token for a pod from cache or from the TokenRequest API. This process is as follows: * Check the cache for the current token request. * If the token exists and does not require a refresh, return the current token. * Attempt to refresh the token. * If the token is refreshed successfully, save it in the cache and return the token. * If refresh fails and the old token is still valid, log an error and return the old token. * If refresh fails and the old token is no longer valid, return an error

func (*TokenClient) SecretProviderServiceAccountTokenAttrs

func (c *TokenClient) SecretProviderServiceAccountTokenAttrs(namespace, serviceAccountName string, tokenRequests []secretsstorecsixk8siov1.TokenRequest) (map[string]string, error)

PodServiceAccountTokenAttrs returns the token for the pod service account that can be bound to the pod. This token will be sent to the providers and is of the format:

"csi.storage.k8s.io/serviceAccount.tokens": {
  <audience>: {
    'token': <token>,
    'expirationTimestamp': <expiration timestamp in RFC3339 format>,
  },
  ...
}

ref: https://kubernetes-csi.github.io/docs/token-requests.html#usage

Directories

Path Synopsis
Package token implements a manager of serviceaccount tokens for pods running on the node.
Package token implements a manager of serviceaccount tokens for pods running on the node.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL