Documentation
¶
Index ¶
- type CacheEntry
- type CredentialsPrefetcher
- func (k *CredentialsPrefetcher) Add(role *iam4kube.IamRole)
- func (k *CredentialsPrefetcher) CredentialsForRole(ctx context.Context, role *iam4kube.IamRole) (*iam4kube.Credentials, error)
- func (k *CredentialsPrefetcher) Inspect(f func(map[IamRoleKey]CacheEntry))
- func (k *CredentialsPrefetcher) Metrics() Metrics
- func (k *CredentialsPrefetcher) Remove(role *iam4kube.IamRole)
- func (k *CredentialsPrefetcher) Run(ctx context.Context)
- type IamRoleKey
- type Kernel
- type Kloud
- type Kroler
- type Limiter
- type Metrics
- type Prefetcher
- type PrefetcherNotifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CacheEntry ¶
type CacheEntry struct {
Role iam4kube.IamRole
Creds iam4kube.Credentials
TimesAddedCounter int // holds the number of times Add() was called for the corresponding role
Awaiting map[chan<- credResponse]struct{}
HasCreds bool // initially false, set to true when creds are retrieved for the first time
EnqueuedForRefresh bool // true if creds are scheduled to be refreshed
}
type CredentialsPrefetcher ¶
type CredentialsPrefetcher struct {
// contains filtered or unexported fields
}
func NewCredentialsPrefetcher ¶
func NewCredentialsPrefetcher(logger *zap.Logger, kloud Kloud, registry prometheus.Registerer, limiter Limiter, workers int) (*CredentialsPrefetcher, error)
func (*CredentialsPrefetcher) Add ¶
func (k *CredentialsPrefetcher) Add(role *iam4kube.IamRole)
func (*CredentialsPrefetcher) CredentialsForRole ¶
func (k *CredentialsPrefetcher) CredentialsForRole(ctx context.Context, role *iam4kube.IamRole) (*iam4kube.Credentials, error)
CredentialsForRole fetches credentials from the cache. It blocks until credentials are available or the context signals done.
func (*CredentialsPrefetcher) Inspect ¶
func (k *CredentialsPrefetcher) Inspect(f func(map[IamRoleKey]CacheEntry))
Inspect asynchronously executes f in the goroutine that owns the cache. f must not mutate cache to avoid interfering with internal invariants.
func (*CredentialsPrefetcher) Metrics ¶
func (k *CredentialsPrefetcher) Metrics() Metrics
func (*CredentialsPrefetcher) Remove ¶
func (k *CredentialsPrefetcher) Remove(role *iam4kube.IamRole)
func (*CredentialsPrefetcher) Run ¶
func (k *CredentialsPrefetcher) Run(ctx context.Context)
type IamRoleKey ¶
type IamRoleKey struct {
// contains filtered or unexported fields
}
func (*IamRoleKey) String ¶
func (k *IamRoleKey) String() string
type Kernel ¶
func (*Kernel) CredentialsForIp ¶
func (k *Kernel) CredentialsForIp(ctx context.Context, ip iam4kube.IP, role string) (*core_v1.Pod, *iam4kube.Credentials, error)
CredentialsForIp fetches credentials for the IAM role that is assigned to a Pod with the provided IP. Returns nil if no IAM role is assigned. May return non-nil pod even on error.
type PrefetcherNotifier ¶
type PrefetcherNotifier struct {
Logger *zap.Logger
Prefetcher Prefetcher
}
func (*PrefetcherNotifier) OnAdd ¶
func (p *PrefetcherNotifier) OnAdd(obj interface{})
func (*PrefetcherNotifier) OnDelete ¶
func (p *PrefetcherNotifier) OnDelete(obj interface{})
func (*PrefetcherNotifier) OnUpdate ¶
func (p *PrefetcherNotifier) OnUpdate(oldObj, newObj interface{})
Source Files
Click to show internal directories.
Click to hide internal directories.