Documentation
¶
Index ¶
- func GenerateGenericTokenKubeconfig(ctx context.Context, secretsManager secretsmanager.Interface, ...) (*corev1.Secret, error)
- func IsTokenPopulated(secret *corev1.Secret) (bool, error)
- func RenewAccessSecrets(ctx context.Context, c client.Client, opts ...client.ListOption) error
- func RenewWorkloadIdentityTokens(ctx context.Context, c client.Client, opts ...client.ListOption) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateGenericTokenKubeconfig ¶
func GenerateGenericTokenKubeconfig(ctx context.Context, secretsManager secretsmanager.Interface, namespace, kubeAPIServerAddress string) (*corev1.Secret, error)
GenerateGenericTokenKubeconfig generates a generic token kubeconfig in the given namespace for the given kube-apiserver address. In case of a rotation, the old kubeconfig is kept in the cluster.
func IsTokenPopulated ¶
IsTokenPopulated checks if a `kubeconfig` secret already contains a token.
func RenewAccessSecrets ¶
RenewAccessSecrets drops the serviceaccount.resources.gardener.cloud/token-renew-timestamp annotation from all access secrets selected by the given list options. This will make the token-requestor controller in gardener-resource-manager/gardenlet issue new tokens immediately.
func RenewWorkloadIdentityTokens ¶ added in v1.103.0
func RenewWorkloadIdentityTokens(ctx context.Context, c client.Client, opts ...client.ListOption) error
RenewWorkloadIdentityTokens drops the workloadidentity.security.gardener.cloud/token-renew-timestamp annotation from all token secrets selected by the given list options. This will make the token-requestor-workload-identity controller in gardenlet to issue new tokens immediately.
Types ¶
This section is empty.
Source Files