Documentation ¶
Overview ¶
Package token implements a manager of serviceaccount tokens for pods running on the node.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager manages service account tokens for pods.
func NewManager ¶
NewManager returns a new token manager.
func (*Manager) DeleteServiceAccountToken ¶ added in v1.13.3
DeleteServiceAccountToken should be invoked when pod got deleted. It simply clean token manager cache.
func (*Manager) GetServiceAccountToken ¶
func (m *Manager) GetServiceAccountToken(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)
GetServiceAccountToken gets a service account token for a pod from cache or from the TokenRequest API. This process is as follows: * Check the cache for the current token request. * If the token exists and does not require a refresh, return the current token. * Attempt to refresh the token. * If the token is refreshed successfully, save it in the cache and return the token. * If refresh fails and the old token is still valid, log an error and return the old token. * If refresh fails and the old token is no longer valid, return an error