k8s

package
v1.4.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 7, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Informer

type Informer struct {
	NodePublishSecretRefSecret cache.SharedIndexInformer
}

Informer holds the shared index informers

type Lister

type Lister struct {
	NodePublishSecretRefSecret SecretLister
}

Lister holds the object lister

type SecretLister

type SecretLister struct {
	cache.Store
}

SecretLister is a store used to list secrets

func (*SecretLister) GetWithKey

func (sl *SecretLister) GetWithKey(key string) (*corev1.Secret, error)

GetWithKey returns secret with key from the informer cache

type Store

type Store interface {
	// GetNodePublishSecretRefSecret returns the NodePublishSecretRef secret matching name and namespace
	GetNodePublishSecretRefSecret(name, namespace string) (*corev1.Secret, error)
	// Run initializes and runs the informers
	Run(stopCh <-chan struct{}) error
}

Store for secrets with label 'secrets-store.csi.k8s.io/used'

func New

func New(kubeClient kubernetes.Interface, resyncPeriod time.Duration) (Store, error)

New returns store.Store for NodePublishSecretRefSecret

type TokenClient added in v1.1.0

type TokenClient struct {
	// contains filtered or unexported fields
}

TokenClient is a client for Kubernetes Token API

func NewTokenClient added in v1.1.0

func NewTokenClient(kubeClient kubernetes.Interface, driverName string, resyncPeriod time.Duration) *TokenClient

NewTokenClient creates a new TokenClient The client will be used to request a token for token requests configured in the CSIDriver.

func (*TokenClient) DeleteServiceAccountToken added in v1.1.0

func (c *TokenClient) DeleteServiceAccountToken(podUID types.UID)

DeleteServiceAccountToken should be invoked when pod got deleted. It simply clean token manager cache.

func (*TokenClient) GetServiceAccountToken added in v1.1.0

func (c *TokenClient) GetServiceAccountToken(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)

GetServiceAccountToken gets a service account token for a pod from cache or from the TokenRequest API. This process is as follows: * Check the cache for the current token request. * If the token exists and does not require a refresh, return the current token. * Attempt to refresh the token. * If the token is refreshed successfully, save it in the cache and return the token. * If refresh fails and the old token is still valid, log an error and return the old token. * If refresh fails and the old token is no longer valid, return an error

func (*TokenClient) PodServiceAccountTokenAttrs added in v1.1.0

func (c *TokenClient) PodServiceAccountTokenAttrs(namespace, podName, serviceAccountName string, podUID types.UID) (map[string]string, error)

PodServiceAccountTokenAttrs returns the token for the pod service account that can be bound to the pod. This token will be sent to the providers and is of the format:

"csi.storage.k8s.io/serviceAccount.tokens": {
  <audience>: {
    'token': <token>,
    'expirationTimestamp': <expiration timestamp in RFC3339 format>,
  },
  ...
}

ref: https://kubernetes-csi.github.io/docs/token-requests.html#usage

func (*TokenClient) Run added in v1.1.0

func (c *TokenClient) Run(stopCh <-chan struct{}) error

Run initiates the sync of the informers and caches

Directories

Path Synopsis
Package token implements a manager of serviceaccount tokens for pods running on the node.
Package token implements a manager of serviceaccount tokens for pods running on the node.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL