Documentation
¶
Index ¶
- type Informer
- type Lister
- type SecretLister
- type Store
- type TokenClient
- func (c *TokenClient) DeleteServiceAccountToken(podUID types.UID)
- func (c *TokenClient) GetServiceAccountToken(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)
- func (c *TokenClient) PodServiceAccountTokenAttrs(namespace, podName, serviceAccountName string, podUID types.UID) (map[string]string, error)
- func (c *TokenClient) Run(stopCh <-chan struct{}) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Informer ¶
type Informer struct {
NodePublishSecretRefSecret cache.SharedIndexInformer
}
Informer holds the shared index informers
type Lister ¶
type Lister struct {
NodePublishSecretRefSecret SecretLister
}
Lister holds the object lister
type SecretLister ¶
SecretLister is a store used to list secrets
func (*SecretLister) GetWithKey ¶
func (sl *SecretLister) GetWithKey(key string) (*corev1.Secret, error)
GetWithKey returns secret with key from the informer cache
type Store ¶
type Store interface {
// GetNodePublishSecretRefSecret returns the NodePublishSecretRef secret matching name and namespace
GetNodePublishSecretRefSecret(name, namespace string) (*corev1.Secret, error)
// Run initializes and runs the informers
Run(stopCh <-chan struct{}) error
}
Store for secrets with label 'secrets-store.csi.k8s.io/used'
type TokenClient ¶ added in v1.1.0
type TokenClient struct {
// contains filtered or unexported fields
}
TokenClient is a client for Kubernetes Token API
func NewTokenClient ¶ added in v1.1.0
func NewTokenClient(kubeClient kubernetes.Interface, driverName string, resyncPeriod time.Duration) *TokenClient
NewTokenClient creates a new TokenClient The client will be used to request a token for token requests configured in the CSIDriver.
func (*TokenClient) DeleteServiceAccountToken ¶ added in v1.1.0
func (c *TokenClient) DeleteServiceAccountToken(podUID types.UID)
DeleteServiceAccountToken should be invoked when pod got deleted. It simply clean token manager cache.
func (*TokenClient) GetServiceAccountToken ¶ added in v1.1.0
func (c *TokenClient) GetServiceAccountToken(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)
GetServiceAccountToken gets a service account token for a pod from cache or from the TokenRequest API. This process is as follows: * Check the cache for the current token request. * If the token exists and does not require a refresh, return the current token. * Attempt to refresh the token. * If the token is refreshed successfully, save it in the cache and return the token. * If refresh fails and the old token is still valid, log an error and return the old token. * If refresh fails and the old token is no longer valid, return an error
func (*TokenClient) PodServiceAccountTokenAttrs ¶ added in v1.1.0
func (c *TokenClient) PodServiceAccountTokenAttrs(namespace, podName, serviceAccountName string, podUID types.UID) (map[string]string, error)
PodServiceAccountTokenAttrs returns the token for the pod service account that can be bound to the pod. This token will be sent to the providers and is of the format:
"csi.storage.k8s.io/serviceAccount.tokens": {
<audience>: {
'token': <token>,
'expirationTimestamp': <expiration timestamp in RFC3339 format>,
},
...
}
ref: https://kubernetes-csi.github.io/docs/token-requests.html#usage
func (*TokenClient) Run ¶ added in v1.1.0
func (c *TokenClient) Run(stopCh <-chan struct{}) error
Run initiates the sync of the informers and caches
Source Files