serviceaccount

package

v1.6.5 Latest Latest Go to latest Published: Jun 14, 2017 License: Apache-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chhsia0/kubernetes

Documentation ¶

Overview ¶

Package serviceaccount provides implementations to manage service accounts and service account tokens

Index ¶

Variables
func NewGetterFromClient(c clientset.Interface) serviceaccount.ServiceAccountTokenGetter
func NewGetterFromRegistries(serviceAccounts serviceaccountregistry.Registry, secrets secret.Registry) serviceaccount.ServiceAccountTokenGetter
func NewGetterFromStorageInterface(config *storagebackend.Config, saPrefix, secretPrefix string) serviceaccount.ServiceAccountTokenGetter
type ServiceAccountsController
- func NewServiceAccountsController(saInformer coreinformers.ServiceAccountInformer, ...) *ServiceAccountsController
- func (c *ServiceAccountsController) Run(workers int, stopCh <-chan struct{})
type ServiceAccountsControllerOptions
- func DefaultServiceAccountsControllerOptions() ServiceAccountsControllerOptions
type TokensController
- func NewTokensController(cl clientset.Interface, options TokensControllerOptions) *TokensController
- func (e *TokensController) Run(workers int, stopCh <-chan struct{})
type TokensControllerOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var RemoveTokenBackoff = wait.Backoff{
	Steps:    10,
	Duration: 100 * time.Millisecond,
	Jitter:   1.0,
}

RemoveTokenBackoff is the recommended (empirical) retry interval for removing a secret reference from a service account when the secret is deleted. It is exported for use by custom secret controllers.

Functions ¶

func NewGetterFromClient ¶

func NewGetterFromClient(c clientset.Interface) serviceaccount.ServiceAccountTokenGetter

NewGetterFromClient returns a ServiceAccountTokenGetter that uses the specified client to retrieve service accounts and secrets. The client should NOT authenticate using a service account token the returned getter will be used to retrieve, or recursion will result.

func NewGetterFromRegistries ¶

func NewGetterFromRegistries(serviceAccounts serviceaccountregistry.Registry, secrets secret.Registry) serviceaccount.ServiceAccountTokenGetter

NewGetterFromRegistries returns a ServiceAccountTokenGetter that uses the specified registries to retrieve service accounts and secrets.

func NewGetterFromStorageInterface ¶

func NewGetterFromStorageInterface(config *storagebackend.Config, saPrefix, secretPrefix string) serviceaccount.ServiceAccountTokenGetter

NewGetterFromStorageInterface returns a ServiceAccountTokenGetter that uses the specified storage to retrieve service accounts and secrets.

Types ¶

type ServiceAccountsController ¶

type ServiceAccountsController struct {
	// contains filtered or unexported fields
}

ServiceAccountsController manages ServiceAccount objects inside Namespaces

func NewServiceAccountsController ¶

func NewServiceAccountsController(saInformer coreinformers.ServiceAccountInformer, nsInformer coreinformers.NamespaceInformer, cl clientset.Interface, options ServiceAccountsControllerOptions) *ServiceAccountsController

NewServiceAccountsController returns a new *ServiceAccountsController.

func (*ServiceAccountsController) Run ¶

func (c *ServiceAccountsController) Run(workers int, stopCh <-chan struct{})

type ServiceAccountsControllerOptions ¶

type ServiceAccountsControllerOptions struct {
	// ServiceAccounts is the list of service accounts to ensure exist in every namespace
	ServiceAccounts []v1.ServiceAccount

	// ServiceAccountResync is the interval between full resyncs of ServiceAccounts.
	// If non-zero, all service accounts will be re-listed this often.
	// Otherwise, re-list will be delayed as long as possible (until the watch is closed or times out).
	ServiceAccountResync time.Duration

	// NamespaceResync is the interval between full resyncs of Namespaces.
	// If non-zero, all namespaces will be re-listed this often.
	// Otherwise, re-list will be delayed as long as possible (until the watch is closed or times out).
	NamespaceResync time.Duration
}

ServiceAccountsControllerOptions contains options for running a ServiceAccountsController

func DefaultServiceAccountsControllerOptions ¶

func DefaultServiceAccountsControllerOptions() ServiceAccountsControllerOptions

type TokensController ¶

type TokensController struct {
	// contains filtered or unexported fields
}

TokensController manages ServiceAccountToken secrets for ServiceAccount objects

func NewTokensController ¶

func NewTokensController(cl clientset.Interface, options TokensControllerOptions) *TokensController

NewTokensController returns a new *TokensController.

func (*TokensController) Run ¶

func (e *TokensController) Run(workers int, stopCh <-chan struct{})

Runs controller blocks until stopCh is closed

type TokensControllerOptions ¶

type TokensControllerOptions struct {
	// TokenGenerator is the generator to use to create new tokens
	TokenGenerator serviceaccount.TokenGenerator
	// ServiceAccountResync is the time.Duration at which to fully re-list service accounts.
	// If zero, re-list will be delayed as long as possible
	ServiceAccountResync time.Duration
	// SecretResync is the time.Duration at which to fully re-list secrets.
	// If zero, re-list will be delayed as long as possible
	SecretResync time.Duration
	// This CA will be added in the secrets of service accounts
	RootCA []byte

	// MaxRetries controls the maximum number of times a particular key is retried before giving up
	// If zero, a default max is used
	MaxRetries int
}

TokensControllerOptions contains options for the TokensController

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL