Back to godoc.org
k8s.io/kubernetes / pkg / controller / serviceaccount

package serviceaccount

v1.18.5
Latest Go to latest
Published: Jun 26, 2020 | License: Apache-2.0 | Module: k8s.io/kubernetes

Overview

Package serviceaccount provides implementations to manage service accounts and service account tokens

Index

Variables

var RemoveTokenBackoff = wait.Backoff{
	Steps:    10,
	Duration: 100 * time.Millisecond,
	Jitter:   1.0,
}

RemoveTokenBackoff is the recommended (empirical) retry interval for removing a secret reference from a service account when the secret is deleted. It is exported for use by custom secret controllers.

func NewGetterFromClient

func NewGetterFromClient(c clientset.Interface, secretLister v1listers.SecretLister, serviceAccountLister v1listers.ServiceAccountLister, podLister v1listers.PodLister) serviceaccount.ServiceAccountTokenGetter

NewGetterFromClient returns a ServiceAccountTokenGetter that uses the specified client to retrieve service accounts and secrets. The client should NOT authenticate using a service account token the returned getter will be used to retrieve, or recursion will result.

type ServiceAccountsController

type ServiceAccountsController struct {
	// contains filtered or unexported fields
}

ServiceAccountsController manages ServiceAccount objects inside Namespaces

func NewServiceAccountsController

func NewServiceAccountsController(saInformer coreinformers.ServiceAccountInformer, nsInformer coreinformers.NamespaceInformer, cl clientset.Interface, options ServiceAccountsControllerOptions) (*ServiceAccountsController, error)

NewServiceAccountsController returns a new *ServiceAccountsController.

func (*ServiceAccountsController) Run

func (c *ServiceAccountsController) Run(workers int, stopCh <-chan struct{})

Run runs the ServiceAccountsController blocks until receiving signal from stopCh.

type ServiceAccountsControllerOptions

type ServiceAccountsControllerOptions struct {
	// ServiceAccounts is the list of service accounts to ensure exist in every namespace
	ServiceAccounts []v1.ServiceAccount

	// ServiceAccountResync is the interval between full resyncs of ServiceAccounts.
	// If non-zero, all service accounts will be re-listed this often.
	// Otherwise, re-list will be delayed as long as possible (until the watch is closed or times out).
	ServiceAccountResync time.Duration

	// NamespaceResync is the interval between full resyncs of Namespaces.
	// If non-zero, all namespaces will be re-listed this often.
	// Otherwise, re-list will be delayed as long as possible (until the watch is closed or times out).
	NamespaceResync time.Duration
}

ServiceAccountsControllerOptions contains options for running a ServiceAccountsController

func DefaultServiceAccountsControllerOptions

func DefaultServiceAccountsControllerOptions() ServiceAccountsControllerOptions

DefaultServiceAccountsControllerOptions returns the default options for creating a ServiceAccountsController.

type TokensController

type TokensController struct {
	// contains filtered or unexported fields
}

TokensController manages ServiceAccountToken secrets for ServiceAccount objects

func NewTokensController

func NewTokensController(serviceAccounts informers.ServiceAccountInformer, secrets informers.SecretInformer, cl clientset.Interface, options TokensControllerOptions) (*TokensController, error)

NewTokensController returns a new *TokensController.

func (*TokensController) Run

func (e *TokensController) Run(workers int, stopCh <-chan struct{})

Run runs controller blocks until stopCh is closed

type TokensControllerOptions

type TokensControllerOptions struct {
	// TokenGenerator is the generator to use to create new tokens
	TokenGenerator serviceaccount.TokenGenerator
	// ServiceAccountResync is the time.Duration at which to fully re-list service accounts.
	// If zero, re-list will be delayed as long as possible
	ServiceAccountResync time.Duration
	// SecretResync is the time.Duration at which to fully re-list secrets.
	// If zero, re-list will be delayed as long as possible
	SecretResync time.Duration
	// This CA will be added in the secrets of service accounts
	RootCA []byte

	// MaxRetries controls the maximum number of times a particular key is retried before giving up
	// If zero, a default max is used
	MaxRetries int
}

TokensControllerOptions contains options for the TokensController

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier