kubernetes/pkg/kubelet/token/token_manager.go

const maxTTL

const gcPeriod

const maxJitter

// NewManager returns a new token manager.
func NewManager(c clientset.Interface) *Manager {}

type Manager

// GetServiceAccountToken gets a service account token for a pod from cache or
// from the TokenRequest API. This process is as follows:
// * Check the cache for the current token request.
// * If the token exists and does not require a refresh, return the current token.
// * Attempt to refresh the token.
// * If the token is refreshed successfully, save it in the cache and return the token.
// * If refresh fails and the old token is still valid, log an error and return the old token.
// * If refresh fails and the old token is no longer valid, return an error
func (m *Manager) GetServiceAccountToken(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) {}

// DeleteServiceAccountToken should be invoked when pod got deleted. It simply
// clean token manager cache.
func (m *Manager) DeleteServiceAccountToken(podUID types.UID) {}

func (m *Manager) cleanup() {}

func (m *Manager) get(key string) (*authenticationv1.TokenRequest, bool) {}

func (m *Manager) set(key string, tr *authenticationv1.TokenRequest) {}

func (m *Manager) expired(t *authenticationv1.TokenRequest) bool {}

// requiresRefresh returns true if the token is older than 80% of its total
// ttl, or if the token is older than 24 hours.
func (m *Manager) requiresRefresh(tr *authenticationv1.TokenRequest) bool {}

// keys should be nonconfidential and safe to log
func keyFunc(name, namespace string, tr *authenticationv1.TokenRequest) string {}