View Source K8s.Conn.Auth.ServiceAccountWorker (k8s v2.6.1)

A GenServer that reads a service account token from a file and refreshes it

This looks like total overkill. However service account tokens are often network mounts that are not immediately available. They refresh all the time and prone to errors. This does its best to keep the token fresh and available.

After the token is read, it is stored in the state of the GenServer meaning one read per token lifetime needs to succeed..

After the token is read, a timer is set to refresh the token. That refresh is jittered and opoprtunistic. We don't return known expired tokens, but we don't wait until the token is expired to refresh it. If there's an error we will schedule a refresh for hopefuly before the token stops working.

Summary

Functions

Returns a specification to start this module under a supervisor.

Functions

Returns a specification to start this module under a supervisor.

See Supervisor.

@spec get_token(GenServer.server()) :: {:ok, binary()} | {:error, any()}
@spec start_link(any()) :: :ignore | {:error, any()} | {:ok, pid()}
@spec via_tuple(any()) ::
  {:via, Registry,
   {K8s.Conn.Auth.Registry, {K8s.Conn.Auth.ServiceAccountWorker, any()}}}