View Source K8s.Conn.Auth.ServiceAccountWorker (k8s v2.6.1)

A GenServer that reads a service account token from a file and refreshes it

This looks like total overkill. However service account tokens are often network mounts that are not immediately available. They refresh all the time and prone to errors. This does its best to keep the token fresh and available.

After the token is read, it is stored in the state of the GenServer meaning one read per token lifetime needs to succeed..

After the token is read, a timer is set to refresh the token. That refresh is jittered and opoprtunistic. We don't return known expired tokens, but we don't wait until the token is expired to refresh it. If there's an error we will schedule a refresh for hopefuly before the token stops working.

Summary

Functions

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

get_token(target)
start_link(opts)
via_tuple(path)

Functions

Link to this function

child_spec(init_arg)

View Source

Returns a specification to start this module under a supervisor.

See Supervisor.

Link to this function

get_token(target)

View Source 
@spec get_token(GenServer.server()) :: {:ok, binary()} | {:error, any()}
Link to this function

start_link(opts)

View Source 
@spec start_link(any()) :: :ignore | {:error, any()} | {:ok, pid()}
Link to this function

via_tuple(path)

View Source 
@spec via_tuple(any()) ::
  {:via, Registry,
   {K8s.Conn.Auth.Registry, {K8s.Conn.Auth.ServiceAccountWorker, any()}}}