本文整理汇总了Golang中github.com/GoogleCloudPlatform/kubernetes/pkg/client.Interface.ServiceAccounts方法的典型用法代码示例。如果您正苦于以下问题:Golang Interface.ServiceAccounts方法的具体用法?Golang Interface.ServiceAccounts怎么用?Golang Interface.ServiceAccounts使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/GoogleCloudPlatform/kubernetes/pkg/client.Interface
的用法示例。
在下文中一共展示了Interface.ServiceAccounts方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: deleteServiceAccounts
func deleteServiceAccounts(kubeClient client.Interface, ns string) error {
items, err := kubeClient.ServiceAccounts(ns).List(labels.Everything(), fields.Everything())
if err != nil {
return err
}
for i := range items.Items {
err := kubeClient.ServiceAccounts(ns).Delete(items.Items[i].Name)
if err != nil && !errors.IsNotFound(err) {
return err
}
}
return nil
}
示例2: NewServiceAccount
// NewServiceAccount returns an admission.Interface implementation which limits admission of Pod CREATE requests based on the pod's ServiceAccount:
// 1. If the pod does not specify a ServiceAccount, it sets the pod's ServiceAccount to "default"
// 2. It ensures the ServiceAccount referenced by the pod exists
// 3. If LimitSecretReferences is true, it rejects the pod if the pod references Secret objects which the pod's ServiceAccount does not reference
// 4. If the pod does not contain any ImagePullSecrets, the ImagePullSecrets of the service account are added.
// 5. If MountServiceAccountToken is true, it adds a VolumeMount with the pod's ServiceAccount's api token secret to containers
func NewServiceAccount(cl client.Interface) *serviceAccount {
serviceAccountsIndexer, serviceAccountsReflector := cache.NewNamespaceKeyedIndexerAndReflector(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return cl.ServiceAccounts(api.NamespaceAll).List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return cl.ServiceAccounts(api.NamespaceAll).Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
},
&api.ServiceAccount{},
0,
)
tokenSelector := fields.SelectorFromSet(map[string]string{client.SecretType: string(api.SecretTypeServiceAccountToken)})
secretsIndexer, secretsReflector := cache.NewNamespaceKeyedIndexerAndReflector(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return cl.Secrets(api.NamespaceAll).List(labels.Everything(), tokenSelector)
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return cl.Secrets(api.NamespaceAll).Watch(labels.Everything(), tokenSelector, resourceVersion)
},
},
&api.Secret{},
0,
)
return &serviceAccount{
Handler: admission.NewHandler(admission.Create),
// TODO: enable this once we've swept secret usage to account for adding secret references to service accounts
LimitSecretReferences: false,
// Auto mount service account API token secrets
MountServiceAccountToken: true,
// Reject pod creation until a service account token is available
RequireAPIToken: true,
client: cl,
serviceAccounts: serviceAccountsIndexer,
serviceAccountsReflector: serviceAccountsReflector,
secrets: secretsIndexer,
secretsReflector: secretsReflector,
}
}
示例3: GetAllocatedID
func GetAllocatedID(kClient client.Interface, pod *api.Pod, annotation string) (*int64, error) {
if len(pod.Spec.ServiceAccountName) > 0 {
sa, err := kClient.ServiceAccounts(pod.Namespace).Get(pod.Spec.ServiceAccountName)
if err != nil {
return nil, err
}
sUID, ok := sa.Annotations[annotation]
if !ok {
return nil, fmt.Errorf("Unable to find annotation %s on service account %s", annotation, pod.Spec.ServiceAccountName)
}
return AnnotationToIntPtr(sUID)
} else {
ns, err := kClient.Namespaces().Get(pod.Namespace)
if err != nil {
return nil, err
}
sUID, ok := ns.Annotations[annotation]
if !ok {
return nil, fmt.Errorf("Unable to find annotation %s on namespace %s", annotation, pod.Namespace)
}
return AnnotationToIntPtr(sUID)
}
}