class Kubernetes::TokenFileWatcher

Overview

Watches a token file for changes using inotify (Linux only). Caches the token in memory and reloads it when Kubernetes rotates the projected service account token.

Kubernetes uses an atomic symlink swap for token rotation:

  1. Creates new timestamped directory with updated token
  2. Uses MOVED_TO to swap ..data symlink to new directory
  3. Deletes old directory

We watch the parent directory for MOVED_TO events on ..data to catch rotation.

Defined in:

token_file_watcher.cr

Constructors

Instance Method Summary

Constructor Detail

def self.new(token_file : Path, log : Log = Log.for("kubernetes.token_watcher")) #

[View source]

Instance Method Detail

def close : Nil #

[View source]
def closed? : Bool #

[View source]
def token : String #

[View source]