in pkg/sidecar_mounter/sidecar_mounter.go [351:402]
func StartTokenServer(ctx context.Context, tokenURLSocketPath string, identityProvider string) {
// Create a unix domain socket and listen for incoming connections.
tokenSocketListener, err := net.Listen("unix", tokenURLSocketPath)
if err != nil {
klog.Errorf("failed to create socket %q: %v", tokenURLSocketPath, err)
return
}
klog.Infof("created a listener using the socket path %s", tokenURLSocketPath)
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, _ *http.Request) {
ctx, cancel := context.WithCancel(ctx)
defer cancel()
k8stoken, err := getK8sTokenFromFile(webhook.SidecarContainerSATokenVolumeMountPath + "/" + webhook.K8STokenPath)
var stsToken *oauth2.Token
if err != nil {
klog.Errorf("failed to get k8s token from path %v", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
stsToken, err = fetchIdentityBindingToken(ctx, k8stoken, identityProvider)
if err != nil {
klog.Errorf("failed to get sts token from path %v", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
// Marshal the oauth2.Token object to JSON
jsonToken, err := json.Marshal(stsToken)
if err != nil {
klog.Errorf("failed to marshal token to JSON: %v", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, string(jsonToken))
})
server := http.Server{
Handler: mux,
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
}
if err := server.Serve(tokenSocketListener); !errors.Is(err, http.ErrServerClosed) {
klog.Errorf("Server for %q returns unexpected error: %v", tokenURLSocketPath, err)
}
}