Documentation
¶
Index ¶
- Constants
- Variables
- func GetUnstructuredObjectFromGVK(gvk schema.GroupVersionKind) (*unstructured.Unstructured, error)
- func SetupAllControllers(log logr.Logger, mgr manager.Manager, teleportClient *client.Client, ...) error
- type DeleteExternal
- type Reconciler
- func NewAccessListReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewGithubConnectorReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewLoginRuleReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewOIDCConnectorReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewOktaImportRuleReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewProvisionTokenReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewRoleReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewRoleV6Reconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewRoleV7Reconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewSAMLConnectorReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- func NewUserReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
- type ResourceBaseReconciler
- type TeleportExistingResourceMutator
- type TeleportKubernetesResource
- type TeleportResource
- type TeleportResourceClient
- type TeleportResourceMutator
- type TeleportResourceReconciler
- func (r TeleportResourceReconciler[T, K]) Delete(ctx context.Context, obj kclient.Object) error
- func (r TeleportResourceReconciler[T, K]) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r TeleportResourceReconciler[T, K]) SetupWithManager(mgr ctrl.Manager) error
- func (r TeleportResourceReconciler[T, K]) Upsert(ctx context.Context, obj kclient.Object) error
- type UpsertExternal
Constants ¶
const ( // DeletionFinalizer is a name of finalizer added to resource's 'finalizers' field // for tracking deletion events. DeletionFinalizer = "resources.teleport.dev/deletion" // AnnotationFlagIgnore is the Kubernetes annotation containing the "ignore" flag. // When set to true, the operator will not reconcile the CR. AnnotationFlagIgnore = "teleport.dev/ignore" // AnnotationFlagKeep is the Kubernetes annotation containing the "keep" flag. // When set to true, the operator will not delete the Teleport resource if the // CR is deleted. AnnotationFlagKeep = "teleport.dev/keep" )
const ( ConditionReasonFailedToDecode = "FailedToDecode" ConditionReasonOriginLabelNotMatching = "OriginLabelNotMatching" ConditionReasonOriginLabelMatching = "OriginLabelMatching" ConditionReasonNewResource = "NewResource" ConditionReasonNoError = "NoError" ConditionReasonTeleportError = "TeleportError" ConditionReasonTeleportClientError = "TeleportClientError" ConditionTypeTeleportResourceOwned = "TeleportResourceOwned" ConditionTypeSuccessfullyReconciled = "SuccessfullyReconciled" ConditionTypeValidStructure = "ValidStructure" ConditionTypeTeleportClient = "TeleportClient" )
Variables ¶
var Scheme = runtime.NewScheme()
Scheme is a singleton scheme for all controllers
Functions ¶
func GetUnstructuredObjectFromGVK ¶
func GetUnstructuredObjectFromGVK(gvk schema.GroupVersionKind) (*unstructured.Unstructured, error)
GetUnstructuredObjectFromGVK creates a new empty unstructured object with the given Group Version and Kind.
Types ¶
type Reconciler ¶
type Reconciler interface {
reconcile.Reconciler
SetupWithManager(mgr manager.Manager) error
}
Reconciler extends the reconcile.Reconciler interface by adding a SetupWithManager function that creates a controller in the given manager.
func NewAccessListReconciler ¶
NewAccessListReconciler instantiates a new Kubernetes controller reconciling access_list resources
func NewGithubConnectorReconciler ¶
func NewGithubConnectorReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)
NewGithubConnectorReconciler instantiates a new Kubernetes controller reconciling github_connector resources
func NewLoginRuleReconciler ¶
NewLoginRuleReconciler instantiates a new Kubernetes controller reconciling login_rule resources
func NewOIDCConnectorReconciler ¶
NewOIDCConnectorReconciler instantiates a new Kubernetes controller reconciling oidc_connector resources
func NewOktaImportRuleReconciler ¶
NewOktaImportRuleReconciler instantiates a new Kubernetes controller reconciling okta_import_rule resources
func NewProvisionTokenReconciler ¶
NewProvisionTokenReconciler instantiates a new Kubernetes controller reconciling provision token resources
func NewRoleReconciler ¶
NewRoleReconciler instantiates a new Kubernetes controller reconciling legacy role v5 resources
func NewRoleV6Reconciler ¶
NewRoleV6Reconciler instantiates a new Kubernetes controller reconciling role v6 resources
func NewRoleV7Reconciler ¶
NewRoleV7Reconciler instantiates a new Kubernetes controller reconciling role v7 resources
func NewSAMLConnectorReconciler ¶
NewSAMLConnectorReconciler instantiates a new Kubernetes controller reconciling saml_connector resources
func NewUserReconciler ¶
NewUserReconciler instantiates a new Kubernetes controller reconciling user resources
type ResourceBaseReconciler ¶
type ResourceBaseReconciler struct {
kclient.Client
DeleteExternal DeleteExternal
UpsertExternal UpsertExternal
}
func (ResourceBaseReconciler) Do ¶
func (r ResourceBaseReconciler) Do(ctx context.Context, req ctrl.Request, obj kclient.Object) (ctrl.Result, error)
Do will receive an update request and reconcile the resource.
When an event arrives we must propagate that change into the Teleport cluster. We have two types of events: update/create and delete.
For creating/updating we check if the resource exists in Teleport - if it does, we update it - otherwise we create it Always using the state of the resource in the cluster as the source of truth.
For deleting, the recommendation is to use finalizers. Finalizers allow us to map an external resource to a kubernetes resource. So, when we create or update a resource, we add our own finalizer to the kubernetes resource list of finalizers.
For a delete event which has our finalizer: the resource is deleted in Teleport. If it doesn't have the finalizer, we do nothing.
----
Every time we update a resource in Kubernetes (adding finalizers or the OriginLabel), we end the reconciliation process. Afterwards, we receive the request again and we progress to the next step. This allow us to progress with smaller changes and avoid a long-running reconciliation.
type TeleportExistingResourceMutator ¶
type TeleportExistingResourceMutator[T TeleportResource] interface { MutateExisting(new, existing T) }
TeleportExistingResourceMutator can be implemented by TeleportResourceClients to edit a resource before its update based on the existing one.
type TeleportKubernetesResource ¶
type TeleportKubernetesResource[T TeleportResource] interface { kclient.Object ToTeleport() T StatusConditions() *[]v1.Condition }
TeleportKubernetesResource is a Kubernetes resource representing a Teleport resource
type TeleportResource ¶
type TeleportResourceClient ¶
type TeleportResourceClient[T TeleportResource] interface { Get(context.Context, string) (T, error) Create(context.Context, T) error Update(context.Context, T) error Delete(context.Context, string) error }
TeleportResourceClient is a CRUD client for a specific Teleport resource. Implementing this interface allows to be reconciled by the TeleportResourceReconciler instead of writing a new specific reconciliation loop. TeleportResourceClient implementations can optionally implement TeleportResourceMutator
type TeleportResourceMutator ¶
type TeleportResourceMutator[T TeleportResource] interface { Mutate(new T) }
TeleportResourceMutator can be implemented by TeleportResourceClients to edit a resource before its creation/update.
type TeleportResourceReconciler ¶
type TeleportResourceReconciler[T TeleportResource, K TeleportKubernetesResource[T]] struct { ResourceBaseReconciler // contains filtered or unexported fields }
TeleportResourceReconciler is a Teleport generic reconciler. It reconciles TeleportKubernetesResource with Teleport's types.ResourceWithOrigin
func NewTeleportResourceReconciler ¶
func NewTeleportResourceReconciler[T TeleportResource, K TeleportKubernetesResource[T]]( client kclient.Client, resourceClient TeleportResourceClient[T], ) (*TeleportResourceReconciler[T, K], error)
NewTeleportResourceReconciler instanciates a TeleportResourceReconciler from a TeleportResourceClient.
func (TeleportResourceReconciler[T, K]) Delete ¶
Delete is the TeleportResourceReconciler of the ResourceBaseReconciler DeleteExertal
func (TeleportResourceReconciler[T, K]) Reconcile ¶
func (r TeleportResourceReconciler[T, K]) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconcile allows the TeleportResourceReconciler to implement the reconcile.Reconciler interface
func (TeleportResourceReconciler[T, K]) SetupWithManager ¶
func (r TeleportResourceReconciler[T, K]) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager have a controllerruntime.Manager run the TeleportResourceReconciler
func (TeleportResourceReconciler[T, K]) Upsert ¶
Upsert is the TeleportResourceReconciler of the ResourceBaseReconciler UpsertExternal It contains the logic to check if the resource already exists, if it is owned by the operator and what to do to reconcile the Teleport resource based on the Kubernetes one.
Source Files
¶
- accesslist_controller.go
- base_reconciler.go
- github_connector_controller.go
- global.go
- login_rule_controller.go
- oidc_connector_controller.go
- okta_import_rule_controller.go
- provision_token_controller.go
- rolevX_controller.go
- saml_connector_controller.go
- teleport_reconciler.go
- user_controller.go
- utils.go
Directories