controller

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	LabelNamespacePermissionControl = "ns.tagesspiegel.de/permission-control"
	LabelManagedBy                  = "app.kubernetes.io/managed-by"
	LabelNamespaceName              = "ns.tagesspiegel.de/source-namespace"

	AnnotationNamespaceRoleBindingSubjects = "ns.tagesspiegel.de/rolebinding-subjects"
	AnnotationNamespaceRoleBindingRoleRef  = "ns.tagesspiegel.de/rolebinding-roleref"
	AnnotationNamespaceCustomRoleRules     = "ns.tagesspiegel.de/custom-role-rules"
)
View Source 
const (
	KeyKind          = "kind"
	KeyAPIGroup      = "apiGroup"
	KeyName          = "name"
	KeyNamespace     = "namespace"
	KeyVerbs         = "verbs"
	KeyAPIGroups     = "apiGroups"
	KeyResources     = "resources"
	KeyResourceNames = "resourceNames"
)

Variables

View Source 
var (
	ErrInvalidKeyInRole       = errors.New("invalid key in role")
	ErrInvalidKeyInRoleRef    = errors.New("invalid key in role ref")
	ErrInvalidKeyInCustomRole = errors.New("invalid key in custom role")
)

Functions

func ParseCustomRole 

func ParseCustomRole(str string) ([]rbacv1.PolicyRule, error)

ParseCustomRole parses a string of custom role rules into a slice of policy rules

Example: 

rules, err := ParseCustomRole("verbs=get,list;apiGroups=apps,extensions;resources=deployments,replicasets::verbs=get,watch;apiGroups=;resources=pods")
if err != nil {
	// handle error
}
fmt.Println(rules) // [{Verbs:[get list] APIGroups:[apps extensions] Resources:[deployments replicasets]} {Verbs:[get watch] APIGroups:[] Resources:[pods]}]

func ParseRoleBindingRoleRef 

func ParseRoleBindingRoleRef(str string) (rbacv1.RoleRef, error)

ParseRoleBindingRoleRef parses a string of role binding role ref into a role ref

Example: 

roleRef, err := ParseRoleBindingRoleRef("kind:Role;apiGroup:rbac.authorization.k8s.io;name:my-role")
if err != nil {
	// handle error
}
fmt.Println(roleRef) // {APIGroup:rbac.authorization.k8s.io Kind:Role Name:my-role}

func ParseRoleBindingSubjects 

func ParseRoleBindingSubjects(rulesStr string) ([]rbacv1.Subject, error)

ParseRoleBindingSubjects parses a string of role binding subjects into a slice of subjects

Example: 

rules, err := ParseRoleBindingSubjects("kind=ServiceAccount;name=foo;namespace=bar,kind=ServiceAccount;name=foo2;namespace=bar2")
if err != nil {
	// handle error
}
fmt.Println(rules) // [{Kind:ServiceAccount Name:foo Namespace:bar} {Kind:ServiceAccount Name:foo2 Namespace:bar2}]

Types

type LabelChecker 

type LabelChecker struct {
	ExpectedLabel string
}

func (*LabelChecker) Create 

func (l *LabelChecker) Create(e event.CreateEvent) bool

func (*LabelChecker) Delete 

func (l *LabelChecker) Delete(e event.DeleteEvent) bool

func (*LabelChecker) Generic 

func (l *LabelChecker) Generic(e event.GenericEvent) bool

func (*LabelChecker) Update 

func (l *LabelChecker) Update(e event.UpdateEvent) bool

type NamespaceReconciler 

type NamespaceReconciler struct {
	client.Client
	Scheme *runtime.Scheme
}

NamespaceReconciler reconciles a Namespace object

func (*NamespaceReconciler) Reconcile 

func (r *NamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state.

func (*NamespaceReconciler) SetupWithManager 

func (r *NamespaceReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.