Documentation
¶
Overview ¶
Copyright 2019, Verizon Media Inc. Licensed under the terms of the 3-Clause BSD license. See LICENSE file in github.com/yahoo/k8s-athenz-istio-auth for terms.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
func NewController ¶
func NewController(dnsSuffix string, istioClient *crd.Client, k8sClient kubernetes.Interface, adClient adClientset.Interface, istioClientSet versioned.Interface, adResyncInterval, crcResyncInterval, apResyncInterval time.Duration, enableOriginJwtSubject bool, enableAuthzPolicyController bool, componentsEnabledAuthzPolicy *common.ComponentEnabled, combinationPolicyTag string) *Controller
NewController is responsible for creating the main controller object and initializing all of its dependencies:
- Rate limiting queue
- Istio custom resource config store cache for service role, service role bindings, and cluster rbac config
- Onboarding controller responsible for creating / updating / deleting the cluster rbac config object based on a service label
- Service shared index informer
- Athenz Domain shared index informer
- Authorization Policy controller responsible for creating / updating / deleting the authorization policy object based on service annotation and athenz domain spec
func (*Controller) Run ¶
func (c *Controller) Run(stopCh <-chan struct{})
Run starts the main controller loop running sync at every poll interval. It also starts the following controller dependencies: 1. Service informer 2. Istio custom resource informer 3. Athenz Domain informer
Source Files
Click to show internal directories.
Click to hide internal directories.