README
¶
Synchronization
Purpose
- monitor activity in Service Central: new and updated services
- ensure a ConfigMap with the SSAM access level for a service exists
- where/when a service's Namespace exists, ensure it contains an appropriate ConfigMap containing metadata about the service
- monitor activity in Release Manager (Deployinator): new and updated releases
- where/when a service's Namespace exists, ensure it contains an appropriate ConfigMap containing metadata about its releases
- where/when a service's Namespace exists, ensure it contains a Kubecompute docker secret
- where/when a service's Namespace exists, ensure the namespace has the Kube2iam allowed roles annotation
Approach
- each instance of Synchronization will poll, retrieving a list of all services from Service Central at regular intervals
- immediately process the list, creating/updating a ConfigMap containing the SSAM access level for the service appropriate for the environment
- immediately process the list, creating/updating ConfigMaps in Namespaces that exist as appropriate
- each instance of Synchronization will poll, retrieving a list of all known namespaces at regular intervals
- immediately process the list, creating/updating ConfigMaps in Namespaces that exist as appropriate
- immediately process the list, creating/updating a secret in the namespace with the Kubecompute docker secret
- immediately process the list, adding/updating the service namespace with the Kube2iam allowed roles annotation
Documentation
¶
Index ¶
Constants ¶
View Source
const (
NamespaceByServiceLabelIndexName = "nsByServiceLabelIndex"
)
Variables ¶
This section is empty.
Functions ¶
func ByLabelAndService ¶
func ByLabelAndService(serviceName voyager.ServiceName, label voyager.Label) string
func NsServiceLabelIndexFunc ¶
Types ¶
type Controller ¶
type Controller struct {
Logger *zap.Logger
ReadyForWork func()
MainClient kubernetes.Interface
CompClient compClient.Interface
NamespaceInformer cache.SharedIndexInformer
ConfigMapInformer cache.SharedIndexInformer
ServiceCentral ServiceMetadataStore
ReleaseManagement releases.ReleaseManagementStore
ClusterLocation voyager.ClusterLocation
RoleBindingUpdater updater.ObjectUpdater
ConfigMapUpdater updater.ObjectUpdater
NamespaceUpdater updater.ObjectUpdater
ClusterRoleUpdater updater.ObjectUpdater
ClusterRoleBindingUpdater updater.ObjectUpdater
ServiceCentralPollErrorCounter prometheus.Counter
AccessUpdateErrorCounter *prometheus.CounterVec
AllowMutateServices bool
LastFetchedAllServices *time.Time
LastFetchedModifiedServices *time.Time
LastFetchedAllReleases *time.Time
NextFetchAllReleasesStart *time.Time
}
func (*Controller) Process ¶
func (c *Controller) Process(ctx *ctrl.ProcessContext) (bool, bool, error)
Process will handle any changes to namespaces and ensure we have a ConfigMap with the appropriate data in place. It also ensures that roles and rolebindings are created for build authentication.
func (*Controller) Run ¶
func (c *Controller) Run(ctx context.Context)
type ServiceMetadataStore ¶
type ServiceMetadataStore interface {
GetService(ctx context.Context, user auth.OptionalUser, name servicecentral.ServiceName) (*creator_v1.Service, error)
ListServices(ctx context.Context, user auth.OptionalUser) ([]creator_v1.Service, error)
ListModifiedServices(ctx context.Context, user auth.OptionalUser, modifiedSince time.Time) ([]creator_v1.Service, error)
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.