controllers

Documentation

Index

• Constants
• Variables
• type GatekeeperReconciler
  • func (r *GatekeeperReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
  • func (r *GatekeeperReconciler) SetupWithManager(mgr ctrl.Manager) error

Constants

const (
	GatekeeperImageEnvVar             = "RELATED_IMAGE_GATEKEEPER"
	NamespaceFile                     = "v1_namespace_gatekeeper-system.yaml"
	AssignCRDFile                     = "apiextensions.k8s.io_v1_customresourcedefinition_assign.mutations.gatekeeper.sh.yaml"
	AssignMetadataCRDFile             = "apiextensions.k8s.io_v1_customresourcedefinition_assignmetadata.mutations.gatekeeper.sh.yaml"
	MutatorPodStatusCRDFile           = "apiextensions.k8s.io_v1_customresourcedefinition_mutatorpodstatuses.status.gatekeeper.sh.yaml"
	AuditFile                         = "apps_v1_deployment_gatekeeper-audit.yaml"
	WebhookFile                       = "apps_v1_deployment_gatekeeper-controller-manager.yaml"
	ClusterRoleFile                   = "rbac.authorization.k8s.io_v1_clusterrole_gatekeeper-manager-role.yaml"
	ClusterRoleBindingFile            = "rbac.authorization.k8s.io_v1_clusterrolebinding_gatekeeper-manager-rolebinding.yaml"
	RoleFile                          = "rbac.authorization.k8s.io_v1_role_gatekeeper-manager-role.yaml"
	RoleBindingFile                   = "rbac.authorization.k8s.io_v1_rolebinding_gatekeeper-manager-rolebinding.yaml"
	ServerCertFile                    = "v1_secret_gatekeeper-webhook-server-cert.yaml"
	ValidatingWebhookConfiguration    = "admissionregistration.k8s.io_v1_validatingwebhookconfiguration_gatekeeper-validating-webhook-configuration.yaml"
	MutatingWebhookConfiguration      = "admissionregistration.k8s.io_v1_mutatingwebhookconfiguration_gatekeeper-mutating-webhook-configuration.yaml"
	ValidationGatekeeperWebhook       = "validation.gatekeeper.sh"
	CheckIgnoreLabelGatekeeperWebhook = "check-ignore-label.gatekeeper.sh"
	MutationGatekeeperWebhook         = "mutation.gatekeeper.sh"
	AuditDeploymentName               = "gatekeeper-audit"
	WebhookDeploymentName             = "gatekeeper-controller-manager"

	LogLevelArg                 = "--log-level"
	AuditIntervalArg            = "--audit-interval"
	ConstraintViolationLimitArg = "--constraint-violations-limit"
	AuditFromCacheArg           = "--audit-from-cache"
	AuditChunkSizeArg           = "--audit-chunk-size"
	EmitAuditEventsArg          = "--emit-audit-events"
	EmitAdmissionEventsArg      = "--emit-admission-events"
	ExemptNamespaceArg          = "--exempt-namespace"
	EnableMutationArg           = "--enable-mutation"
	OperationArg                = "--operation"
	OperationMutationStatus     = "mutation-status"
	DisabledBuiltinArg          = "--disable-opa-builtin"
)

Variables

var (
	MutatingCRDs = []string{
		AssignCRDFile,
		AssignMetadataCRDFile,
		MutatorPodStatusCRDFile,
	}
)

Types

type GatekeeperReconciler

type GatekeeperReconciler struct {
	client.Client
	Log          logr.Logger
	Scheme       *runtime.Scheme
	Namespace    string
	PlatformInfo platform.PlatformInfo
}

GatekeeperReconciler reconciles a Gatekeeper object

func (*GatekeeperReconciler) Reconcile

func (r *GatekeeperReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO(user): Modify the Reconcile function to compare the state specified by the Gatekeeper object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user.

For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.9.2/pkg/reconcile

func (*GatekeeperReconciler) SetupWithManager

func (r *GatekeeperReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.