controllers

package
v1.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2022 License: MIT Imports: 37 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ClusterwideNetworkPolicyReconciler 

type ClusterwideNetworkPolicyReconciler struct {
	client.Client
	// contains filtered or unexported fields
}

ClusterwideNetworkPolicyReconciler reconciles a ClusterwideNetworkPolicy object +kubebuilder:rbac:groups=metal-stack.io,resources=events,verbs=create;patch

func NewClusterwideNetworkPolicyReconciler added in v1.2.0 

func NewClusterwideNetworkPolicyReconciler(mgr ctrl.Manager) *ClusterwideNetworkPolicyReconciler

func (*ClusterwideNetworkPolicyReconciler) Reconcile 

func (r *ClusterwideNetworkPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile ClusterwideNetworkPolicy and creates nftables rules accordingly +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies/status,verbs=get;update;patch

func (*ClusterwideNetworkPolicyReconciler) SetupWithManager 

func (r *ClusterwideNetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configures this controller to run in schedule

type ClusterwideNetworkPolicyValidationReconciler added in v1.2.0 

type ClusterwideNetworkPolicyValidationReconciler struct {
	client.Client
	Log    logr.Logger
	Scheme *runtime.Scheme
	// contains filtered or unexported fields
}

ClusterwideNetworkPolicyValidationReconciler validates a ClusterwideNetworkPolicy object +kubebuilder:rbac:groups=metal-stack.io,resources=events,verbs=create;patch

func (*ClusterwideNetworkPolicyValidationReconciler) Reconcile added in v1.2.0 

func (r *ClusterwideNetworkPolicyValidationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Validates ClusterwideNetworkPolicy object +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies/status,verbs=get;update;patch

func (*ClusterwideNetworkPolicyValidationReconciler) SetupWithManager added in v1.2.0 

func (r *ClusterwideNetworkPolicyValidationReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configures this controller to watch for ClusterwideNetworkPolicy CRD

type CreateFirewall added in v1.2.0 

type CreateFirewall = func(
	firewall firewallv1.Firewall,
	cwnps *firewallv1.ClusterwideNetworkPolicyList,
	svcs *corev1.ServiceList,
	cache nftables.FQDNCache,
	log logr.Logger,
) FirewallInterface

type DroptailerReconciler 

type DroptailerReconciler struct {
	client.Client
	Log       logr.Logger
	Scheme    *runtime.Scheme
	HostsFile string
	// contains filtered or unexported fields
}

DroptailerReconciler reconciles a Droptailer object

func (*DroptailerReconciler) Reconcile 

func (r *DroptailerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile droptailer with certificate and droptailer-server ip from pod inspection +kubebuilder:rbac:groups=metal-stack.io,resources=Droptailers,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=Droptailers/status,verbs=get;update;patch

func (*DroptailerReconciler) SetupWithManager 

func (r *DroptailerReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configure this controller with required defaults

type FirewallInterface added in v1.2.0 

type FirewallInterface interface {
	Reconcile() (bool, error)
	ReconcileNetconfTables() error
	Flush() error
}

func NewFirewall added in v1.2.0 

func NewFirewall(
	firewall firewallv1.Firewall,
	cwnps *firewallv1.ClusterwideNetworkPolicyList,
	svcs *corev1.ServiceList,
	cache nftables.FQDNCache,
	log logr.Logger,
) FirewallInterface

type FirewallReconciler 

type FirewallReconciler struct {
	client.Client

	Log                  logr.Logger
	Scheme               *runtime.Scheme
	EnableIDS            bool
	EnableSignatureCheck bool
	CAPubKey             *rsa.PublicKey
	// contains filtered or unexported fields
}

FirewallReconciler reconciles a Firewall object

func (*FirewallReconciler) Reconcile 

func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile reconciles a firewall by: - reading Services of type Loadbalancer - rendering nftables rules - updating the firewall object with nftable rule statistics grouped by action +kubebuilder:rbac:groups=metal-stack.io,resources=firewalls,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=firewalls/status,verbs=get;update;patch

func (*FirewallReconciler) SetupWithManager 

func (r *FirewallReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configures this controller to watch for the CRDs in a specific namespace

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.