utils

package
v0.0.0-...-e2e8ee5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// Controller Names
	ZeroTrustWorkloadIdentityManagerControllerName                           = "zero-trust-workload-identity-manager-controller"
	ZeroTrustWorkloadIdentityManagerSpireServerControllerName                = "zero-trust-workload-identity-manager-spire-server-controller"
	ZeroTrustWorkloadIdentityManagerSpireAgentControllerName                 = "zero-trust-workload-identity-manager-spire-agent-controller"
	ZeroTrustWorkloadIdentityManagerSpiffeCsiDriverControllerName            = "zero-trust-workload-identity-manager-spiffe-csi-driver-controller"
	ZeroTrustWorkloadIdentityManagerSpireOIDCDiscoveryProviderControllerName = "zero-trust-workload-identity-manager-spire-oidc-discovery-provider-controller"

	OperatorNamespace = "zero-trust-workload-identity-manager"

	AppManagedByLabelKey   = "app.kubernetes.io/managed-by"
	AppManagedByLabelValue = "zero-trust-workload-identity-manager"

	// CSI ASSET PATH
	SpiffeCsiDriverAssetName = "spiffe-csi/spiffe-csi-csi-driver.yaml"

	// RBAC ASSET PATH
	SpireAgentClusterRoleAssetName                           = "spire-agent/spire-agent-cluster-role.yaml"
	SpireAgentClusterRoleBindingAssetName                    = "spire-agent/spire-agent-cluster-role-binding.yaml"
	SpireBundleRoleAssetName                                 = "spire-bundle/spire-bundle-role.yaml"
	SpireBundleRoleBindingAssetName                          = "spire-bundle/spire-bundle-role-binding.yaml"
	SpireControllerManagerClusterRoleAssetName               = "spire-controller-manager/spire-controller-manager-cluster-role.yaml"
	SpireControllerManagerClusterRoleBindingAssetName        = "spire-controller-manager/spire-controller-manager-cluster-role-binding.yaml"
	SpireControllerManagerLeaderElectionRoleAssetName        = "spire-controller-manager/spire-controller-manager-leader-election-role.yaml"
	SpireControllerManagerLeaderElectionRoleBindingAssetName = "spire-controller-manager/spire-controller-manager-leader-election-role-binding.yaml"
	SpireServerClusterRoleAssetName                          = "spire-server/spire-server-cluster-role.yaml"
	SpireServerClusterRoleBindingAssetName                   = "spire-server/spire-server-cluster-role-binding.yaml"
	SpireServerExternalCertRoleAssetName                     = "spire-server/spire-server-external-cert-role.yaml"
	SpireServerExternalCertRoleBindingAssetName              = "spire-server/spire-server-external-cert-role-binding.yaml"
	SpireOIDCExternalCertRoleAssetName                       = "spire-oidc-discovery-provider/spire-oidc-external-cert-role.yaml"
	SpireOIDCExternalCertRoleBindingAssetName                = "spire-oidc-discovery-provider/spire-oidc-external-cert-role-binding.yaml"

	// Service Accounts
	SpiffeCsiDriverServiceAccountAssetName            = "spiffe-csi/spiffe-csi-service-account.yaml"
	SpireAgentServiceAccountAssetName                 = "spire-agent/spire-agent-service-account.yaml"
	SpireOIDCDiscoveryProviderServiceAccountAssetName = "spire-oidc-discovery-provider/spire-oidc-discovery-provider-service-account.yaml"
	SpireServerServiceAccountAssetName                = "spire-server/spire-server-service-account.yaml"

	// Service
	SpireOIDCDiscoveryProviderServiceAssetName    = "spire-oidc-discovery-provider/spire-oidc-discovery-provider-service.yaml"
	SpireServerServiceAssetName                   = "spire-server/spire-server-service.yaml"
	SpireControllerManagerWebhookServiceAssetName = "spire-controller-manager/spire-controller-manager-webhook-service.yaml"
	SpireAgentServiceAssetName                    = "spire-agent/spire-agent-service.yaml"

	// Validating Webhook Configurations
	SpireControllerManagerValidatingWebhookConfigurationAssetName = "spire-controller-manager/spire-controller-manager-webhook-validating-webhook.yaml"

	// Service CA Certificate
	ServiceCAAnnotationKey     = "service.beta.openshift.io/serving-cert-secret-name"
	SpireServerServingCertName = "spire-server-serving-cert"

	// Image Reference
	SpireServerImageEnv                = "RELATED_IMAGE_SPIRE_SERVER"
	SpireAgentImageEnv                 = "RELATED_IMAGE_SPIRE_AGENT"
	SpiffeCSIDriverImageEnv            = "RELATED_IMAGE_SPIFFE_CSI_DRIVER"
	SpireOIDCDiscoveryProviderImageEnv = "RELATED_IMAGE_SPIRE_OIDC_DISCOVERY_PROVIDER"
	SpireControllerManagerImageEnv     = "RELATED_IMAGE_SPIRE_CONTROLLER_MANAGER"
	NodeDriverRegistrarImageEnv        = "RELATED_IMAGE_NODE_DRIVER_REGISTRAR"
	SpiffeCSIInitContainerImageEnv     = "RELATED_IMAGE_SPIFFE_CSI_INIT_CONTAINER"

	// Resource Kinds - used for validation and logging
	ResourceKindSpireServer                = "SpireServer"
	ResourceKindSpireAgent                 = "SpireAgent"
	ResourceKindSpiffeCSIDriver            = "SpiffeCSIDriver"
	ResourceKindSpireOIDCDiscoveryProvider = "SpireOIDCDiscoveryProvider"

	// Validation Condition Types
	ConditionTypeConfigurationValid = "ConfigurationValid"

	// Validation Condition Reasons
	ConditionReasonConfigurationValid  = "ConfigurationValid"
	ConditionReasonInvalidAffinity     = "InvalidAffinity"
	ConditionReasonInvalidTolerations  = "InvalidTolerations"
	ConditionReasonInvalidNodeSelector = "InvalidNodeSelector"
	ConditionReasonInvalidResources    = "InvalidResources"
	ConditionReasonInvalidLabels       = "InvalidLabels"

	// Workload Attestor Verification Types
	WorkloadAttestorVerificationTypeSkip     = "skip"
	WorkloadAttestorVerificationTypeAuto     = "auto"
	WorkloadAttestorVerificationTypeHostCert = "hostCert"

	// Default Kubelet CA Paths (for OpenShift clusters)
	// These are used as defaults for 'auto' mode when no explicit paths are provided.
	DefaultKubeletCABasePath = "/etc/kubernetes"
	DefaultKubeletCAFileName = "kubelet-ca.crt"

	// External Certificate RBAC Resource Names
	SpireOIDCExternalCertRoleName          = "spire-oidc-external-cert-reader"
	SpireOIDCExternalCertRoleBindingName   = "spire-oidc-external-cert-reader"
	SpireServerExternalCertRoleName        = "spire-server-external-cert-reader"
	SpireServerExternalCertRoleBindingName = "spire-server-external-cert-reader"
)
View Source 
const (
	// New standardized label values
	StandardManagedByValue = "zero-trust-workload-identity-manager"
	StandardPartOfValue    = "zero-trust-workload-identity-manager"
	StandardInstance       = "cluster-zero-trust-workload-identity-manager"

	// Label keys
	AppComponentLabelKey = "app.kubernetes.io/component"

	// Component values
	ComponentCSI          = "csi"
	ComponentControlPlane = "control-plane"
	ComponentNodeAgent    = "node-agent"
	ComponentDiscovery    = "discovery"
)
View Source 
const (
	// Proxy environment variable names
	HTTPProxyEnvVar  = "HTTP_PROXY"
	HTTPSProxyEnvVar = "HTTPS_PROXY"
	NoProxyEnvVar    = "NO_PROXY"

	// TrustedCABundleConfigMapEnvVar Environment variable for user-provided trusted CA bundle ConfigMap name
	// User sets this in the Subscription object to specify their ConfigMap
	TrustedCABundleConfigMapEnvVar = "TRUSTED_CA_BUNDLE_CONFIGMAP"

	// TrustedCABundlePath has Trusted CA bundle configuration
	// Mount path follows OpenShift conventions for injected CA bundles
	TrustedCABundlePath = "/etc/pki/ca-trust/extracted/pem"
	TrustedCABundleFile = "tls-ca-bundle.pem"
	TrustedCABundleKey  = "ca-bundle.crt"
)
View Source 
const (
	CreateOnlyModeStatusType = "CreateOnlyMode"
	CreateOnlyModeEnabled    = "CreateOnlyModeEnabled"
	CreateOnlyModeDisabled   = "CreateOnlyModeDisabled"
)
View Source 
const (
	LogLevelInfo  = "info"
	LogFormatText = "text"
)

Variables

View Source 
var GenerationOrOwnerReferenceChangedPredicate = predicate.Or(
	predicate.GenerationChangedPredicate{},
	OwnerReferenceChangedPredicate,
)

GenerationOrOwnerReferenceChangedPredicate triggers reconciliation when either: 1. The resource generation changes (spec/status changes) 2. Owner references change (removed/modified) This is the standard predicate for all operand controllers

View Source 
var OwnerReferenceChangedPredicate = predicate.Funcs{
	CreateFunc: func(e event.CreateEvent) bool {
		return true
	},
	UpdateFunc: func(e event.UpdateEvent) bool {
		oldOwners := e.ObjectOld.GetOwnerReferences()
		newOwners := e.ObjectNew.GetOwnerReferences()

		if len(oldOwners) != len(newOwners) {
			return true
		}

		oldOwnerMap := make(map[string]string)
		for _, owner := range oldOwners {
			oldOwnerMap[string(owner.UID)] = owner.Name
		}

		for _, owner := range newOwners {
			oldName, exists := oldOwnerMap[string(owner.UID)]
			if !exists || oldName != owner.Name {
				return true
			}
		}

		return false
	},
	DeleteFunc: func(e event.DeleteEvent) bool {
		return true
	},
	GenericFunc: func(e event.GenericEvent) bool {
		return false
	},
}

OwnerReferenceChangedPredicate triggers reconciliation when owner references change This is useful for detecting when owner references are removed or modified

View Source 
var ZTWIMSpecChangedPredicate = predicate.Funcs{
	CreateFunc: func(e event.CreateEvent) bool {
		return true
	},
	UpdateFunc: func(e event.UpdateEvent) bool {
		return false
	},
	DeleteFunc: func(e event.DeleteEvent) bool {
		return true
	},
	GenericFunc: func(e event.GenericEvent) bool {
		return false
	},
}

ZTWIMSpecChangedPredicate triggers reconciliation when ZTWIM spec is created while avoiding unnecessary reconciliations when only non-critical fields change

Functions

func AddProxyConfigToPod 

func AddProxyConfigToPod(podSpec *corev1.PodSpec)

AddProxyConfigToPod adds proxy environment variables and trusted CA bundle to all containers in a pod spec. This should be called after all containers are added to the pod spec.

Proxy env vars are added if any proxy environment variables are set (HTTP_PROXY, HTTPS_PROXY, NO_PROXY). Trusted CA bundle is mounted if the user has specified a ConfigMap name via TRUSTED_CA_BUNDLE_CONFIGMAP.

func AddProxyConfigToPodWithInternalNoProxy 

func AddProxyConfigToPodWithInternalNoProxy(podSpec *corev1.PodSpec)

AddProxyConfigToPodWithInternalNoProxy adds proxy configuration to a pod spec and ensures internal cluster services are added to NO_PROXY. Use this for components that need proxy for external access but must bypass proxy for internal cluster communication (e.g., spire-agent).

func AddProxyConfigToPodWithNoProxyAdditions 

func AddProxyConfigToPodWithNoProxyAdditions(podSpec *corev1.PodSpec, additionalNoProxy []string)

AddProxyConfigToPodWithNoProxyAdditions adds proxy configuration with additional NO_PROXY entries.

func AddTrustedCABundleToContainer 

func AddTrustedCABundleToContainer(container *corev1.Container)

AddTrustedCABundleToContainer adds the trusted CA bundle volume mount to a container if a ConfigMap is configured and the mount doesn't already exist

func AnnotationsMatch 

func AnnotationsMatch(existing, desired map[string]string) bool

AnnotationsMatch checks if all desired annotations are present in existing with the same values We don't care about extra annotations that Kubernetes might add Treats nil and empty maps as equivalent

func CSIDriverNeedsUpdate 

func CSIDriverNeedsUpdate(existing, desired *storagev1.CSIDriver) bool

CSIDriverNeedsUpdate checks if a CSIDriver needs updating

func ClusterRoleBindingNeedsUpdate 

func ClusterRoleBindingNeedsUpdate(existing, desired *rbacv1.ClusterRoleBinding) bool

ClusterRoleBindingNeedsUpdate checks if a ClusterRoleBinding needs updating

func ClusterRoleNeedsUpdate 

func ClusterRoleNeedsUpdate(existing, desired *rbacv1.ClusterRole) bool

ClusterRoleNeedsUpdate checks if a ClusterRole needs updating

func ClusterSPIFFEIDNeedsUpdate 

func ClusterSPIFFEIDNeedsUpdate(existing, desired *spiffev1alpha1.ClusterSPIFFEID) bool

ClusterSPIFFEIDNeedsUpdate checks if a ClusterSPIFFEID needs updating

func ControllerManagedResourcesForComponent 

func ControllerManagedResourcesForComponent(component string) predicate.Funcs

ControllerManagedResourcesForComponent creates a predicate that filters resources by both the managed-by label and the component label

func DaemonSetNeedsUpdate 

func DaemonSetNeedsUpdate(fetched, desired *appsv1.DaemonSet) bool

DaemonSetNeedsUpdate checks if a DaemonSet needs updating

func DecodeClusterRoleBindingObjBytes 

func DecodeClusterRoleBindingObjBytes(objBytes []byte) *rbacv1.ClusterRoleBinding

func DecodeClusterRoleObjBytes 

func DecodeClusterRoleObjBytes(objBytes []byte) *rbacv1.ClusterRole

func DecodeCsiDriverObjBytes 

func DecodeCsiDriverObjBytes(objBytes []byte) *storagev1.CSIDriver

func DecodeRoleBindingObjBytes 

func DecodeRoleBindingObjBytes(objBytes []byte) *rbacv1.RoleBinding

func DecodeRoleObjBytes 

func DecodeRoleObjBytes(objBytes []byte) *rbacv1.Role

func DecodeServiceAccountObjBytes 

func DecodeServiceAccountObjBytes(objBytes []byte) *corev1.ServiceAccount

func DecodeServiceObjBytes 

func DecodeServiceObjBytes(objBytes []byte) *corev1.Service

func DecodeValidatingWebhookConfigurationByBytes 

func DecodeValidatingWebhookConfigurationByBytes(objBytes []byte) *admissionregistrationv1.ValidatingWebhookConfiguration

func DeploymentNeedsUpdate 

func DeploymentNeedsUpdate(fetched, desired *appsv1.Deployment) bool

DeploymentNeedsUpdate checks if a Deployment needs updating

func DerefAffinity 

func DerefAffinity(a *corev1.Affinity) corev1.Affinity

func DerefNodeSelector 

func DerefNodeSelector(selector map[string]string) map[string]string

func DerefResourceRequirements 

func DerefResourceRequirements(r *corev1.ResourceRequirements) corev1.ResourceRequirements

func DerefTolerations 

func DerefTolerations(tolerations []*corev1.Toleration) []corev1.Toleration

func GenerateConfigHash 

func GenerateConfigHash(data []byte) string

GenerateConfigHash returns a SHA256 hex string of the trimmed input bytes

func GenerateConfigHashFromString 

func GenerateConfigHashFromString(data string) string

GenerateConfigHashFromString returns a SHA256 hex string of the trimmed input string

func GenerateMapHash 

func GenerateMapHash(m map[string]string) string

GenerateMapHash takes a map[string]string, sorts it by key, and returns a SHA256 hash.

func GetInternalNoProxyEntries 

func GetInternalNoProxyEntries() []string

GetInternalNoProxyEntries returns NO_PROXY entries for internal cluster services. These should be added to NO_PROXY for components that need proxy for external access but must bypass proxy for internal cluster communication.

func GetLogFormatFromString 

func GetLogFormatFromString(logFormat string) string

func GetLogLevelFromString 

func GetLogLevelFromString(logLevel string) string

func GetNodeDriverRegistrarImage 

func GetNodeDriverRegistrarImage() string

func GetOperatorNamespace 

func GetOperatorNamespace() string

GetOperatorNamespace returns the namespace where the operator resources should be installed. It reads from the OPERATOR_NAMESPACE environment variable. Returns an empty string if the environment variable is not set.

func GetProxyEnvVars 

func GetProxyEnvVars() []corev1.EnvVar

GetProxyEnvVars retrieves proxy environment variables from the operator's environment These are injected by OLM when a cluster-wide proxy is configured, or can be overridden by the user via the Subscription object

func GetProxyEnvVarsWithNoProxyAdditions 

func GetProxyEnvVarsWithNoProxyAdditions(additionalNoProxy []string) []corev1.EnvVar

GetProxyEnvVarsWithNoProxyAdditions retrieves proxy environment variables and appends additional entries to NO_PROXY. This is useful for ensuring internal services bypass the proxy. The additionalNoProxy entries are appended to the existing NO_PROXY value.

func GetSpiffeCSIDriverImage 

func GetSpiffeCSIDriverImage() string

func GetSpiffeCsiInitContainerImage 

func GetSpiffeCsiInitContainerImage() string

func GetSpireAgentImage 

func GetSpireAgentImage() string

func GetSpireControllerManagerImage 

func GetSpireControllerManagerImage() string

func GetSpireOIDCDiscoveryProviderImage 

func GetSpireOIDCDiscoveryProviderImage() string

func GetSpireServerImage 

func GetSpireServerImage() string

func GetTrustedCABundleConfigMapName 

func GetTrustedCABundleConfigMapName() string

GetTrustedCABundleConfigMapName returns the user-configured ConfigMap name for the trusted CA bundle. Returns empty string if not configured. User sets this via TRUSTED_CA_BUNDLE_CONFIGMAP env var in the Subscription.

func GetTrustedCABundleVolume 

func GetTrustedCABundleVolume() corev1.Volume

GetTrustedCABundleVolume returns a Volume for mounting the user-specified trusted CA bundle ConfigMap. Returns an empty Volume if no ConfigMap is configured.

func GetTrustedCABundleVolumeMount 

func GetTrustedCABundleVolumeMount() corev1.VolumeMount

GetTrustedCABundleVolumeMount returns a VolumeMount for the trusted CA bundle Mounts to the standard OpenShift CA trust directory. The ConfigMap volume uses items projection to only include tls-ca-bundle.pem, so no SubPath is needed.

func InjectProxyEnvVars 

func InjectProxyEnvVars(container *corev1.Container)

InjectProxyEnvVars adds proxy environment variables to a container's Env list if they are not already present

func InjectProxyEnvVarsWithNoProxyAdditions 

func InjectProxyEnvVarsWithNoProxyAdditions(container *corev1.Container, additionalNoProxy []string)

InjectProxyEnvVarsWithNoProxyAdditions adds proxy environment variables to a container's Env list with additional NO_PROXY entries appended. This ensures internal services bypass the proxy.

func IsInCreateOnlyMode 

func IsInCreateOnlyMode() bool

IsInCreateOnlyMode checks if create-only mode is enabled. It accepts case-insensitive values:

  • "true", "TRUE", "True" -> returns true (enabled)
  • "false", "FALSE", "False", empty, or invalid -> returns false (disabled)

func IsIrrecoverableError 

func IsIrrecoverableError(err error) bool

func IsMultipleInstanceError 

func IsMultipleInstanceError(err error) bool

func IsProxyEnabled 

func IsProxyEnabled() bool

IsProxyEnabled checks if a proxy is actually configured. A proxy is considered enabled only when HTTP_PROXY or HTTPS_PROXY is set. NO_PROXY alone does not enable proxy functionality - it only specifies exclusions when a proxy is configured.

func IsRetryRequiredError 

func IsRetryRequiredError(err error) bool

func IsTrustedCABundleConfigured 

func IsTrustedCABundleConfigured() bool

IsTrustedCABundleConfigured checks if user has specified a CA bundle ConfigMap

func IsValidURL 

func IsValidURL(issuerURL string) error

IsValidURL validates URL format.

func LabelsMatch 

func LabelsMatch(existing, desired map[string]string) bool

LabelsMatch checks if all desired labels are present in existing with the same values We don't care about extra labels that Kubernetes might add Treats nil and empty maps as equivalent

func NeedsOwnerReferenceUpdate 

func NeedsOwnerReferenceUpdate(obj client.Object, expectedOwner client.Object) bool

NeedsOwnerReferenceUpdate checks if an object's owner reference needs to be updated This prevents unnecessary reconciliations by only updating when the owner reference is missing or different from what's expected

func NormalizeURL 

func NormalizeURL(issuerURL string) (string, error)

NormalizeURL normalizes JWT issuer URL for consistent comparison

func ResourceNeedsUpdate 

func ResourceNeedsUpdate(existing, desired client.Object) bool

ResourceNeedsUpdate determines if a resource needs to be updated based on its type This checks labels, annotations, and type-specific fields

func RoleBindingNeedsUpdate 

func RoleBindingNeedsUpdate(existing, desired *rbacv1.RoleBinding) bool

RoleBindingNeedsUpdate checks if a RoleBinding needs updating

func RoleNeedsUpdate 

func RoleNeedsUpdate(existing, desired *rbacv1.Role) bool

RoleNeedsUpdate checks if a Role needs updating

func SecurityContextConstraintsNeedsUpdate 

func SecurityContextConstraintsNeedsUpdate(existing, desired *securityv1.SecurityContextConstraints) bool

SecurityContextConstraintsNeedsUpdate checks if a SecurityContextConstraints needs updating

func ServiceAccountNeedsUpdate 

func ServiceAccountNeedsUpdate(existing, desired *corev1.ServiceAccount) bool

ServiceAccountNeedsUpdate checks if a ServiceAccount needs updating

func ServiceNeedsUpdate 

func ServiceNeedsUpdate(existing, desired *corev1.Service) bool

ServiceNeedsUpdate checks if a Service needs updating

func SetLabel 

func SetLabel(labels map[string]string, key, value string) map[string]string

SetLabel sets a label key/value on the given object metadata labels map. If the labels map is nil, it initializes it.

func SpiffeCSIDriverLabels 

func SpiffeCSIDriverLabels(customLabels map[string]string) map[string]string

func SpireAgentLabels 

func SpireAgentLabels(customLabels map[string]string) map[string]string

func SpireControllerManagerLabels 

func SpireControllerManagerLabels(customLabels map[string]string) map[string]string

func SpireOIDCDiscoveryProviderLabels 

func SpireOIDCDiscoveryProviderLabels(customLabels map[string]string) map[string]string

func SpireServerLabels 

func SpireServerLabels(customLabels map[string]string) map[string]string

Component-specific label generators

func StandardizedLabels 

func StandardizedLabels(name, component, version string, customLabels map[string]string) map[string]string

StandardizedLabels generates the new standardized label set for Kubernetes resources

func StatefulSetNeedsUpdate 

func StatefulSetNeedsUpdate(fetched, desired *appsv1.StatefulSet) bool

StatefulSetNeedsUpdate checks if a StatefulSet needs updating

func StringToBool 

func StringToBool(s string) bool

func StripProtocolFromJWTIssuer 

func StripProtocolFromJWTIssuer(issuerURL string) (string, error)

StripProtocolFromJWTIssuer removes protocol from validated JWT issuer URL

func ValidateAffinity 

func ValidateAffinity(affinity *core.Affinity, opts corevalidation.PodValidationOptions, fldPath *field.Path) field.ErrorList

validateAffinity checks if given affinities are valid

func ValidateAndUpdateStatus 

func ValidateAndUpdateStatus(
	logger logr.Logger,
	statusMgr StatusManager,
	resourceKind string,
	resourceName string,
	affinity *corev1.Affinity,
	tolerations []*corev1.Toleration,
	nodeSelector map[string]string,
	resources *corev1.ResourceRequirements,
	labels map[string]string,
) error

ValidateAndUpdateStatus validates common configuration and updates status manager

func ValidateCommonConfig 

func ValidateCommonConfig(affinity *corev1.Affinity, tolerations []*corev1.Toleration, nodeSelector map[string]string, resources *corev1.ResourceRequirements, labels map[string]string) error

ValidateCommonConfig validates all common configuration fields

func ValidateCommonConfigAffinity 

func ValidateCommonConfigAffinity(affinity *corev1.Affinity) error

ValidateCommonConfigAffinity validates the affinity configuration using Kubernetes validation functions.

func ValidateCommonConfigLabels 

func ValidateCommonConfigLabels(labels map[string]string) error

ValidateCommonConfigLabels validates labels configuration using Kubernetes validation functions.

func ValidateCommonConfigNodeSelector 

func ValidateCommonConfigNodeSelector(nodeSelector map[string]string) error

ValidateCommonConfigNodeSelector validates node selector configuration using Kubernetes validation functions.

func ValidateCommonConfigResources 

func ValidateCommonConfigResources(resources *corev1.ResourceRequirements) error

ValidateCommonConfigResources validates resource requirements configuration using Kubernetes validation functions.

func ValidateCommonConfigTolerations 

func ValidateCommonConfigTolerations(tolerations []*corev1.Toleration) error

ValidateCommonConfigTolerations validates tolerations configuration using Kubernetes validation functions.

func ValidatingWebhookConfigurationNeedsUpdate 

func ValidatingWebhookConfigurationNeedsUpdate(existing, desired *admissionregistrationv1.ValidatingWebhookConfiguration) bool

ValidatingWebhookConfigurationNeedsUpdate checks if a ValidatingWebhookConfiguration needs updating

Types

type ErrorReason 

type ErrorReason string
const (
	IrrecoverableError ErrorReason = "IrrecoverableError"

	RetryRequiredError ErrorReason = "RetryRequiredError"

	MultipleInstanceError ErrorReason = "MultipleInstanceError"
)

type ProxyValidationResult 

type ProxyValidationResult struct {
	Valid   bool
	Reason  string
	Message string
}

ProxyValidationResult contains the result of proxy configuration validation

func ValidateProxyConfiguration 

func ValidateProxyConfiguration() *ProxyValidationResult

ValidateProxyConfiguration validates proxy configuration: 1. If proxy is not enabled, returns valid (no validation needed) 2. If proxy is enabled, CA bundle ConfigMap name must be configured via TRUSTED_CA_BUNDLE_CONFIGMAP env var Note: We don't validate if the ConfigMap actually exists - the volume mount uses optional:true so pods will start even if the ConfigMap doesn't exist yet.

type ReconcileError 

type ReconcileError struct {
	Reason  ErrorReason `json:"reason,omitempty"`
	Message string      `json:"message,omitempty"`
	Err     error       `json:"error,omitempty"`
}

func FromClientError 

func FromClientError(err error, message string, args ...any) *ReconcileError

func FromError 

func FromError(err error, message string, args ...any) *ReconcileError

func NewIrrecoverableError 

func NewIrrecoverableError(err error, message string, args ...any) *ReconcileError

func NewMultipleInstanceError 

func NewMultipleInstanceError(err error) *ReconcileError

func NewRetryRequiredError 

func NewRetryRequiredError(err error, message string, args ...any) *ReconcileError

func (*ReconcileError) Error 

func (e *ReconcileError) Error() string

ReconcileError implements the ReconcileError interface.

type StatusManager 

type StatusManager interface {
	AddCondition(conditionType, reason, message string, status metav1.ConditionStatus)
}

StatusManager is an interface that defines methods needed for status management

type ValidationResult 

type ValidationResult struct {
	FieldName      string
	ConditionType  string
	ConditionValue string
	ErrorMessage   string
	Error          error
}

ValidationResult represents the result of a validation operation

func ValidateCommonConfigWithDetails 

func ValidateCommonConfigWithDetails(affinity *corev1.Affinity, tolerations []*corev1.Toleration, nodeSelector map[string]string, resources *corev1.ResourceRequirements, labels map[string]string) []ValidationResult

ValidateCommonConfigWithDetails validates common configuration fields and returns detailed error information

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.