Documentation
¶
Index ¶
- Constants
- Variables
- func RegisterAccessLogPolicyController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterAllRouteControllers(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterGatewayClassController(log gwlog.Logger, mgr ctrl.Manager) error
- func RegisterGatewayController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterIAMAuthPolicyController(log gwlog.Logger, mgr ctrl.Manager, cloud pkg_aws.Cloud) error
- func RegisterPodController(log gwlog.Logger, mgr ctrl.Manager) error
- func RegisterServiceController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterServiceExportController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterServiceImportController(log gwlog.Logger, mgr ctrl.Manager, finalizerManager k8s.FinalizerManager) error
- func UpdateGWListenerStatus(ctx context.Context, k8sClient client.Client, gw *gwv1beta1.Gateway) error
- type IAMAuthPolicyController
Constants ¶
const ( IAMAuthPolicyAnnotation = "iam-auth-policy" IAMAuthPolicyAnnotationResId = k8s.AnnotationPrefix + IAMAuthPolicyAnnotation + "-resource-id" IAMAuthPolicyAnnotationType = k8s.AnnotationPrefix + IAMAuthPolicyAnnotation + "-resource-type" IAMAuthPolicyFinalizer = k8s.AnnotationPrefix + IAMAuthPolicyAnnotation )
const (
LatticeAssignedDomainName = "application-networking.k8s.aws/lattice-assigned-domain-name"
)
Variables ¶
Functions ¶
func RegisterAccessLogPolicyController ¶ added in v0.0.18
func RegisterAllRouteControllers ¶ added in v0.0.16
func RegisterGatewayClassController ¶ added in v0.0.16
func RegisterGatewayController ¶ added in v0.0.16
func RegisterIAMAuthPolicyController ¶ added in v0.0.18
func RegisterPodController ¶ added in v0.0.16
func RegisterServiceController ¶ added in v0.0.16
func RegisterServiceExportController ¶ added in v0.0.16
func RegisterServiceImportController ¶ added in v0.0.16
Types ¶
type IAMAuthPolicyController ¶ added in v0.0.18
type IAMAuthPolicyController struct {
// contains filtered or unexported fields
}
func (*IAMAuthPolicyController) Reconcile ¶ added in v0.0.18
func (c *IAMAuthPolicyController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconciles IAMAuthPolicy CRD.
IAMAuthPolicy has a plain text policy field and targetRef.Content of policy is not validated by controller, but Lattice API.
TargetRef Kind can be Gatbeway, HTTPRoute, or GRPCRoute. Other Kinds will result in Invalid status. Policy can be attached to single targetRef only. Attempt to attach more than 1 policy will result in Policy Conflict. If policies created in sequence, the first one will be in Accepted status, and second in Conflict. Any following updates to accepted policy will put it into conflicting status, and requires manual resolution - delete conflicting policy.
Lattice side. Gateway attaches to Lattice ServiceNetwork, and HTTP/GRPCRoute to Service. Policy attachment changes ServiceNetowrk and Service auth-type to IAM, and detachment to NONE. Successful creation of lattice policy updates k8s policy annotation with ARN/Id of Lattice Resouce
Policy Attachment Spec is defined in [GEP-713]: https://gateway-api.sigs.k8s.io/geps/gep-713/.
Source Files
Directories