Documentation
¶
Index ¶
- Constants
- Variables
- func RegisterAccessLogPolicyController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterAllRouteControllers(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterGatewayClassController(log gwlog.Logger, mgr ctrl.Manager) error
- func RegisterGatewayController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterIAMAuthPolicyController(log gwlog.Logger, mgr ctrl.Manager, cloud pkg_aws.Cloud) error
- func RegisterPodController(log gwlog.Logger, mgr ctrl.Manager) error
- func RegisterServiceController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterServiceExportController(log gwlog.Logger, cloud aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func RegisterServiceImportController(log gwlog.Logger, mgr ctrl.Manager, finalizerManager k8s.FinalizerManager) error
- func RegisterTargetGroupPolicyController(log gwlog.Logger, mgr ctrl.Manager) error
- func RegisterVpcAssociationPolicyController(log gwlog.Logger, cloud pkg_aws.Cloud, finalizerManager k8s.FinalizerManager, ...) error
- func UpdateGWListenerStatus(ctx context.Context, k8sClient client.Client, gw *gwv1beta1.Gateway) error
- type IAMAuthPolicyController
- type IAP
- type TGP
- type TargetGroupPolicyController
- type VAP
Constants ¶
const ( IAMAuthPolicyAnnotation = "iam-auth-policy" IAMAuthPolicyAnnotationResId = k8s.AnnotationPrefix + IAMAuthPolicyAnnotation + "-resource-id" IAMAuthPolicyAnnotationType = k8s.AnnotationPrefix + IAMAuthPolicyAnnotation + "-resource-type" IAMAuthPolicyFinalizer = k8s.AnnotationPrefix + IAMAuthPolicyAnnotation )
const (
LatticeAssignedDomainName = "application-networking.k8s.aws/lattice-assigned-domain-name"
)
Variables ¶
Functions ¶
Types ¶
type IAMAuthPolicyController ¶
type IAMAuthPolicyController struct {
// contains filtered or unexported fields
}
func (*IAMAuthPolicyController) Reconcile ¶
func (c *IAMAuthPolicyController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconciles IAMAuthPolicy CRD.
IAMAuthPolicy has a plain text policy field and targetRef.Content of policy is not validated by controller, but Lattice API.
TargetRef Kind can be Gatbeway, HTTPRoute, or GRPCRoute. Other Kinds will result in Invalid status. Policy can be attached to single targetRef only. Attempt to attach more than 1 policy will result in Policy Conflict. If policies created in sequence, the first one will be in Accepted status, and second in Conflict. Any following updates to accepted policy will put it into conflicting status, and requires manual resolution - delete conflicting policy.
Lattice side. Gateway attaches to Lattice ServiceNetwork, and HTTP/GRPCRoute to Service. Policy attachment changes ServiceNetowrk and Service auth-type to IAM, and detachment to NONE. Successful creation of lattice policy updates k8s policy annotation with ARN/Id of Lattice Resouce
Policy Attachment Spec is defined in [GEP-713]: https://gateway-api.sigs.k8s.io/geps/gep-713/.
type IAP ¶
type IAP = anv1alpha1.IAMAuthPolicy
type TGP ¶
type TGP = anv1alpha1.TargetGroupPolicy
type TargetGroupPolicyController ¶
type TargetGroupPolicyController struct {
// contains filtered or unexported fields
}
type VAP ¶
type VAP = anv1alpha1.VpcAssociationPolicy
Source Files
Directories