namespace

package
v1.12.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package namespace implements the RBAC manager's support for namespaces.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RenderRoles

func RenderRoles(ns *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role

RenderRoles for the supplied namespace by aggregating rules from the supplied cluster roles.

func RolesDiffer

func RolesDiffer(current, desired runtime.Object) bool

RolesDiffer returns true if the supplied objects are different Roles. We consider Roles to be different if their crossplane annotations or rules do not match.

func Setup

func Setup(mgr ctrl.Manager, o controller.Options) error

Setup adds a controller that reconciles a Namespace by creating a series of opinionated Roles that may be bound to allow access to resources within that namespace.

Types

type EnqueueRequestForNamespaces

type EnqueueRequestForNamespaces struct {
	// contains filtered or unexported fields
}

EnqueueRequestForNamespaces enqueues a reconcile for all namespaces whenever a ClusterRole with the aggregation labels we're concerned with changes. This is unusual, but we expect there to be relatively few ClusterRoles, and we have no way of relating a specific ClusterRoles back to the Roles that aggregate it. This is the approach the upstream aggregation controller uses. https://github.com/kubernetes/kubernetes/blob/323f348/pkg/controller/clusterroleaggregation/clusterroleaggregation_controller.go#L188

func (*EnqueueRequestForNamespaces) Create

Create adds a NamespacedName for the supplied CreateEvent if its Object is an aggregated ClusterRole.

func (*EnqueueRequestForNamespaces) Delete

Delete adds a NamespacedName for the supplied DeleteEvent if its Object is an aggregated ClusterRole.

func (*EnqueueRequestForNamespaces) Generic

Generic adds a NamespacedName for the supplied GenericEvent if its Object is an aggregated ClusterRole.

func (*EnqueueRequestForNamespaces) Update

Update adds a NamespacedName for the supplied UpdateEvent if its Object is an aggregated ClusterRole.

type Reconciler

type Reconciler struct {
	// contains filtered or unexported fields
}

A Reconciler reconciles Namespaces.

func NewReconciler

func NewReconciler(mgr manager.Manager, opts ...ReconcilerOption) *Reconciler

NewReconciler returns a Reconciler of Namespaces.

func (*Reconciler) Reconcile

func (r *Reconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error)

Reconcile a Namespace by creating a series of opinionated Roles that may be bound to allow access to resources within that namespace.

type ReconcilerOption

type ReconcilerOption func(*Reconciler)

ReconcilerOption is used to configure the Reconciler.

func WithClientApplicator

func WithClientApplicator(ca resource.ClientApplicator) ReconcilerOption

WithClientApplicator specifies how the Reconciler should interact with the Kubernetes API.

func WithLogger

func WithLogger(log logging.Logger) ReconcilerOption

WithLogger specifies how the Reconciler should log messages.

func WithRecorder

func WithRecorder(er event.Recorder) ReconcilerOption

WithRecorder specifies how the Reconciler should record Kubernetes events.

func WithRoleRenderer

func WithRoleRenderer(rr RoleRenderer) ReconcilerOption

WithRoleRenderer specifies how the Reconciler should render RBAC Roles.

type RoleRenderFn

type RoleRenderFn func(d *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role

A RoleRenderFn renders Roles for the supplied Namespace.

func (RoleRenderFn) RenderRoles

func (fn RoleRenderFn) RenderRoles(d *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role

RenderRoles renders Roles for the supplied Namespace.

type RoleRenderer

type RoleRenderer interface {
	// RenderRoles for the supplied Namespace.
	RenderRoles(d *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role
}

A RoleRenderer renders Roles for a given Namespace.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL