namespace

package

v1.14.9 Latest Latest Go to latest Published: May 15, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/crossplane/crossplane

Links

Open Source Insights

Documentation ¶

Overview ¶

Package namespace implements the RBAC manager's support for namespaces.

Index ¶

func RenderRoles(ns *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role
func RolesDiffer(current, desired runtime.Object) bool
func Setup(mgr ctrl.Manager, o controller.Options) error
type EnqueueRequestForNamespaces
type Reconciler
- func NewReconciler(mgr manager.Manager, opts ...ReconcilerOption) *Reconciler
- func (r *Reconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error)
type ReconcilerOption
type RoleRenderFn
- func (fn RoleRenderFn) RenderRoles(d *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role
type RoleRenderer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RenderRoles ¶

func RenderRoles(ns *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role

RenderRoles for the supplied namespace by aggregating rules from the supplied cluster roles.

func RolesDiffer ¶

func RolesDiffer(current, desired runtime.Object) bool

RolesDiffer returns true if the supplied objects are different Roles. We consider Roles to be different if their crossplane annotations or rules do not match.

func Setup ¶

func Setup(mgr ctrl.Manager, o controller.Options) error

Setup adds a controller that reconciles a Namespace by creating a series of opinionated Roles that may be bound to allow access to resources within that namespace.

Types ¶

type EnqueueRequestForNamespaces ¶

type EnqueueRequestForNamespaces struct {
	// contains filtered or unexported fields
}

EnqueueRequestForNamespaces enqueues a reconcile for all namespaces whenever a ClusterRole with the aggregation labels we're concerned with changes. This is unusual, but we expect there to be relatively few ClusterRoles, and we have no way of relating a specific ClusterRoles back to the Roles that aggregate it. This is the approach the upstream aggregation controller uses. https://github.com/kubernetes/kubernetes/blob/323f348/pkg/controller/clusterroleaggregation/clusterroleaggregation_controller.go#L188

func (*EnqueueRequestForNamespaces) Create ¶

func (e *EnqueueRequestForNamespaces) Create(ctx context.Context, evt event.CreateEvent, q workqueue.RateLimitingInterface)

Create adds a NamespacedName for the supplied CreateEvent if its Object is an aggregated ClusterRole.

func (*EnqueueRequestForNamespaces) Delete ¶

func (e *EnqueueRequestForNamespaces) Delete(ctx context.Context, evt event.DeleteEvent, q workqueue.RateLimitingInterface)

Delete adds a NamespacedName for the supplied DeleteEvent if its Object is an aggregated ClusterRole.

func (*EnqueueRequestForNamespaces) Generic ¶

func (e *EnqueueRequestForNamespaces) Generic(ctx context.Context, evt event.GenericEvent, q workqueue.RateLimitingInterface)

Generic adds a NamespacedName for the supplied GenericEvent if its Object is an aggregated ClusterRole.

func (*EnqueueRequestForNamespaces) Update ¶

func (e *EnqueueRequestForNamespaces) Update(ctx context.Context, evt event.UpdateEvent, q workqueue.RateLimitingInterface)

Update adds a NamespacedName for the supplied UpdateEvent if its Object is an aggregated ClusterRole.

type Reconciler ¶

type Reconciler struct {
	// contains filtered or unexported fields
}

A Reconciler reconciles Namespaces.

func NewReconciler ¶

func NewReconciler(mgr manager.Manager, opts ...ReconcilerOption) *Reconciler

NewReconciler returns a Reconciler of Namespaces.

func (*Reconciler) Reconcile ¶

func (r *Reconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error)

Reconcile a Namespace by creating a series of opinionated Roles that may be bound to allow access to resources within that namespace.

type ReconcilerOption ¶

type ReconcilerOption func(*Reconciler)

ReconcilerOption is used to configure the Reconciler.

func WithClientApplicator ¶

func WithClientApplicator(ca resource.ClientApplicator) ReconcilerOption

WithClientApplicator specifies how the Reconciler should interact with the Kubernetes API.

func WithLogger ¶

func WithLogger(log logging.Logger) ReconcilerOption

WithLogger specifies how the Reconciler should log messages.

func WithRecorder ¶

func WithRecorder(er event.Recorder) ReconcilerOption

WithRecorder specifies how the Reconciler should record Kubernetes events.

func WithRoleRenderer ¶

func WithRoleRenderer(rr RoleRenderer) ReconcilerOption

WithRoleRenderer specifies how the Reconciler should render RBAC Roles.

type RoleRenderFn ¶

type RoleRenderFn func(d *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role

A RoleRenderFn renders Roles for the supplied Namespace.

func (RoleRenderFn) RenderRoles ¶

func (fn RoleRenderFn) RenderRoles(d *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role

RenderRoles renders Roles for the supplied Namespace.

type RoleRenderer ¶

type RoleRenderer interface {
	// RenderRoles for the supplied Namespace.
	RenderRoles(d *corev1.Namespace, crs []rbacv1.ClusterRole) []rbacv1.Role
}

A RoleRenderer renders Roles for a given Namespace.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL