Documentation
¶
Index ¶
- Constants
- Variables
- func AuthConfigName(apKey client.ObjectKey) string
- func EnvoyExtensionPolicyName(targetName string) string
- func EnvoySecurityPolicyName(targetName string) string
- func FindRouteParentStatusFunc(route *gatewayapiv1.HTTPRoute, gatewayKey client.ObjectKey, ...) func(gatewayapiv1.RouteParentStatus) bool
- func GetLimitador(ctx context.Context, k8sclient client.Client, ...) (*limitadorv1alpha1.Limitador, error)
- func IstioAuthorizationPolicyName(gwName string, targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) string
- func LimitadorClusterEnvoyPatchPolicyName(targetName string) string
- func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.DynamicClient, logger logr.Logger) *controller.Controller
- func PolicyAffectedConditionType(policyKind string) string
- func WASMPluginName(gw *gatewayapiv1.Gateway) string
- type AuthPolicyEnvoySecurityPolicyReconciler
- type AuthPolicyIstioAuthorizationPolicyReconciler
- type AuthPolicyReconciler
- type DNSPolicyReconciler
- type DNSPolicyRefsConfig
- type EnvoyGatewayLimitadorClusterReconciler
- type EnvoyGatewayWasmReconciler
- type EnvoySecurityPolicyReferenceGrantReconciler
- type EventLogger
- type GatewayKuadrantReconciler
- type GatewayWrapper
- type HTTPRouteParentRefsEventMapper
- type KuadrantReconciler
- type LimitadorClusterEnvoyFilterReconciler
- type RateLimitPolicyEnforcedStatusReconciler
- type RateLimitPolicyReconciler
- type RateLimitingIstioWASMPluginReconciler
- type TLSPolicyReconciler
- type TargetStatusReconciler
- type TopologyFileReconciler
Constants ¶
const ( LabelGatewayReference = "kuadrant.io/gateway" LabelGatewayNSRef = "kuadrant.io/gateway-namespace" LabelListenerReference = "kuadrant.io/listener-name" )
const ( ReadyConditionType string = "Ready" PolicyReasonUnknown string = "Unknown" )
const DNSPolicyFinalizer = "kuadrant.io/dns-policy"
const (
KuadrantReferenceGrantName = "kuadrant-authorization-rg"
)
const PolicyAffectedConditionPattern = "kuadrant.io/%sAffected" // Policy kinds are expected to be named XPolicy
const TLSPolicyFinalizer = "kuadrant.io/tls-policy"
Variables ¶
var ( CertManagerCertificatesResource = certmanagerv1.SchemeGroupVersion.WithResource("certificates") CertManagerIssuersResource = certmanagerv1.SchemeGroupVersion.WithResource("issuers") CertMangerClusterIssuersResource = certmanagerv1.SchemeGroupVersion.WithResource("clusterissuers") CertManagerCertificateKind = schema.GroupKind{Group: certmanager.GroupName, Kind: certmanagerv1.CertificateKind} CertManagerIssuerKind = schema.GroupKind{Group: certmanager.GroupName, Kind: certmanagerv1.IssuerKind} CertManagerClusterIssuerKind = schema.GroupKind{Group: certmanager.GroupName, Kind: certmanagerv1.ClusterIssuerKind} )
var (
ConfigMapGroupKind = schema.GroupKind{Group: corev1.GroupName, Kind: "ConfigMap"}
)
var KuadrantExtAuthProviderName = env.GetString("AUTH_PROVIDER", "kuadrant-authorization")
var NegativePolarityConditions []string
var (
WASMFilterImageURL = env.GetString("RELATED_IMAGE_WASMSHIM", "oci://quay.io/kuadrant/wasm-shim:latest")
)
Functions ¶
func AuthConfigName ¶ added in v0.10.0
AuthConfigName returns the name of Authorino AuthConfig CR.
func EnvoyExtensionPolicyName ¶ added in v0.11.0
func EnvoySecurityPolicyName ¶ added in v0.11.0
func FindRouteParentStatusFunc ¶
func FindRouteParentStatusFunc(route *gatewayapiv1.HTTPRoute, gatewayKey client.ObjectKey, controllerName gatewayapiv1.GatewayController) func(gatewayapiv1.RouteParentStatus) bool
func GetLimitador ¶ added in v0.8.0
func GetLimitador(ctx context.Context, k8sclient client.Client, rlp *kuadrantv1beta2.RateLimitPolicy) (*limitadorv1alpha1.Limitador, error)
func IstioAuthorizationPolicyName ¶ added in v0.10.0
func IstioAuthorizationPolicyName(gwName string, targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) string
IstioAuthorizationPolicyName generates the name of an AuthorizationPolicy.
func LimitadorClusterEnvoyPatchPolicyName ¶ added in v0.11.0
func NewPolicyMachineryController ¶
func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.DynamicClient, logger logr.Logger) *controller.Controller
func WASMPluginName ¶ added in v0.10.0
func WASMPluginName(gw *gatewayapiv1.Gateway) string
Types ¶
type AuthPolicyEnvoySecurityPolicyReconciler ¶ added in v0.11.0
type AuthPolicyEnvoySecurityPolicyReconciler struct {
*reconcilers.BaseReconciler
}
AuthPolicyEnvoySecurityPolicyReconciler reconciles SecurityPolicy objects for auth
func (*AuthPolicyEnvoySecurityPolicyReconciler) SetupWithManager ¶ added in v0.11.0
func (r *AuthPolicyEnvoySecurityPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type AuthPolicyIstioAuthorizationPolicyReconciler ¶ added in v0.11.0
type AuthPolicyIstioAuthorizationPolicyReconciler struct {
*reconcilers.BaseReconciler
}
AuthPolicyIstioAuthorizationPolicyReconciler reconciles IstioAuthorizationPolicy objects for auth
func (*AuthPolicyIstioAuthorizationPolicyReconciler) SetupWithManager ¶ added in v0.11.0
func (r *AuthPolicyIstioAuthorizationPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
type AuthPolicyReconciler ¶ added in v0.2.0
type AuthPolicyReconciler struct {
*reconcilers.BaseReconciler
TargetRefReconciler reconcilers.TargetRefReconciler
// AffectedPolicyMap tracks the affected policies to report their status.
AffectedPolicyMap *kuadrant.AffectedPolicyMap
}
AuthPolicyReconciler reconciles a AuthPolicy object
func (*AuthPolicyReconciler) SetupWithManager ¶ added in v0.2.0
func (r *AuthPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type DNSPolicyReconciler ¶ added in v0.7.0
type DNSPolicyReconciler struct {
*reconcilers.BaseReconciler
TargetRefReconciler reconcilers.TargetRefReconciler
// contains filtered or unexported fields
}
DNSPolicyReconciler reconciles a DNSPolicy object
func (*DNSPolicyReconciler) SetupWithManager ¶ added in v0.7.0
func (r *DNSPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
type DNSPolicyRefsConfig ¶ added in v0.7.0
type DNSPolicyRefsConfig struct{}
type EnvoyGatewayLimitadorClusterReconciler ¶ added in v0.11.0
type EnvoyGatewayLimitadorClusterReconciler struct {
*reconcilers.BaseReconciler
}
EnvoyGatewayLimitadorClusterReconciler reconciles an EnvoyGateway EnvoyPatchPolicy object to setup limitador's cluster on the gateway. It is a requirement for the wasm module to work. https://gateway.envoyproxy.io/latest/api/extension_types/#envoypatchpolicy
func (*EnvoyGatewayLimitadorClusterReconciler) Reconcile ¶ added in v0.11.0
func (r *EnvoyGatewayLimitadorClusterReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error)
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile
func (*EnvoyGatewayLimitadorClusterReconciler) SetupWithManager ¶ added in v0.11.0
func (r *EnvoyGatewayLimitadorClusterReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type EnvoyGatewayWasmReconciler ¶ added in v0.11.0
type EnvoyGatewayWasmReconciler struct {
*reconcilers.BaseReconciler
}
EnvoyGatewayWasmReconciler reconciles an EnvoyGateway EnvoyExtensionPolicy object for the kuadrant's wasm module
func (*EnvoyGatewayWasmReconciler) Reconcile ¶ added in v0.11.0
func (r *EnvoyGatewayWasmReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error)
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile
func (*EnvoyGatewayWasmReconciler) SetupWithManager ¶ added in v0.11.0
func (r *EnvoyGatewayWasmReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type EnvoySecurityPolicyReferenceGrantReconciler ¶ added in v0.11.0
type EnvoySecurityPolicyReferenceGrantReconciler struct {
*reconcilers.BaseReconciler
}
EnvoySecurityPolicyReferenceGrantReconciler reconciles ReferenceGrant objects for auth
func (*EnvoySecurityPolicyReferenceGrantReconciler) SetupWithManager ¶ added in v0.11.0
func (r *EnvoySecurityPolicyReferenceGrantReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type EventLogger ¶
type EventLogger struct{}
func NewEventLogger ¶
func NewEventLogger() *EventLogger
func (*EventLogger) Log ¶
func (e *EventLogger) Log(ctx context.Context, resourceEvents []controller.ResourceEvent, _ *machinery.Topology, err error, _ *sync.Map) error
type GatewayKuadrantReconciler ¶ added in v0.4.0
type GatewayKuadrantReconciler struct {
*reconcilers.BaseReconciler
}
GatewayKuadrantReconciler is responsible of assiging gateways to a kuadrant instances Currently only one kuadrant instance is allowed per cluster This controller will annotate every gateway in the cluster with the namespace of the kuadrant instance TODO: After the RFC defined, we might want to get the gw to label/annotate from Kuadrant.Spec or manual labeling/annotation
func (*GatewayKuadrantReconciler) Reconcile ¶ added in v0.4.0
func (r *GatewayKuadrantReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error)
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile
func (*GatewayKuadrantReconciler) SetupWithManager ¶ added in v0.4.0
func (r *GatewayKuadrantReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type GatewayWrapper ¶
type GatewayWrapper struct {
*gatewayapiv1.Gateway
}
GatewayWrapper is a wrapper for gateway to implement interface form the builder
func NewGatewayWrapper ¶
func NewGatewayWrapper(gateway *gatewayapiv1.Gateway) *GatewayWrapper
func (GatewayWrapper) GetAddresses ¶
func (g GatewayWrapper) GetAddresses() []builder.TargetAddress
type HTTPRouteParentRefsEventMapper ¶ added in v0.4.0
HTTPRouteParentRefsEventMapper is an EventHandler that maps HTTPRoute events to policy events, by going through the parentRefs of the route and finding all policies that target one of its parent resources, thus yielding events for those policies.
func (*HTTPRouteParentRefsEventMapper) MapToAuthPolicy ¶ added in v0.4.0
func (m *HTTPRouteParentRefsEventMapper) MapToAuthPolicy(obj client.Object) []reconcile.Request
func (*HTTPRouteParentRefsEventMapper) MapToRateLimitPolicy ¶ added in v0.4.0
func (m *HTTPRouteParentRefsEventMapper) MapToRateLimitPolicy(obj client.Object) []reconcile.Request
type KuadrantReconciler ¶ added in v0.1.0
type KuadrantReconciler struct {
*reconcilers.BaseReconciler
RestMapper meta.RESTMapper
}
KuadrantReconciler reconciles a Kuadrant object
func (*KuadrantReconciler) Reconcile ¶ added in v0.1.0
func (r *KuadrantReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile
func (*KuadrantReconciler) SetupWithManager ¶ added in v0.1.0
func (r *KuadrantReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type LimitadorClusterEnvoyFilterReconciler ¶ added in v0.4.0
type LimitadorClusterEnvoyFilterReconciler struct {
*reconcilers.BaseReconciler
}
LimitadorClusterEnvoyFilterReconciler reconciles a EnvoyFilter object with limitador's cluster
func (*LimitadorClusterEnvoyFilterReconciler) Reconcile ¶ added in v0.4.0
func (r *LimitadorClusterEnvoyFilterReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error)
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile
func (*LimitadorClusterEnvoyFilterReconciler) SetupWithManager ¶ added in v0.4.0
func (r *LimitadorClusterEnvoyFilterReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type RateLimitPolicyEnforcedStatusReconciler ¶ added in v0.8.0
type RateLimitPolicyEnforcedStatusReconciler struct {
*reconcilers.BaseReconciler
}
func (*RateLimitPolicyEnforcedStatusReconciler) SetupWithManager ¶ added in v0.8.0
func (r *RateLimitPolicyEnforcedStatusReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type RateLimitPolicyReconciler ¶ added in v0.2.0
type RateLimitPolicyReconciler struct {
*reconcilers.BaseReconciler
TargetRefReconciler reconcilers.TargetRefReconciler
}
RateLimitPolicyReconciler reconciles a RateLimitPolicy object
func (*RateLimitPolicyReconciler) Reconcile ¶ added in v0.2.0
func (r *RateLimitPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO(user): Modify the Reconcile function to compare the state specified by the RateLimitPolicy object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user.
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile
func (*RateLimitPolicyReconciler) SetupWithManager ¶ added in v0.2.0
func (r *RateLimitPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type RateLimitingIstioWASMPluginReconciler ¶ added in v0.10.0
type RateLimitingIstioWASMPluginReconciler struct {
*reconcilers.BaseReconciler
}
RateLimitingIstioWASMPluginReconciler reconciles a WASMPlugin object for rate limiting
func (*RateLimitingIstioWASMPluginReconciler) Reconcile ¶ added in v0.10.0
func (r *RateLimitingIstioWASMPluginReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error)
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile
func (*RateLimitingIstioWASMPluginReconciler) SetupWithManager ¶ added in v0.10.0
func (r *RateLimitingIstioWASMPluginReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type TLSPolicyReconciler ¶ added in v0.7.0
type TLSPolicyReconciler struct {
*reconcilers.BaseReconciler
TargetRefReconciler reconcilers.TargetRefReconciler
RestMapper meta.RESTMapper
}
TLSPolicyReconciler reconciles a TLSPolicy object
func (*TLSPolicyReconciler) SetupWithManager ¶ added in v0.7.0
func (r *TLSPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type TargetStatusReconciler ¶ added in v0.7.0
type TargetStatusReconciler struct {
*reconcilers.BaseReconciler
}
TargetStatusReconciler reconciles a the status stanzas of objects targeted by Kuadrant policies
func (*TargetStatusReconciler) SetupWithManager ¶ added in v0.7.0
func (r *TargetStatusReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type TopologyFileReconciler ¶ added in v0.10.0
type TopologyFileReconciler struct {
Client *dynamic.DynamicClient
Namespace string
}
func NewTopologyFileReconciler ¶ added in v0.10.0
func NewTopologyFileReconciler(client *dynamic.DynamicClient, namespace string) *TopologyFileReconciler
func (*TopologyFileReconciler) Reconcile ¶ added in v0.10.0
func (r *TopologyFileReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
Source Files
¶
- authpolicy_authconfig.go
- authpolicy_controller.go
- authpolicy_envoysecuritypolicy_controller.go
- authpolicy_istio_authorizationpolicy_controller.go
- authpolicy_status.go
- dns_helper.go
- dnspolicy_controller.go
- dnspolicy_dnsrecords.go
- dnspolicy_status.go
- envoygateway_limitador_cluster_controller.go
- envoygateway_wasm_controller.go
- envoysecuritypolicy_referencegrant_controller.go
- gateway_kuadrant_controller.go
- httprouteparentrefs_eventmapper.go
- kuadrant_controller.go
- kuadrant_status.go
- limitador_cluster_envoyfilter_controller.go
- limitador_status_to_rlp_gateway_event_handler.go
- rate_limiting_istio_wasmplugin_controller.go
- ratelimitpolicy_controller.go
- ratelimitpolicy_enforced_status_controller.go
- ratelimitpolicy_limits.go
- ratelimitpolicy_status.go
- state_of_the_world.go
- target_status_controller.go
- tlspolicy_certmanager.go
- tlspolicy_certmanager_certificates.go
- tlspolicy_controller.go
- tlspolicy_mappers.go
- tlspolicy_status.go