constraint

package
v3.18.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2024 License: Apache-2.0 Imports: 47 Imported by: 0

Documentation

Index

Constants

View Source
const (
	BlockVAPBGenerationUntilAnnotation = "gatekeeper.sh/block-vapb-generation-until"
	ErrGenerateVAPBState               = "error"
	GeneratedVAPBState                 = "generated"
	WaitVAPBState                      = "waiting"
)

Variables

View Source
var (
	DefaultGenerateVAPB          = flag.Bool("default-create-vap-binding-for-constraints", false, "(alpha) Create VAPBinding resource for constraint of the template containing VAP-style CEL source. Allowed values are false: do not create Validating Admission Policy Binding, true: create Validating Admission Policy Binding.")
	DefaultGenerateVAP           = flag.Bool("default-create-vap-for-templates", false, "(alpha) Create VAP resource for template containing VAP-style CEL source. Allowed values are false: do not create Validating Admission Policy unless generateVAP: true is set on constraint template explicitly, true: create Validating Admission Policy unless generateVAP: false is set on constraint template explicitly.")
	DefaultWaitForVAPBGeneration = flag.Int("default-wait-for-vapb-generation", 30, "(alpha) Wait time in seconds before generating a ValidatingAdmissionPolicyBinding after a constraint CRD is created.")
)
View Source
var (
	ErrValidatingAdmissionPolicyAPIDisabled = errors.New("ValidatingAdmissionPolicy API is not enabled")
	ErrVAPConditionsNotSatisfied            = errors.New("Conditions are not satisfied to generate ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding")
)

Functions

func ShouldGenerateVAP added in v3.17.0

func ShouldGenerateVAP(ct *templates.ConstraintTemplate) (bool, error)

Types

type Adder

type Adder struct {
	CFClient         *constraintclient.Client
	ConstraintsCache *ConstraintsCache
	WatchManager     *watch.Manager
	ControllerSwitch *watch.ControllerSwitch
	Events           <-chan event.GenericEvent
	Tracker          *readiness.Tracker
	GetPod           func(context.Context) (*corev1.Pod, error)
	ProcessExcluder  *process.Excluder
	// IfWatching allows the reconciler to only execute functions if a constraint
	// template is currently being watched. It is designed to be atomic to avoid
	// race conditions between the constraint controller and the constraint template
	// controller
	IfWatching func(schema.GroupVersionKind, func() error) (bool, error)
}

func (*Adder) Add

func (a *Adder) Add(mgr manager.Manager) error

Add creates a new Constraint Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

func (*Adder) InjectCFClient added in v3.14.0

func (a *Adder) InjectCFClient(c *constraintclient.Client)

func (*Adder) InjectControllerSwitch

func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch)

func (*Adder) InjectTracker

func (a *Adder) InjectTracker(t *readiness.Tracker)

func (*Adder) InjectWatchManager

func (a *Adder) InjectWatchManager(w *watch.Manager)

type ConstraintsCache

type ConstraintsCache struct {
	// contains filtered or unexported fields
}

func NewConstraintsCache

func NewConstraintsCache() *ConstraintsCache

type ReconcileConstraint

type ReconcileConstraint struct {
	// contains filtered or unexported fields
}

ReconcileConstraint reconciles an arbitrary constraint object described by Kind.

func (*ReconcileConstraint) Reconcile

func (r *ReconcileConstraint) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error)

Reconcile reads that state of the cluster for a constraint object and makes changes based on the state read and what is in the constraint.Spec.

type StatsReporter

type StatsReporter interface {
	// contains filtered or unexported methods
}

StatsReporter reports audit metrics.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL