controller

Documentation

Overview

Copyright 2019, Verizon Media Inc. Licensed under the terms of the 3-Clause BSD license. See LICENSE file in github.com/yahoo/k8s-athenz-istio-auth for terms.

Index

• type Controller
  • func NewController(dnsSuffix string, istioClient *crd.Client, k8sClient kubernetes.Interface, ...) *Controller
  • func (c *Controller) Run(stopCh <-chan struct{})

Types

type Controller

type Controller struct {
	// contains filtered or unexported fields
}

func NewController

func NewController(dnsSuffix string, istioClient *crd.Client, k8sClient kubernetes.Interface, adClient adClientset.Interface,
	istioClientSet versioned.Interface, adResyncInterval, crcResyncInterval, apResyncInterval time.Duration, enableOriginJwtSubject bool,
	enableAuthzPolicyController bool, componentsEnabledAuthzPolicy *common.ComponentEnabled, combinationPolicyTag string, enableSpiffeTrustDomain bool,
	systemNamespaces []string, customServicetMap map[string]string, adminDomain string) *Controller

NewController is responsible for creating the main controller object and initializing all of its dependencies:

1. Rate limiting queue
2. Istio custom resource config store cache for service role, service role bindings, and cluster rbac config
3. Onboarding controller responsible for creating / updating / deleting the cluster rbac config object based on a service label
4. Service shared index informer
5. Athenz Domain shared index informer
6. Authorization Policy controller responsible for creating / updating / deleting the authorization policy object based on service annotation and athenz domain spec

func (*Controller) Run

func (c *Controller) Run(stopCh <-chan struct{})

Run starts the main controller loop running sync at every poll interval. It also starts the following controller dependencies: 1. Service informer 2. Istio custom resource informer 3. Athenz Domain informer