controller

package
v0.17.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2026 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Label and annotation prefixes for the new cloudflare.com API group
	LabelPrefix      = "cloudflare.com/"
	AnnotationPrefix = "cloudflare.com/"

	// Finalizer for cloudflare.com resources
	FinalizerCloudflare = "cloudflare.com/finalizer"

	// Legacy prefixes for backward compatibility with cloudflare-operator.io resources
	LegacyLabelPrefix      = "cloudflare-operator.io/"
	LegacyAnnotationPrefix = "cloudflare-operator.io/"
	LegacyFinalizer        = "cloudflare-operator.io/finalizer"
)

New cloudflare.com API Group constants These will be used for new CRDs (VirtualNetwork, NetworkRoute, etc.)

View Source 
const (
	VirtualNetworkFinalizer = "cloudflare.com/virtualnetwork-finalizer"

	// Labels for VirtualNetwork
	LabelVirtualNetworkName = LabelPrefix + "virtualnetwork-name"
	LabelVirtualNetworkID   = LabelPrefix + "virtualnetwork-id"
)

VirtualNetwork controller constants

View Source 
const (
	NetworkRouteFinalizer = "cloudflare.com/networkroute-finalizer"

	// Labels for NetworkRoute
	LabelNetworkRouteNetwork = LabelPrefix + "networkroute-network"
	LabelNetworkRouteTunnel  = LabelPrefix + "networkroute-tunnel"
)

NetworkRoute controller constants

View Source 
const (
	PrivateServiceFinalizer = "cloudflare.com/privateservice-finalizer"

	// Labels for PrivateService
	LabelPrivateServiceName = LabelPrefix + "privateservice-name"
)

PrivateService controller constants

View Source 
const (
	DeviceSettingsPolicyFinalizer = "cloudflare.com/devicesettingspolicy-finalizer"

	// Labels for DeviceSettingsPolicy
	LabelDeviceSettingsPolicyName = LabelPrefix + "devicesettingspolicy-name"
)

DeviceSettingsPolicy controller constants

View Source 
const (
	// AnnotationLastAppliedConfig stores the last applied configuration for drift detection
	AnnotationLastAppliedConfig = AnnotationPrefix + "last-applied-configuration"

	// AnnotationManagedBy indicates the controller managing the resource
	AnnotationManagedBy = AnnotationPrefix + "managed-by"

	// AnnotationManagedByValue is the value for AnnotationManagedBy
	AnnotationManagedByValue = "cloudflare-operator"
)

Annotations used across controllers

View Source 
const (
	ControllerNameVirtualNetwork       = "VirtualNetwork"
	ControllerNameNetworkRoute         = "NetworkRoute"
	ControllerNamePrivateService       = "PrivateService"
	ControllerNameDeviceSettingsPolicy = "DeviceSettingsPolicy"
)

Controller names for logging and events

View Source 
const (
	// Success events
	EventReasonCreated          = "Created"
	EventReasonUpdated          = "Updated"
	EventReasonDeleted          = "Deleted"
	EventReasonSynced           = "Synced"
	EventReasonReconciled       = "Reconciled"
	EventReasonFinalizerSet     = "FinalizerSet"
	EventReasonFinalizerRemoved = "FinalizerRemoved"
	EventReasonAdopted          = "Adopted"

	// Failure events
	EventReasonCreateFailed     = "CreateFailed"
	EventReasonUpdateFailed     = "UpdateFailed"
	EventReasonDeleteFailed     = "DeleteFailed"
	EventReasonSyncFailed       = "SyncFailed"
	EventReasonReconcileFailed  = "ReconcileFailed"
	EventReasonAPIError         = "APIError"
	EventReasonInvalidConfig    = "InvalidConfig"
	EventReasonDependencyError  = "DependencyError"
	EventReasonAdoptionConflict = "AdoptionConflict"
)

Event reasons

View Source 
const (
	// ManagementMarkerPrefix is the prefix for management markers in comments
	// Format: [managed:kind/namespace/name] or [managed:kind/name] for cluster-scoped
	ManagementMarkerPrefix = "[managed:"
	ManagementMarkerSuffix = "]"
)

Management tracking constants These are used to track which K8s resource manages a Cloudflare resource, preventing adoption race conditions where multiple K8s resources try to manage the same Cloudflare resource.

View Source 
const (
	CredentialsJsonFilename string = "credentials.json"
	CloudflaredLatestImage  string = "cloudflare/cloudflared:latest"
)
View Source 
const (
	// DefaultMaxRetries is the default number of retries for status updates
	DefaultMaxRetries = 5

	// DefaultRetryDelay is the default delay between retries
	DefaultRetryDelay = 100 * time.Millisecond
)
View Source 
const (
	StatePending  = "Pending"
	StateCreating = "Creating"
	StateActive   = "Active"
	StateReady    = "Ready"
	StateError    = "Error"
	StateDeleting = "Deleting"
	StateWarning  = "Warning"
)

State constants for consistent state management across controllers

View Source 
const AdoptionAnnotation = "cloudflare-operator.io/managed-by"

AdoptionAnnotation is the annotation key for marking Cloudflare resources as managed

Variables

This section is empty.

Functions

func BuildManagedComment added in v0.17.3 

func BuildManagedComment(info ManagementInfo, userComment string) string

BuildManagedComment creates a comment with management marker prepended. If userComment is empty, only the marker is returned.

func CanManageResource added in v0.17.3 

func CanManageResource(comment string, info ManagementInfo) bool

CanManageResource checks if the given K8s resource can manage a Cloudflare resource. Returns true if: - The Cloudflare resource has no management marker (first claim) - The management marker matches the K8s resource (same owner) Returns false if the Cloudflare resource is managed by a different K8s resource.

func ExtractUserComment added in v0.17.3 

func ExtractUserComment(comment string) string

ExtractUserComment removes the management marker from a comment and returns the user portion.

func FormatManagedByValue added in v0.17.3 

func FormatManagedByValue(namespace, name string) string

FormatManagedByValue formats the managed-by annotation value

func IsTerminalState added in v0.17.3 

func IsTerminalState(state string) bool

IsTerminalState returns true if the state is a terminal state

func RetryOnConflict added in v0.17.3 

func RetryOnConflict(ctx context.Context, c client.Client, obj client.Object, fn func() error) error

RetryOnConflict retries a function that may return a conflict error This is useful for status updates where optimistic locking may fail

func SetCondition added in v0.17.3 

func SetCondition(conditions *[]metav1.Condition, conditionType string, status metav1.ConditionStatus, reason, message string)

SetCondition is a helper to set a condition on a resource It handles the common pattern of setting conditions with proper timestamps

func SetErrorCondition added in v0.17.3 

func SetErrorCondition(conditions *[]metav1.Condition, err error)

SetErrorCondition sets the Ready condition to False with an error reason

func SetReadyCondition added in v0.17.3 

func SetReadyCondition(conditions *[]metav1.Condition, status metav1.ConditionStatus, reason, message string)

SetReadyCondition is a shorthand for setting the Ready condition

func SetSuccessCondition added in v0.17.3 

func SetSuccessCondition(conditions *[]metav1.Condition, message string)

SetSuccessCondition sets the Ready condition to True

func TunnelNamespacedName 

func TunnelNamespacedName(r GenericTunnelReconciler) apitypes.NamespacedName

func UpdateStatusWithConflictRetry added in v0.17.3 

func UpdateStatusWithConflictRetry(ctx context.Context, c client.Client, obj client.Object, updateFn func()) error

UpdateStatusWithConflictRetry is a convenience function that updates status with retry on conflict

func UpdateWithConflictRetry added in v0.17.3 

func UpdateWithConflictRetry(ctx context.Context, c client.Client, obj client.Object, updateFn func()) error

UpdateWithConflictRetry is a convenience function that updates object with retry on conflict

Types

type AdoptionChecker added in v0.17.3 

type AdoptionChecker struct {
	// ManagedByValue is the value to use for the managed-by annotation
	// typically in the format "namespace/name"
	ManagedByValue string
}

AdoptionChecker provides utilities for checking if Cloudflare resources are already managed by another Kubernetes object

func NewAdoptionChecker added in v0.17.3 

func NewAdoptionChecker(namespace, name string) *AdoptionChecker

NewAdoptionChecker creates a new AdoptionChecker

func (*AdoptionChecker) CheckByName added in v0.17.3 

func (c *AdoptionChecker) CheckByName(name string, lookupFn func(name string) (id string, managedBy string, err error)) AdoptionResult

CheckByName checks if a resource with the given name exists and can be adopted lookupFn should return (id, managedBy, error) for the resource with the given name If the resource is not found, lookupFn should return ("", "", nil)

func (*AdoptionChecker) ConflictError added in v0.17.3 

func (*AdoptionChecker) ConflictError(resourceType, name, existingManager string) error

ConflictError returns an error for adoption conflict

type AdoptionResult added in v0.17.3 

type AdoptionResult struct {
	// Found indicates if the resource was found in Cloudflare
	Found bool
	// CanAdopt indicates if the resource can be adopted by this controller
	CanAdopt bool
	// ExistingID is the ID of the existing resource (if found)
	ExistingID string
	// ManagedBy is the current manager of the resource (if any)
	ManagedBy string
	// Error contains any error that occurred during the check
	Error error
}

AdoptionResult represents the result of an adoption check

func (AdoptionResult) IsAvailable added in v0.17.3 

func (r AdoptionResult) IsAvailable() bool

IsAvailable returns true if the resource is available for adoption (either not found or can be adopted)

type ClusterTunnelAdapter 

type ClusterTunnelAdapter struct {
	Tunnel    *networkingv1alpha2.ClusterTunnel
	Namespace string
}

ClusterTunnelAdapter implementation

func (ClusterTunnelAdapter) DeepCopyTunnel 

func (o ClusterTunnelAdapter) DeepCopyTunnel() Tunnel

func (ClusterTunnelAdapter) GetAnnotations 

func (o ClusterTunnelAdapter) GetAnnotations() map[string]string

func (ClusterTunnelAdapter) GetLabels 

func (o ClusterTunnelAdapter) GetLabels() map[string]string

func (ClusterTunnelAdapter) GetName 

func (o ClusterTunnelAdapter) GetName() string

func (ClusterTunnelAdapter) GetNamespace 

func (o ClusterTunnelAdapter) GetNamespace() string

func (ClusterTunnelAdapter) GetObject 

func (o ClusterTunnelAdapter) GetObject() client.Object

func (ClusterTunnelAdapter) GetSpec 

func (o ClusterTunnelAdapter) GetSpec() networkingv1alpha2.TunnelSpec

func (ClusterTunnelAdapter) GetStatus 

func (o ClusterTunnelAdapter) GetStatus() networkingv1alpha2.TunnelStatus

func (ClusterTunnelAdapter) GetUID 

func (o ClusterTunnelAdapter) GetUID() types.UID

func (ClusterTunnelAdapter) SetAnnotations 

func (o ClusterTunnelAdapter) SetAnnotations(in map[string]string)

func (ClusterTunnelAdapter) SetLabels 

func (o ClusterTunnelAdapter) SetLabels(in map[string]string)

func (ClusterTunnelAdapter) SetStatus 

func (o ClusterTunnelAdapter) SetStatus(in networkingv1alpha2.TunnelStatus)

type ClusterTunnelReconciler 

type ClusterTunnelReconciler struct {
	client.Client
	Scheme    *runtime.Scheme
	Recorder  record.EventRecorder
	Namespace string
	// contains filtered or unexported fields
}

ClusterTunnelReconciler reconciles a ClusterTunnel object

func (*ClusterTunnelReconciler) GetCfAPI 

func (r *ClusterTunnelReconciler) GetCfAPI() *cf.API

func (*ClusterTunnelReconciler) GetCfSecret 

func (r *ClusterTunnelReconciler) GetCfSecret() *corev1.Secret

func (*ClusterTunnelReconciler) GetClient 

func (r *ClusterTunnelReconciler) GetClient() client.Client

func (*ClusterTunnelReconciler) GetContext 

func (r *ClusterTunnelReconciler) GetContext() context.Context

func (*ClusterTunnelReconciler) GetLog 

func (r *ClusterTunnelReconciler) GetLog() logr.Logger

func (*ClusterTunnelReconciler) GetReconciledObject 

func (r *ClusterTunnelReconciler) GetReconciledObject() client.Object

func (*ClusterTunnelReconciler) GetReconcilerName 

func (r *ClusterTunnelReconciler) GetReconcilerName() string

func (*ClusterTunnelReconciler) GetRecorder 

func (r *ClusterTunnelReconciler) GetRecorder() record.EventRecorder

func (*ClusterTunnelReconciler) GetScheme 

func (r *ClusterTunnelReconciler) GetScheme() *runtime.Scheme

func (*ClusterTunnelReconciler) GetTunnel 

func (r *ClusterTunnelReconciler) GetTunnel() Tunnel

func (*ClusterTunnelReconciler) GetTunnelCreds 

func (r *ClusterTunnelReconciler) GetTunnelCreds() string

func (*ClusterTunnelReconciler) Reconcile 

func (r *ClusterTunnelReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO(user): Modify the Reconcile function to compare the state specified by the ClusterTunnel object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user.

For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile

func (*ClusterTunnelReconciler) SetCfAPI 

func (r *ClusterTunnelReconciler) SetCfAPI(in *cf.API)

func (*ClusterTunnelReconciler) SetTunnelCreds 

func (r *ClusterTunnelReconciler) SetTunnelCreds(in string)

func (*ClusterTunnelReconciler) SetupWithManager 

func (r *ClusterTunnelReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type GenericTunnelReconciler 

type GenericTunnelReconciler interface {
	k8s.GenericReconciler

	GetScheme() *runtime.Scheme
	GetTunnel() Tunnel
	GetCfAPI() *cf.API
	SetCfAPI(*cf.API)
	GetCfSecret() *corev1.Secret
	GetTunnelCreds() string
	SetTunnelCreds(string)
}

type ManagementInfo added in v0.17.3 

type ManagementInfo struct {
	Kind      string
	Namespace string // Empty for cluster-scoped resources
	Name      string
}

ManagementInfo represents the K8s resource managing a Cloudflare resource

func GetConflictingManager added in v0.17.3 

func GetConflictingManager(comment string, info ManagementInfo) *ManagementInfo

GetConflictingManager returns the ManagementInfo of the resource that conflicts with the given info. Returns nil if there's no conflict.

func NewManagementInfo added in v0.17.3 

func NewManagementInfo(obj metav1.Object, kind string) ManagementInfo

NewManagementInfo creates a ManagementInfo from a K8s object

func ParseManagementMarker added in v0.17.3 

func ParseManagementMarker(comment string) *ManagementInfo

ParseManagementMarker extracts ManagementInfo from a comment string. Returns nil if no management marker is found.

func (ManagementInfo) Equals added in v0.17.3 

func (m ManagementInfo) Equals(other ManagementInfo) bool

Equals returns true if two ManagementInfo are equal

func (ManagementInfo) String added in v0.17.3 

func (m ManagementInfo) String() string

String returns the management marker string for embedding in comments

type StatusUpdater added in v0.17.3 

type StatusUpdater struct {
	Client     client.Client
	MaxRetries int
	RetryDelay time.Duration
}

StatusUpdater provides utilities for updating resource status with retry logic

func NewStatusUpdater added in v0.17.3 

func NewStatusUpdater(c client.Client) *StatusUpdater

NewStatusUpdater creates a new StatusUpdater with default settings

func (*StatusUpdater) UpdateStatusWithRetry added in v0.17.3 

func (u *StatusUpdater) UpdateStatusWithRetry(ctx context.Context, obj client.Object, updateFn func()) error

UpdateStatusWithRetry updates the status of an object with retry on conflict

func (*StatusUpdater) UpdateWithRetry added in v0.17.3 

func (u *StatusUpdater) UpdateWithRetry(ctx context.Context, obj client.Object, updateFn func()) error

UpdateWithRetry updates an object with retry on conflict

type Tunnel 

type Tunnel interface {
	GetObject() client.Object
	GetNamespace() string
	GetName() string
	GetLabels() map[string]string
	SetLabels(map[string]string)
	GetAnnotations() map[string]string
	SetAnnotations(map[string]string)
	GetSpec() networkingv1alpha2.TunnelSpec
	GetStatus() networkingv1alpha2.TunnelStatus
	SetStatus(networkingv1alpha2.TunnelStatus)
	DeepCopyTunnel() Tunnel
}

type TunnelAdapter 

type TunnelAdapter struct {
	Tunnel *networkingv1alpha2.Tunnel
}

TunnelAdapter implementation

func (TunnelAdapter) DeepCopyTunnel 

func (o TunnelAdapter) DeepCopyTunnel() Tunnel

func (TunnelAdapter) GetAnnotations 

func (o TunnelAdapter) GetAnnotations() map[string]string

func (TunnelAdapter) GetLabels 

func (o TunnelAdapter) GetLabels() map[string]string

func (TunnelAdapter) GetName 

func (o TunnelAdapter) GetName() string

func (TunnelAdapter) GetNamespace 

func (o TunnelAdapter) GetNamespace() string

func (TunnelAdapter) GetObject 

func (o TunnelAdapter) GetObject() client.Object

func (TunnelAdapter) GetSpec 

func (o TunnelAdapter) GetSpec() networkingv1alpha2.TunnelSpec

func (TunnelAdapter) GetStatus 

func (o TunnelAdapter) GetStatus() networkingv1alpha2.TunnelStatus

func (TunnelAdapter) GetUID 

func (o TunnelAdapter) GetUID() types.UID

func (TunnelAdapter) SetAnnotations 

func (o TunnelAdapter) SetAnnotations(in map[string]string)

func (TunnelAdapter) SetLabels 

func (o TunnelAdapter) SetLabels(in map[string]string)

func (TunnelAdapter) SetStatus 

func (o TunnelAdapter) SetStatus(in networkingv1alpha2.TunnelStatus)

type TunnelBindingReconciler 

type TunnelBindingReconciler struct {
	client.Client
	Scheme             *runtime.Scheme
	Recorder           record.EventRecorder
	Namespace          string
	OverwriteUnmanaged bool
	// contains filtered or unexported fields
}

TunnelBindingReconciler reconciles a TunnelBinding object

func (*TunnelBindingReconciler) Reconcile 

func (r *TunnelBindingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state.

For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile

func (*TunnelBindingReconciler) SetupWithManager 

func (r *TunnelBindingReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type TunnelReconciler 

type TunnelReconciler struct {
	client.Client
	Scheme   *runtime.Scheme
	Recorder record.EventRecorder
	// contains filtered or unexported fields
}

TunnelReconciler reconciles a Tunnel object

func (*TunnelReconciler) GetCfAPI 

func (r *TunnelReconciler) GetCfAPI() *cf.API

func (*TunnelReconciler) GetCfSecret 

func (r *TunnelReconciler) GetCfSecret() *corev1.Secret

func (*TunnelReconciler) GetClient 

func (r *TunnelReconciler) GetClient() client.Client

func (*TunnelReconciler) GetContext 

func (r *TunnelReconciler) GetContext() context.Context

func (*TunnelReconciler) GetLog 

func (r *TunnelReconciler) GetLog() logr.Logger

func (*TunnelReconciler) GetReconciledObject 

func (r *TunnelReconciler) GetReconciledObject() client.Object

func (*TunnelReconciler) GetReconcilerName 

func (r *TunnelReconciler) GetReconcilerName() string

func (*TunnelReconciler) GetRecorder 

func (r *TunnelReconciler) GetRecorder() record.EventRecorder

func (*TunnelReconciler) GetScheme 

func (r *TunnelReconciler) GetScheme() *runtime.Scheme

func (*TunnelReconciler) GetTunnel 

func (r *TunnelReconciler) GetTunnel() Tunnel

func (*TunnelReconciler) GetTunnelCreds 

func (r *TunnelReconciler) GetTunnelCreds() string

func (*TunnelReconciler) Reconcile 

func (r *TunnelReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state.

For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.10.0/pkg/reconcile

func (*TunnelReconciler) SetCfAPI 

func (r *TunnelReconciler) SetCfAPI(in *cf.API)

func (*TunnelReconciler) SetTunnelCreds 

func (r *TunnelReconciler) SetTunnelCreds(in string)

func (*TunnelReconciler) SetupWithManager 

func (r *TunnelReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

Source Files

View all Source files

Directories

Path Synopsis
Package accesstunnel contains the code associated with the reconciliation process for the accessTunnel resource
 Package accesstunnel contains the code associated with the reconciliation process for the accessTunnel resource

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.