guard

package
v1.30.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 19, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package guard provides admission control logic for ensuring resources are properly defaulted and validated before reconciliation, even when webhooks are not installed.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Admission 

type Admission[T AdmittableObject] struct {
	Defaulter admission.Defaulter[T]
	Validator admission.Validator[T]
}

Admission provides admission control capabilities by wrapping defaulting and validation webhooks for use in controller reconciliation loops.

func (*Admission[T]) EnsureResourceIsAdmitted 

func (g *Admission[T]) EnsureResourceIsAdmitted(ctx context.Context, params AdmissionParams[T]) (ctrl.Result, error)

EnsureResourceIsAdmitted ensures that a resource has been properly defaulted and validated according to the admission webhooks, applying changes if necessary when webhooks are not installed.

type AdmissionParams 

type AdmissionParams[T AdmittableObject] struct {
	Object T
	Client client.Client

	// ApplyChanges must be true only in the reconciler that owns writes to the
	// object. When true, defaulting changes are persisted and validation
	// failures are recorded in the status. When false (for example the instance
	// manager reconciling a Cluster it does not own), the guard works in memory
	// only and waits for the owning reconciler to apply the changes.
	ApplyChanges bool
}

AdmissionParams contains the parameters needed to perform admission control on a resource during reconciliation.

type AdmittableObject 

type AdmittableObject interface {
	client.Object

	// SetAdmissionError records the admission validation error on the status,
	// or clears it when msg is empty.
	SetAdmissionError(msg string)

	// GetAdmissionError returns the admission validation error currently
	// recorded on the status, when the guard is responsible for clearing it.
	// Types whose admission error is cleared by their own reconciler (for
	// example through the phase machinery) return an empty string, so the
	// guard does not race that logic by persisting the clear itself.
	GetAdmissionError() string
}

AdmittableObject represents a Kubernetes object that can be admitted through the guard admission control process, allowing admission errors to be set.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.