Documentation
¶
Overview ¶
Package gatekeeperinstaller installs Gatekeeper via Helm.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Installer ¶
Installer installs or upgrades Gatekeeper.
It embeds helmutil.Base to provide standard Helm chart lifecycle management. After the Helm install succeeds it polls the ValidatingWebhookConfiguration until every webhook entry has a non-empty caBundle, ensuring Gatekeeper's admission webhook is fully initialised before workloads are deployed.
func NewInstaller ¶
func NewInstaller( client helm.Interface, kubeconfig, kubeContext string, timeout time.Duration, haEnabled bool, ) *Installer
NewInstaller creates a new Gatekeeper installer instance.
A non-empty kubeconfig is required for the post-install webhook-readiness wait. kubeContext is optional; if empty, the current context is used. Pass an empty kubeconfig to disable webhook waiting (tests or environments without cluster access).
When haEnabled is true the chart is configured with HA defaults (replicas, PDB, topology spread) for the controller-manager.
func (*Installer) Install ¶ added in v7.6.1
Install runs the Helm chart install and then waits for Gatekeeper's ValidatingWebhookConfiguration to have all caBundle fields populated.
Helm reports success once the pods are Running/Ready, but the Gatekeeper cert-controller injects the caBundle asynchronously. Any workload pod created before the caBundle is set may experience a readiness-probe context-cancellation error because the API server forwards the admission request to an endpoint that has not yet completed its TLS handshake setup.
If kubeconfig is empty (e.g. in unit tests), the webhook-readiness wait is skipped and only the Helm install runs.
Source Files