Documentation
¶
Overview ¶
Package discovery owns flate's filesystem-to-store hydration phase: walking the user's working tree, expanding spec.path references, aliasing in-cluster-bootstrapped sources, rendering ResourceSets, and computing the structural-parent index. The output is everything the reconcile phase needs to start firing controllers — repo root, per-object source files, and the parent index.
Splitting this out of the orchestrator turns a 750-line god-object into two ~350-line files with one clean interface between them. The load phase is independently testable (no controller wiring or task service required) and the orchestrator now reads as pure reconcile orchestration.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FindRepoRoot ¶
FindRepoRoot walks upward from p looking for a .git directory; falls back to p itself when there isn't one.
func ResolveScanPath ¶
ResolveScanPath normalizes a user-supplied --path / --path-orig: absolute, with symlinks resolved. Without symlink resolution filepath.WalkDir doesn't follow root-level symlinks, producing an empty manifest set without any error indication — a footgun.
Types ¶
type Config ¶
type Config struct {
// Path is the scan entry point — the directory the file walker
// starts at (a Flux cluster's entry, e.g. kubernetes/flux/cluster).
Path string
// RepoRoot is the source root that Kustomization spec.path values
// resolve against (the GitRepository artifact root). Supplied
// explicitly by SDK consumers rendering extracted trees that have no
// .git; the CLI defaults it to the .git ancestor of Path. Empty ⇒
// fall back to the .git walk (FindRepoRoot), preserving local
// behavior. Path must sit at or under RepoRoot.
RepoRoot string
// SelfURLs are the remote URL(s) this tree represents. A user-authored
// GitRepository whose spec.url matches one of these is the cluster
// pulling itself; its artifact is aliased to the local tree
// (overrideSelfReferentialGitRepositories) so the offline render
// resolves it. Supplied explicitly by SDK consumers rendering
// extracted trees (no .git/config to read); empty ⇒ fall back to the
// working tree's .git remotes, preserving local behavior.
SelfURLs []string
Store *store.Store
WipeSecrets bool
// ComponentCache, when non-nil, memoizes
// manifest.ReadKustomizeComponents reads across discovery's
// internal passes (parent-index build, orphan promotion, the
// loader's FinalizeGenerators KSPathPrefixes) and any later
// consumer that shares the same pointer (change.Filter,
// finalize.detectOrphans). The orchestrator wires one cache per
// Bootstrap; pass nil for standalone discovery callers (tests,
// embedders) that don't need cross-consumer sharing.
ComponentCache *manifest.ComponentCache
}
Config is the input contract for Run. Store is mandatory.
type Result ¶
type Result struct {
// RepoRoot is the resolved working-tree anchor (with .git ancestor
// walk + symlink resolution applied).
RepoRoot string
// SourceFiles maps each loaded resource to the repo-relative path
// it was parsed from. Consumed by the change filter.
SourceFiles map[manifest.NamedResource]string
// SourceRefs maps each loaded consumer (HelmRelease / Kustomization)
// to the source resources it references. Consumed by the change
// filter's reverse edge so a changed source re-renders the
// HelmReleases that chartRef it even when the source lives in a
// separate Kustomization tree (and the HR never reached the Store
// under DiscoveryOnly).
SourceRefs map[manifest.NamedResource][]manifest.NamedResource
// ParentOf maps each reconcilable resource (Kustomization or
// HelmRelease) to its structural-parent Kustomization — the KS
// whose spec.path is the deepest strict ancestor of the child's
// source file. KS children honor it as a depwait dep so any
// parent-render-time spec mutations (replacements: injecting
// targetNamespace) are visible before the child renders;
// HR children honor it so the first render reads the post-patch
// spec (driftDetection / upgrade strategy / CRD policy overrides
// applied at the cluster-KS level) instead of the pre-patch
// file-loaded copy. Keyed by NamedResource so KS and HR entries
// never collide. Empty when no parent enforcement applies.
ParentOf map[manifest.NamedResource]manifest.NamedResource
// SelfProduce attributes each ConfigMap to the Kustomization(s)
// whose own render subtree emits it (bare-dir → subdir-base →
// component graph, with namespace propagation). collectDeps uses it
// to drop a self-produced postBuild.substituteFrom ConfigMap from
// the dependency set — a KS can't wait on a CM only its own render
// produces. Available in full mode, unlike the changed-only
// producer index.
SelfProduce *loader.SelfProduceIndex
// Producers maps a target Secret to the in-repo ExternalSecret /
// SealedSecret that declares it, seeded by the same self-produce walk.
// The source + HR controllers consult it to skip a missing auth /
// valuesFrom Secret that has a declared producer, without
// --allow-missing-secrets. Augmented at render time by the HR
// controller's EventObjectAdded listener. See manifest.ProducerIndex.
Producers *manifest.ProducerIndex
// Existence holds every file-loaded object the DiscoveryOnly
// loader kept out of the Store: HRs, sources, CMs, Secrets, and
// raw manifests. depwait's missing-dep fallback consults it to
// resolve sibling-rendered substituteFrom CMs without
// deadlocking the parent KS. The orchestrator passes a closure
// over this index into the controllers' Waiter wiring.
Existence *loader.ExistenceIndex
// WipeSecrets reflects the loader's WipeSecrets setting. The
// orchestrator forwards it to lazy-promotion so SOPS Secrets
// stay wiped on demand the same way they were at file-load.
WipeSecrets bool
}
Result summarizes what discovery hydrated into the store.
Source Files
Click to show internal directories.
Click to hide internal directories.