Documentation
¶
Index ¶
- Constants
- Variables
- func AuthClusterName(gatewayName string) string
- func AuthConfigNameForPath(pathID string) string
- func AuthObjectLabels() labels.Set
- func CommonLabels() map[string]string
- func FindRouteParentStatusFunc(route *gatewayapiv1.HTTPRoute, gatewayKey client.ObjectKey, ...) func(gatewayapiv1.RouteParentStatus) bool
- func GetAuthorinoFromTopology(topology *machinery.Topology) *authorinooperatorv1beta1.Authorino
- func GetKuadrantFromTopology(topology *machinery.Topology) *kuadrantv1beta1.Kuadrant
- func GetKuadrantFromTopologyDuringDeletion(topology *machinery.Topology) *kuadrantv1beta1.Kuadrant
- func GetLimitadorFromTopology(topology *machinery.Topology) *limitadorv1alpha1.Limitador
- func IsPolicyAccepted(ctx context.Context, p machinery.Policy, s *sync.Map) bool
- func IsTLSPolicyValid(ctx context.Context, s *sync.Map, policy *kuadrantv1.TLSPolicy) (bool, error)
- func KuadrantManagedObjectLabels() labels.Set
- func LimitNameToLimitadorIdentifier(rlpKey k8stypes.NamespacedName, uniqueLimitName string) string
- func LimitsNamespaceFromRoute(route *gatewayapiv1.HTTPRoute) string
- func LinkDNSPolicyToDNSRecord(objs controller.Store) machinery.LinkFunc
- func LinkListenerToCertificateFunc(objs controller.Store) machinery.LinkFunc
- func LinkListenerToDNSRecord(objs controller.Store) machinery.LinkFunc
- func LinkTLSPolicyToClusterIssuerFunc(objs controller.Store) machinery.LinkFunc
- func LinkTLSPolicyToIssuerFunc(objs controller.Store) machinery.LinkFunc
- func NewDNSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, ...) *controller.Workflow
- func NewDataPlanePoliciesWorkflow(mgr controllerruntime.Manager, client *dynamic.DynamicClient, ...) *controller.Workflow
- func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.DynamicClient, logger logr.Logger, ...) (*controller.Controller, error)
- func NewTLSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, ...) *controller.Workflow
- func PolicyAffectedCondition(policyKind string, policies []machinery.Policy) metav1.Condition
- func PolicyAffectedConditionType(policyKind string) string
- func RateLimitClusterName(gatewayName string) string
- func RateLimitObjectLabels() labels.Set
- func TokenLimitNameToLimitadorIdentifier(trlpKey k8stypes.NamespacedName, uniqueLimitName string) string
- func TokenRateLimitObjectLabels() labels.Set
- func TracingClusterName(gatewayName string) string
- func TracingObjectLabels() labels.Set
- type AuthConfigsReconciler
- type AuthPolicyStatusUpdater
- type AuthPolicyValidator
- type AuthorinoIstioIntegrationReconciler
- type AuthorinoReconciler
- type BootOptionsBuilder
- type CertTarget
- type ConsolePluginReconciler
- type DNSPoliciesValidator
- type DNSPolicyStatusUpdater
- type DeveloperPortalReconciler
- type EffectiveAuthPolicies
- type EffectiveAuthPolicy
- type EffectiveAuthPolicyReconciler
- type EffectiveDNSPoliciesReconciler
- type EffectiveRateLimitPolicies
- type EffectiveRateLimitPolicy
- type EffectiveRateLimitPolicyReconciler
- type EffectiveTLSPoliciesReconciler
- type EffectiveTokenRateLimitPolicies
- type EffectiveTokenRateLimitPolicy
- type EffectiveTokenRateLimitPolicyReconciler
- type EnvoyGatewayAuthClusterReconciler
- type EnvoyGatewayExtensionReconciler
- type EnvoyGatewayRateLimitClusterReconciler
- type EnvoyGatewayTracingClusterReconciler
- type EventLogger
- type ExampleExtensionReconciler
- type ExamplePolicy
- type ExamplePolicySpec
- type GatewayPolicyDiscoverabilityReconciler
- type GatewayWrapper
- type HTTPRoutePolicyDiscoverabilityReconciler
- type IstioAuthClusterReconciler
- type IstioExtensionReconciler
- type IstioRateLimitClusterReconciler
- type IstioTracingClusterReconciler
- type KuadrantStatusUpdater
- type LimitadorIstioIntegrationReconciler
- type LimitadorLimitsReconciler
- type LimitadorReconciler
- type ObservabilityReconciler
- type PeerAuthenticationReconciler
- type PolicyMetricsReconciler
- type PolicyStatus
- type RateLimitPolicyStatusUpdater
- type RateLimitPolicyValidator
- type TLSPoliciesValidator
- type TLSPolicyStatusUpdater
- type TokenRateLimitPolicyStatusUpdater
- type TokenRateLimitPolicyValidator
- type TopologyReconciler
Constants ¶
View Source
const ( KuadrantAppName = "kuadrant" PolicyAffectedConditionPattern = "kuadrant.io/%sAffected" // Policy kinds are expected to be named XPolicy FieldManagerName = "kuadrant-operator" )
View Source
const ( DNSRecordKind = "DNSRecord" StateDNSPolicyAcceptedKey = "DNSPolicyValid" StateDNSPolicyErrorsKey = "DNSPolicyErrors" PolicyConditionSubResourcesHealthy gatewayapiv1alpha2.PolicyConditionType = "SubResourcesHealthy" PolicyReasonSubResourcesHealthy gatewayapiv1alpha2.PolicyConditionReason = "SubResourcesHealthy" )
View Source
const ( // State keys StateEnvoyGatewayTracingClustersModified = "EnvoyGatewayTracingClustersModified" StateIstioTracingClustersModified = "IstioTracingClustersModified" )
View Source
const (
LabelListenerReference = "kuadrant.io/listener-name"
)
View Source
const (
ReadyConditionType string = "Ready"
)
View Source
const StateEffectiveTokenRateLimitPolicies = "EffectiveTokenRateLimitPolicies"
View Source
const StateTokenRateLimitPolicyValid = "TokenRateLimitPolicyValid"
View Source
const (
TLSPolicyAcceptedKey = "TLSPolicyValid"
)
View Source
const (
TopologyConfigMapName = "topology"
)
Variables ¶
View Source
var ( StateAuthPolicyValid = "AuthPolicyValid" StateEffectiveAuthPolicies = "EffectiveAuthPolicies" StateModifiedAuthConfigs = "ModifiedAuthConfigs" StateIstioAuthClustersModified = "IstioAuthClustersModified" StateEnvoyGatewayAuthClustersModified = "EnvoyGatewayAuthClustersModified" ErrMissingAuthorino = fmt.Errorf("missing authorino object in the topology") ErrMissingStateEffectiveAuthPolicies = fmt.Errorf("missing auth effective policies stored in the reconciliation state") )
View Source
var ( AppLabelKey = "app" AppLabelValue = KuadrantAppName )
View Source
var ( WASMFilterImageURL = env.GetString("RELATED_IMAGE_WASMSHIM", "quay.io/kuadrant/wasm-shim:latest") // protectedRegistry this defines a default protected registry. If this is in the wasm image URL we add a pull secret name to the WASMPLugin resource ProtectedRegistry = env.GetString("PROTECTED_REGISTRY", "registry.redhat.io") // registryPullSecretName this is the pull secret name we will add to the WASMPlugin if the URL for he image is from the defined PROTECTED_REGISTRY RegistryPullSecretName = "wasm-plugin-pull-secret" StateIstioExtensionsModified = "IstioExtensionsModified" StateEnvoyGatewayExtensionsModified = "EnvoyGatewayExtensionsModified" )
View Source
var ( DNSRecordResource = kuadrantdnsv1alpha1.GroupVersion.WithResource("dnsrecords") DNSRecordGroupKind = schema.GroupKind{Group: kuadrantdnsv1alpha1.GroupVersion.Group, Kind: DNSRecordKind} )
View Source
var ( ErrNoRoutes = fmt.Errorf("no routes attached to any gateway listeners") ErrNoAddresses = fmt.Errorf("no valid status addresses to use on gateway") )
View Source
var ( StateRateLimitPolicyValid = "RateLimitPolicyValid" StateEffectiveRateLimitPolicies = "EffectiveRateLimitPolicies" StateLimitadorLimitsModified = "LimitadorLimitsModified" StateIstioRateLimitClustersModified = "IstioRateLimitClustersModified" StateEnvoyGatewayRateLimitClustersModified = "EnvoyGatewayRateLimitClustersModified" ErrMissingLimitador = fmt.Errorf("missing limitador object in the topology") ErrMissingLimitadorServiceInfo = fmt.Errorf("missing limitador service info in the limitador object") ErrMissingStateEffectiveRateLimitPolicies = fmt.Errorf("missing rate limit effective policies stored in the reconciliation state") ErrMissingStateEffectiveTokenRateLimitPolicies = fmt.Errorf("missing token rate limit effective policies stored in the reconciliation state") )
View Source
var ( CertManagerCertificatesResource = certmanagerv1.SchemeGroupVersion.WithResource("certificates") CertManagerIssuersResource = certmanagerv1.SchemeGroupVersion.WithResource("issuers") CertMangerClusterIssuersResource = certmanagerv1.SchemeGroupVersion.WithResource("clusterissuers") CertManagerCertificateKind = schema.GroupKind{Group: certmanager.GroupName, Kind: certmanagerv1.CertificateKind} CertManagerIssuerKind = schema.GroupKind{Group: certmanager.GroupName, Kind: certmanagerv1.IssuerKind} CertManagerClusterIssuerKind = schema.GroupKind{Group: certmanager.GroupName, Kind: certmanagerv1.ClusterIssuerKind} )
View Source
var (
ConfigMapGroupKind = schema.GroupKind{Group: corev1.GroupName, Kind: "ConfigMap"}
)
View Source
var NegativePolarityConditions []string
Functions ¶
func AuthClusterName ¶
func AuthConfigNameForPath ¶
func AuthObjectLabels ¶
func CommonLabels ¶
func FindRouteParentStatusFunc ¶
func FindRouteParentStatusFunc(route *gatewayapiv1.HTTPRoute, gatewayKey client.ObjectKey, controllerName gatewayapiv1.GatewayController) func(gatewayapiv1.RouteParentStatus) bool
func GetAuthorinoFromTopology ¶
func GetAuthorinoFromTopology(topology *machinery.Topology) *authorinooperatorv1beta1.Authorino
func GetKuadrantFromTopology ¶
func GetKuadrantFromTopology(topology *machinery.Topology) *kuadrantv1beta1.Kuadrant
func GetKuadrantFromTopologyDuringDeletion ¶ added in v1.4.0
func GetKuadrantFromTopologyDuringDeletion(topology *machinery.Topology) *kuadrantv1beta1.Kuadrant
func GetLimitadorFromTopology ¶
func GetLimitadorFromTopology(topology *machinery.Topology) *limitadorv1alpha1.Limitador
func IsPolicyAccepted ¶
func IsTLSPolicyValid ¶
func LimitNameToLimitadorIdentifier ¶
func LimitNameToLimitadorIdentifier(rlpKey k8stypes.NamespacedName, uniqueLimitName string) string
func LimitsNamespaceFromRoute ¶
func LimitsNamespaceFromRoute(route *gatewayapiv1.HTTPRoute) string
func LinkDNSPolicyToDNSRecord ¶
func LinkDNSPolicyToDNSRecord(objs controller.Store) machinery.LinkFunc
func LinkListenerToCertificateFunc ¶
func LinkListenerToCertificateFunc(objs controller.Store) machinery.LinkFunc
func LinkListenerToDNSRecord ¶
func LinkListenerToDNSRecord(objs controller.Store) machinery.LinkFunc
func LinkTLSPolicyToClusterIssuerFunc ¶
func LinkTLSPolicyToClusterIssuerFunc(objs controller.Store) machinery.LinkFunc
func LinkTLSPolicyToIssuerFunc ¶
func LinkTLSPolicyToIssuerFunc(objs controller.Store) machinery.LinkFunc
func NewDNSWorkflow ¶
func NewDNSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, isGatewayAPIInstalled, isDNSOperatorInstalled bool) *controller.Workflow
func NewDataPlanePoliciesWorkflow ¶
func NewDataPlanePoliciesWorkflow(mgr controllerruntime.Manager, client *dynamic.DynamicClient, isGatewayAPInstalled, isIstioInstalled, isEnvoyGatewayInstalled, isLimitadorOperatorInstalled, isAuthorinoOperatorInstalled bool) *controller.Workflow
func NewPolicyMachineryController ¶
func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.DynamicClient, logger logr.Logger, opts ...controller.ControllerOption) (*controller.Controller, error)
func NewTLSWorkflow ¶
func NewTLSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, isGatewayAPIInstalled, isCertManagerInstalled bool) *controller.Workflow
func PolicyAffectedCondition ¶
func RateLimitClusterName ¶
func RateLimitObjectLabels ¶
func TokenLimitNameToLimitadorIdentifier ¶ added in v1.3.0
func TokenLimitNameToLimitadorIdentifier(trlpKey k8stypes.NamespacedName, uniqueLimitName string) string
TokenLimitNameToLimitadorIdentifier converts a token rate limit policy and limit name to a unique Limitador ident
func TokenRateLimitObjectLabels ¶ added in v1.3.0
func TracingClusterName ¶ added in v1.4.0
TracingClusterName returns the name for the tracing cluster EnvoyFilter/EnvoyPatchPolicy
func TracingObjectLabels ¶ added in v1.4.0
TracingObjectLabels returns labels for tracing-related objects
Types ¶
type AuthConfigsReconciler ¶
type AuthConfigsReconciler struct {
// contains filtered or unexported fields
}
func (*AuthConfigsReconciler) Reconcile ¶
func (r *AuthConfigsReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*AuthConfigsReconciler) Subscription ¶
func (r *AuthConfigsReconciler) Subscription() controller.Subscription
AuthConfigsReconciler subscribes to events with potential to change Authorino AuthConfig custom resources
type AuthPolicyStatusUpdater ¶
type AuthPolicyStatusUpdater struct {
// contains filtered or unexported fields
}
func (*AuthPolicyStatusUpdater) Subscription ¶
func (r *AuthPolicyStatusUpdater) Subscription() controller.Subscription
AuthPolicyStatusUpdater reconciles to events with impact to change the status of AuthPolicy resources
func (*AuthPolicyStatusUpdater) UpdateStatus ¶
func (r *AuthPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
type AuthPolicyValidator ¶
type AuthPolicyValidator struct {
// contains filtered or unexported fields
}
func (*AuthPolicyValidator) Subscription ¶
func (r *AuthPolicyValidator) Subscription() controller.Subscription
AuthPolicyValidator subscribes to events with potential to flip the validity of auth policies
func (*AuthPolicyValidator) Validate ¶
func (r *AuthPolicyValidator) Validate(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
type AuthorinoIstioIntegrationReconciler ¶ added in v1.3.0
type AuthorinoIstioIntegrationReconciler struct {
*reconcilers.BaseReconciler
Client *dynamic.DynamicClient
}
func NewAuthorinoIstioIntegrationReconciler ¶ added in v1.3.0
func NewAuthorinoIstioIntegrationReconciler(mgr controllerruntime.Manager, client *dynamic.DynamicClient) *AuthorinoIstioIntegrationReconciler
func (*AuthorinoIstioIntegrationReconciler) Run ¶ added in v1.3.0
func (a *AuthorinoIstioIntegrationReconciler) Run(baseCtx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*AuthorinoIstioIntegrationReconciler) Subscription ¶ added in v1.3.0
func (a *AuthorinoIstioIntegrationReconciler) Subscription() *controller.Subscription
type AuthorinoReconciler ¶
type AuthorinoReconciler struct {
Client *dynamic.DynamicClient
}
func NewAuthorinoReconciler ¶
func NewAuthorinoReconciler(client *dynamic.DynamicClient) *AuthorinoReconciler
func (*AuthorinoReconciler) Reconcile ¶
func (r *AuthorinoReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
func (*AuthorinoReconciler) Subscription ¶
func (r *AuthorinoReconciler) Subscription() *controller.Subscription
type BootOptionsBuilder ¶
type BootOptionsBuilder struct {
// contains filtered or unexported fields
}
func NewBootOptionsBuilder ¶
func NewBootOptionsBuilder(manager ctrlruntime.Manager, client *dynamic.DynamicClient, logger logr.Logger) *BootOptionsBuilder
NewBootOptionsBuilder is used to return a list of controller.ControllerOption and a controller.ReconcileFunc that depend on if external dependent CRDs are installed at boot time
func (*BootOptionsBuilder) Reconciler ¶
func (b *BootOptionsBuilder) Reconciler() controller.ReconcileFunc
type CertTarget ¶
type CertTarget struct {
// contains filtered or unexported fields
}
type ConsolePluginReconciler ¶
type ConsolePluginReconciler struct {
*reconcilers.BaseReconciler
// contains filtered or unexported fields
}
func NewConsolePluginReconciler ¶
func NewConsolePluginReconciler(mgr ctrlruntime.Manager, namespace string) *ConsolePluginReconciler
func (*ConsolePluginReconciler) Run ¶
func (r *ConsolePluginReconciler) Run(eventCtx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
func (*ConsolePluginReconciler) Subscription ¶
func (r *ConsolePluginReconciler) Subscription() *controller.Subscription
type DNSPoliciesValidator ¶
type DNSPoliciesValidator struct {
// contains filtered or unexported fields
}
func NewDNSPoliciesValidator ¶
func NewDNSPoliciesValidator(isGatewayAPIInstalled, isDNSOperatorInstalled bool) *DNSPoliciesValidator
func (*DNSPoliciesValidator) Subscription ¶
func (r *DNSPoliciesValidator) Subscription() controller.Subscription
type DNSPolicyStatusUpdater ¶
type DNSPolicyStatusUpdater struct {
// contains filtered or unexported fields
}
func NewDNSPolicyStatusUpdater ¶
func NewDNSPolicyStatusUpdater(client *dynamic.DynamicClient) *DNSPolicyStatusUpdater
func (*DNSPolicyStatusUpdater) Subscription ¶
func (r *DNSPolicyStatusUpdater) Subscription() controller.Subscription
type DeveloperPortalReconciler ¶ added in v1.4.0
type DeveloperPortalReconciler struct {
*reconcilers.BaseReconciler
}
func NewDeveloperPortalReconciler ¶ added in v1.4.0
func NewDeveloperPortalReconciler(mgr ctrlruntime.Manager) *DeveloperPortalReconciler
func (*DeveloperPortalReconciler) Reconcile ¶ added in v1.4.0
func (r *DeveloperPortalReconciler) Reconcile(baseCtx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
func (*DeveloperPortalReconciler) Subscription ¶ added in v1.4.0
func (r *DeveloperPortalReconciler) Subscription() *controller.Subscription
type EffectiveAuthPolicies ¶
type EffectiveAuthPolicies map[string]EffectiveAuthPolicy
type EffectiveAuthPolicy ¶
type EffectiveAuthPolicy struct {
Path []machinery.Targetable
Spec kuadrantv1.AuthPolicy
SourcePolicies []string
}
type EffectiveAuthPolicyReconciler ¶
type EffectiveAuthPolicyReconciler struct {
// contains filtered or unexported fields
}
func (*EffectiveAuthPolicyReconciler) Reconcile ¶
func (r *EffectiveAuthPolicyReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*EffectiveAuthPolicyReconciler) Subscription ¶
func (r *EffectiveAuthPolicyReconciler) Subscription() controller.Subscription
Subscription subscribe to the same events as rate limit because they are used together to compose gateway extension resources
type EffectiveDNSPoliciesReconciler ¶
type EffectiveDNSPoliciesReconciler struct {
// contains filtered or unexported fields
}
func NewEffectiveDNSPoliciesReconciler ¶
func NewEffectiveDNSPoliciesReconciler(client *dynamic.DynamicClient, scheme *runtime.Scheme) *EffectiveDNSPoliciesReconciler
func (*EffectiveDNSPoliciesReconciler) Subscription ¶
func (r *EffectiveDNSPoliciesReconciler) Subscription() controller.Subscription
type EffectiveRateLimitPolicies ¶
type EffectiveRateLimitPolicies map[string]EffectiveRateLimitPolicy
type EffectiveRateLimitPolicy ¶
type EffectiveRateLimitPolicy struct {
Path []machinery.Targetable
Spec kuadrantv1.RateLimitPolicy
SourcePolicies []string
}
type EffectiveRateLimitPolicyReconciler ¶
type EffectiveRateLimitPolicyReconciler struct {
// contains filtered or unexported fields
}
func (*EffectiveRateLimitPolicyReconciler) Reconcile ¶
func (r *EffectiveRateLimitPolicyReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*EffectiveRateLimitPolicyReconciler) Subscription ¶
func (r *EffectiveRateLimitPolicyReconciler) Subscription() controller.Subscription
EffectiveRateLimitPolicyReconciler subscribe to the same events as auth because they are used together to compose gateway extension resources
type EffectiveTLSPoliciesReconciler ¶
type EffectiveTLSPoliciesReconciler struct {
// contains filtered or unexported fields
}
func NewEffectiveTLSPoliciesReconciler ¶
func NewEffectiveTLSPoliciesReconciler(client *dynamic.DynamicClient, scheme *runtime.Scheme) *EffectiveTLSPoliciesReconciler
func (*EffectiveTLSPoliciesReconciler) Reconcile ¶
func (t *EffectiveTLSPoliciesReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, s *sync.Map) error
func (*EffectiveTLSPoliciesReconciler) Subscription ¶
func (t *EffectiveTLSPoliciesReconciler) Subscription() *controller.Subscription
type EffectiveTokenRateLimitPolicies ¶ added in v1.3.0
type EffectiveTokenRateLimitPolicies map[string]EffectiveTokenRateLimitPolicy
type EffectiveTokenRateLimitPolicy ¶ added in v1.3.0
type EffectiveTokenRateLimitPolicy struct {
Path []machinery.Targetable
Spec kuadrantv1alpha1.TokenRateLimitPolicy
SourcePolicies []string
}
type EffectiveTokenRateLimitPolicyReconciler ¶ added in v1.3.0
type EffectiveTokenRateLimitPolicyReconciler struct {
// contains filtered or unexported fields
}
func (*EffectiveTokenRateLimitPolicyReconciler) Reconcile ¶ added in v1.3.0
func (r *EffectiveTokenRateLimitPolicyReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*EffectiveTokenRateLimitPolicyReconciler) Subscription ¶ added in v1.3.0
func (r *EffectiveTokenRateLimitPolicyReconciler) Subscription() controller.Subscription
EffectiveTokenRateLimitPolicyReconciler subscribe to the same events as auth because they are used together to compose gateway extension resources
type EnvoyGatewayAuthClusterReconciler ¶
type EnvoyGatewayAuthClusterReconciler struct {
// contains filtered or unexported fields
}
EnvoyGatewayAuthClusterReconciler reconciles Envoy Gateway EnvoyPatchPolicy custom resources for auth
func (*EnvoyGatewayAuthClusterReconciler) Reconcile ¶
func (r *EnvoyGatewayAuthClusterReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*EnvoyGatewayAuthClusterReconciler) Subscription ¶
func (r *EnvoyGatewayAuthClusterReconciler) Subscription() controller.Subscription
EnvoyGatewayAuthClusterReconciler subscribes to events with potential impact on the Envoy Gateway EnvoyPatchPolicy custom resources for auth
type EnvoyGatewayExtensionReconciler ¶
type EnvoyGatewayExtensionReconciler struct {
// contains filtered or unexported fields
}
EnvoyGatewayExtensionReconciler reconciles Envoy Gateway EnvoyExtensionPolicy custom resources
func (*EnvoyGatewayExtensionReconciler) Reconcile ¶
func (r *EnvoyGatewayExtensionReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*EnvoyGatewayExtensionReconciler) Subscription ¶
func (r *EnvoyGatewayExtensionReconciler) Subscription() controller.Subscription
EnvoyGatewayExtensionReconciler subscribes to events with potential impact on the Envoy Gateway EnvoyExtensionPolicy custom resources
type EnvoyGatewayRateLimitClusterReconciler ¶
type EnvoyGatewayRateLimitClusterReconciler struct {
// contains filtered or unexported fields
}
EnvoyGatewayRateLimitClusterReconciler reconciles Envoy Gateway EnvoyPatchPolicy custom resources for rate limiting
func (*EnvoyGatewayRateLimitClusterReconciler) Reconcile ¶
func (r *EnvoyGatewayRateLimitClusterReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*EnvoyGatewayRateLimitClusterReconciler) Subscription ¶
func (r *EnvoyGatewayRateLimitClusterReconciler) Subscription() controller.Subscription
EnvoyGatewayRateLimitClusterReconciler subscribes to events with potential impact on the Envoy Gateway EnvoyPatchPolicy custom resources for rate limiting
type EnvoyGatewayTracingClusterReconciler ¶ added in v1.4.0
type EnvoyGatewayTracingClusterReconciler struct {
// contains filtered or unexported fields
}
EnvoyGatewayTracingClusterReconciler reconciles Envoy Gateway EnvoyPatchPolicy custom resources for tracing
func (*EnvoyGatewayTracingClusterReconciler) Reconcile ¶ added in v1.4.0
func (r *EnvoyGatewayTracingClusterReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*EnvoyGatewayTracingClusterReconciler) Subscription ¶ added in v1.4.0
func (r *EnvoyGatewayTracingClusterReconciler) Subscription() controller.Subscription
Subscription subscribes to events with potential impact on the Envoy Gateway EnvoyPatchPolicy custom resources for tracing
type EventLogger ¶
type EventLogger struct{}
func NewEventLogger ¶
func NewEventLogger() *EventLogger
func (*EventLogger) Log ¶
func (e *EventLogger) Log(ctx context.Context, resourceEvents []controller.ResourceEvent, _ *machinery.Topology, err error, _ *sync.Map) error
type ExampleExtensionReconciler ¶ added in v1.3.0
type ExampleExtensionReconciler struct {
}
type ExamplePolicy ¶ added in v1.3.0
type ExamplePolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ExamplePolicySpec `json:"spec,omitempty"`
}
func (*ExamplePolicy) DeepCopyObject ¶ added in v1.3.0
func (e *ExamplePolicy) DeepCopyObject() runtime.Object
func (*ExamplePolicy) GetTargetRefs ¶ added in v1.3.0
func (e *ExamplePolicy) GetTargetRefs() []gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName
type ExamplePolicySpec ¶ added in v1.3.0
type ExamplePolicySpec struct {
TargetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"`
}
type GatewayPolicyDiscoverabilityReconciler ¶
type GatewayPolicyDiscoverabilityReconciler struct {
Client *dynamic.DynamicClient
}
func NewGatewayPolicyDiscoverabilityReconciler ¶
func NewGatewayPolicyDiscoverabilityReconciler(client *dynamic.DynamicClient) *GatewayPolicyDiscoverabilityReconciler
func (*GatewayPolicyDiscoverabilityReconciler) Subscription ¶
func (r *GatewayPolicyDiscoverabilityReconciler) Subscription() *controller.Subscription
type GatewayWrapper ¶
type GatewayWrapper struct {
*gatewayapiv1.Gateway
// contains filtered or unexported fields
}
GatewayWrapper is a wrapper for gateway to implement interface from the builder
func NewGatewayWrapper ¶
func NewGatewayWrapper(gateway *gatewayapiv1.Gateway) *GatewayWrapper
func (*GatewayWrapper) GetAddresses ¶
func (g *GatewayWrapper) GetAddresses() []builder.TargetAddress
func (*GatewayWrapper) RemoveExcludedStatusAddresses ¶
func (g *GatewayWrapper) RemoveExcludedStatusAddresses(p *kuadrantv1.DNSPolicy) error
type HTTPRoutePolicyDiscoverabilityReconciler ¶
type HTTPRoutePolicyDiscoverabilityReconciler struct {
Client *dynamic.DynamicClient
}
func NewHTTPRoutePolicyDiscoverabilityReconciler ¶
func NewHTTPRoutePolicyDiscoverabilityReconciler(client *dynamic.DynamicClient) *HTTPRoutePolicyDiscoverabilityReconciler
func (*HTTPRoutePolicyDiscoverabilityReconciler) Subscription ¶
func (r *HTTPRoutePolicyDiscoverabilityReconciler) Subscription() *controller.Subscription
type IstioAuthClusterReconciler ¶
type IstioAuthClusterReconciler struct {
// contains filtered or unexported fields
}
IstioAuthClusterReconciler reconciles Istio EnvoyFilter custom resources for auth
func (*IstioAuthClusterReconciler) Reconcile ¶
func (r *IstioAuthClusterReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*IstioAuthClusterReconciler) Subscription ¶
func (r *IstioAuthClusterReconciler) Subscription() controller.Subscription
IstioAuthClusterReconciler subscribes to events with potential impact on the Istio EnvoyFilter custom resources for auth
type IstioExtensionReconciler ¶
type IstioExtensionReconciler struct {
// contains filtered or unexported fields
}
IstioExtensionReconciler reconciles Istio WasmPlugin custom resources
func (*IstioExtensionReconciler) Reconcile ¶
func (r *IstioExtensionReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*IstioExtensionReconciler) Subscription ¶
func (r *IstioExtensionReconciler) Subscription() controller.Subscription
IstioExtensionReconciler subscribes to events with potential impact on the Istio WasmPlugin custom resources
type IstioRateLimitClusterReconciler ¶
type IstioRateLimitClusterReconciler struct {
// contains filtered or unexported fields
}
IstioRateLimitClusterReconciler reconciles Istio EnvoyFilter custom resources for rate limiting
func (*IstioRateLimitClusterReconciler) Reconcile ¶
func (r *IstioRateLimitClusterReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*IstioRateLimitClusterReconciler) Subscription ¶
func (r *IstioRateLimitClusterReconciler) Subscription() controller.Subscription
IstioRateLimitClusterReconciler subscribes to events with potential impact on the Istio EnvoyFilter custom resources for rate limiting
type IstioTracingClusterReconciler ¶ added in v1.4.0
type IstioTracingClusterReconciler struct {
// contains filtered or unexported fields
}
IstioTracingClusterReconciler reconciles Istio EnvoyFilter custom resources for tracing
func (*IstioTracingClusterReconciler) Reconcile ¶ added in v1.4.0
func (r *IstioTracingClusterReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*IstioTracingClusterReconciler) Subscription ¶ added in v1.4.0
func (r *IstioTracingClusterReconciler) Subscription() controller.Subscription
Subscription subscribes to events with potential impact on the Istio EnvoyFilter custom resources for tracing
type KuadrantStatusUpdater ¶
type KuadrantStatusUpdater struct {
Client *dynamic.DynamicClient
// contains filtered or unexported fields
}
func NewKuadrantStatusUpdater ¶
func NewKuadrantStatusUpdater(client *dynamic.DynamicClient, isGatewayAPIInstalled, isGatewayProviderInstalled, isLimitadorOperatorInstalled, isAuthorinoOperatorInstalled bool) *KuadrantStatusUpdater
func (*KuadrantStatusUpdater) Reconcile ¶
func (r *KuadrantStatusUpdater) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*KuadrantStatusUpdater) Subscription ¶
func (r *KuadrantStatusUpdater) Subscription() *controller.Subscription
type LimitadorIstioIntegrationReconciler ¶ added in v1.3.0
type LimitadorIstioIntegrationReconciler struct {
*reconcilers.BaseReconciler
Client *dynamic.DynamicClient
}
func NewLimitadorIstioIntegrationReconciler ¶ added in v1.3.0
func NewLimitadorIstioIntegrationReconciler(mgr controllerruntime.Manager, client *dynamic.DynamicClient) *LimitadorIstioIntegrationReconciler
func (*LimitadorIstioIntegrationReconciler) Run ¶ added in v1.3.0
func (l *LimitadorIstioIntegrationReconciler) Run(baseCtx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*LimitadorIstioIntegrationReconciler) Subscription ¶ added in v1.3.0
func (l *LimitadorIstioIntegrationReconciler) Subscription() *controller.Subscription
type LimitadorLimitsReconciler ¶
type LimitadorLimitsReconciler struct {
// contains filtered or unexported fields
}
func (*LimitadorLimitsReconciler) Reconcile ¶
func (r *LimitadorLimitsReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*LimitadorLimitsReconciler) Subscription ¶
func (r *LimitadorLimitsReconciler) Subscription() controller.Subscription
LimitadorLimitsReconciler reconciles to events with impact to change the state of the Limitador custom resources regarding the definitions for the effective rate limit policies
type LimitadorReconciler ¶
type LimitadorReconciler struct {
Client *dynamic.DynamicClient
}
func NewLimitadorReconciler ¶
func NewLimitadorReconciler(client *dynamic.DynamicClient) *LimitadorReconciler
func (*LimitadorReconciler) Reconcile ¶
func (r *LimitadorReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
func (*LimitadorReconciler) Subscription ¶
func (r *LimitadorReconciler) Subscription() *controller.Subscription
type ObservabilityReconciler ¶
type ObservabilityReconciler struct {
*reconcilers.BaseReconciler
Client *dynamic.DynamicClient
// contains filtered or unexported fields
}
func NewObservabilityReconciler ¶
func NewObservabilityReconciler(client *dynamic.DynamicClient, mgr ctrlruntime.Manager, namespace string) *ObservabilityReconciler
func (*ObservabilityReconciler) Reconcile ¶
func (r *ObservabilityReconciler) Reconcile(baseCtx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
func (*ObservabilityReconciler) Subscription ¶
func (r *ObservabilityReconciler) Subscription() *controller.Subscription
type PeerAuthenticationReconciler ¶ added in v1.3.0
type PeerAuthenticationReconciler struct {
*reconcilers.BaseReconciler
Client *dynamic.DynamicClient
}
func NewPeerAuthenticationReconciler ¶ added in v1.3.0
func NewPeerAuthenticationReconciler(mgr controllerruntime.Manager, client *dynamic.DynamicClient) *PeerAuthenticationReconciler
func (*PeerAuthenticationReconciler) Run ¶ added in v1.3.0
func (p *PeerAuthenticationReconciler) Run(baseCtx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
func (*PeerAuthenticationReconciler) Subscription ¶ added in v1.3.0
func (p *PeerAuthenticationReconciler) Subscription() *controller.Subscription
type PolicyMetricsReconciler ¶ added in v1.4.0
type PolicyMetricsReconciler struct{}
PolicyMetricsReconciler emits Prometheus metrics for all Kuadrant policies
func NewPolicyMetricsReconciler ¶ added in v1.4.0
func NewPolicyMetricsReconciler() *PolicyMetricsReconciler
NewPolicyMetricsReconciler creates a new PolicyMetricsReconciler
func (*PolicyMetricsReconciler) Reconcile ¶ added in v1.4.0
func (r *PolicyMetricsReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
Reconcile collects and emits metrics for all policies in the topology. This reconciler automatically discovers and tracks all policy types by grouping policies by their Kind. Currently includes core policies: AuthPolicy, RateLimitPolicy, DNSPolicy, TLSPolicy, and TokenRateLimitPolicy. Note: Extension policies (OIDCPolicy, PlanPolicy, TelemetryPolicy) are not part of the topology and are not tracked.
type PolicyStatus ¶ added in v1.4.0
type PolicyStatus string
PolicyStatus represents the enforcement status of a policy
const ( PolicyStatusTrue PolicyStatus = "true" PolicyStatusFalse PolicyStatus = "false" )
type RateLimitPolicyStatusUpdater ¶
type RateLimitPolicyStatusUpdater struct {
// contains filtered or unexported fields
}
func (*RateLimitPolicyStatusUpdater) Subscription ¶
func (r *RateLimitPolicyStatusUpdater) Subscription() controller.Subscription
RateLimitPolicyStatusUpdater subscribe to events with potential impact on the status of RateLimitPolicy resources
func (*RateLimitPolicyStatusUpdater) UpdateStatus ¶
func (r *RateLimitPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
type RateLimitPolicyValidator ¶
type RateLimitPolicyValidator struct {
// contains filtered or unexported fields
}
func (*RateLimitPolicyValidator) Subscription ¶
func (r *RateLimitPolicyValidator) Subscription() controller.Subscription
RateLimitPolicyValidator subscribes to events with potential to flip the validity of rate limit policies
func (*RateLimitPolicyValidator) Validate ¶
func (r *RateLimitPolicyValidator) Validate(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
type TLSPoliciesValidator ¶
type TLSPoliciesValidator struct {
// contains filtered or unexported fields
}
func NewTLSPoliciesValidator ¶
func NewTLSPoliciesValidator(isGatewayAPIInstalled, isCertManagerInstalled bool) *TLSPoliciesValidator
func (*TLSPoliciesValidator) Subscription ¶
func (r *TLSPoliciesValidator) Subscription() *controller.Subscription
func (*TLSPoliciesValidator) Validate ¶
func (r *TLSPoliciesValidator) Validate(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
type TLSPolicyStatusUpdater ¶
type TLSPolicyStatusUpdater struct {
Client *dynamic.DynamicClient
}
func NewTLSPolicyStatusUpdater ¶
func NewTLSPolicyStatusUpdater(client *dynamic.DynamicClient) *TLSPolicyStatusUpdater
func (*TLSPolicyStatusUpdater) Subscription ¶
func (t *TLSPolicyStatusUpdater) Subscription() *controller.Subscription
func (*TLSPolicyStatusUpdater) UpdateStatus ¶
func (t *TLSPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, s *sync.Map) error
type TokenRateLimitPolicyStatusUpdater ¶ added in v1.3.0
type TokenRateLimitPolicyStatusUpdater struct {
// contains filtered or unexported fields
}
func NewTokenRateLimitPolicyStatusUpdater ¶ added in v1.3.0
func NewTokenRateLimitPolicyStatusUpdater(client *dynamic.DynamicClient) *TokenRateLimitPolicyStatusUpdater
func (*TokenRateLimitPolicyStatusUpdater) Subscription ¶ added in v1.3.0
func (r *TokenRateLimitPolicyStatusUpdater) Subscription() controller.Subscription
TokenRateLimitPolicyStatusUpdater subscribes to events with potential impact on the status of TokenRateLimitPolicy resources
func (*TokenRateLimitPolicyStatusUpdater) UpdateStatus ¶ added in v1.3.0
func (r *TokenRateLimitPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
type TokenRateLimitPolicyValidator ¶ added in v1.3.0
type TokenRateLimitPolicyValidator struct {
// contains filtered or unexported fields
}
func (*TokenRateLimitPolicyValidator) Subscription ¶ added in v1.3.0
func (r *TokenRateLimitPolicyValidator) Subscription() controller.Subscription
TokenRateLimitPolicyValidator subscribes to events with potential to flip the validity of token rate limit policies
func (*TokenRateLimitPolicyValidator) Validate ¶ added in v1.3.0
func (r *TokenRateLimitPolicyValidator) Validate(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error
type TopologyReconciler ¶
type TopologyReconciler struct {
Client *dynamic.DynamicClient
Namespace string
}
func NewTopologyReconciler ¶
func NewTopologyReconciler(client *dynamic.DynamicClient, namespace string) *TopologyReconciler
func (*TopologyReconciler) Reconcile ¶
func (r *TopologyReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, _ *sync.Map) error
Source Files
¶
- auth_policies_validator.go
- auth_policy_status_updater.go
- auth_workflow_helpers.go
- authconfigs_reconciler.go
- authorino_istio_integration_reconciler.go
- authorino_reconciler.go
- cluster_patch_helpers.go
- common.go
- consoleplugin_reconciler.go
- data_plane_policies_workflow.go
- developerportal_reconciler.go
- dns_workflow.go
- dnspolicies_validator.go
- dnspolicy_dnsrecords.go
- dnspolicy_metrics.go
- dnspolicy_status_updater.go
- effective_auth_policies_reconciler.go
- effective_dnspolicies_reconciler.go
- effective_ratelimit_policies_reconciler.go
- effective_tls_policies_reconciler.go
- effective_tokenratelimit_policies_reconciler.go
- envoy_gateway_auth_cluster_reconciler.go
- envoy_gateway_extension_reconciler.go
- envoy_gateway_ratelimit_cluster_reconciler.go
- envoy_gateway_tracing_cluster_reconciler.go
- event_logger.go
- example_extension_reconciler.go
- gateway_policy_discoverability_reconciler.go
- httproute_policy_discoverability_reconciler.go
- istio_auth_cluster_reconciler.go
- istio_extension_reconciler.go
- istio_peerauthentication_reconciler.go
- istio_ratelimit_cluster_reconciler.go
- istio_tracing_cluster_reconciler.go
- kuadrant_status_updater.go
- limitador_istio_integration_reconciler.go
- limitador_limits_reconciler.go
- limitador_reconciler.go
- observability_reconciler.go
- policy_metrics.go
- ratelimit_policies_validator.go
- ratelimit_policy_status_updater.go
- ratelimit_workflow_helpers.go
- state_of_the_world.go
- tls_workflow.go
- tlspolicies_validator.go
- tlspolicy_status_updater.go
- tokenratelimit_policies_validator.go
- tokenratelimitpolicy_status_updater.go
- topology_reconciler.go
- tracing_workflow_helpers.go
Click to show internal directories.
Click to hide internal directories.