gcpprivateserviceconnect

package
v0.1.74 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2026 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Overview

Package gcpprivateserviceconnect provides DNS zone management for GCP HCP clusters.

This package is designed for use in Kubernetes reconciliation loops and follows idempotent patterns. All operations can be called repeatedly with the same result.

Main entry point:

  • ReconcileDNS: Reconciles DNS zones and records (called from PSC controller)

DNS cleanup is handled by the cleanupDNS method in psc_endpoint_controller.go, which uses zone names stored in the GCPPrivateServiceConnect status.

Authentication: All functions use GOOGLE_APPLICATION_CREDENTIALS environment variable to authenticate with GCP. This should point to a service account JSON file mounted from the gcp-customer-credentials Kubernetes secret.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ControllerName 

func ControllerName(name string) string

func InitCustomerGCPClient added in v0.1.73 

func InitCustomerGCPClient(ctx context.Context) (*compute.Service, error)

InitCustomerGCPClient initializes the GCP client for customer project operations. This controller requires Workload Identity Federation (WIF) credentials, which are set up by the token minter in the control-plane-operator. Service account keys are not supported - the finalizer gate checks for WIF token availability before proceeding.

Types

type DNSSetupResult added in v0.1.74 

type DNSSetupResult struct {
	// HypershiftLocalZone is the hypershift.local private zone
	HypershiftLocalZone *dns.ManagedZone

	// PublicIngressZone is the public ingress zone
	PublicIngressZone *dns.ManagedZone

	// PrivateIngressZone is the private ingress zone
	PrivateIngressZone *dns.ManagedZone

	// IngressDNSName is the DNS name for ingress zones (e.g., "in.{baseDomain}.")
	IngressDNSName string

	// PublicIngressNSRecords are the authoritative name servers for the public ingress zone.
	// These must be delegated from the regional zone by the CLS/CLM delegation controller.
	// Example: ["ns-cloud-a1.googledomains.com.", "ns-cloud-a2.googledomains.com.", ...]
	// Note: Private zones don't need delegation - they're only accessible within the VPC.
	PublicIngressNSRecords []string

	// HypershiftLocalCreatedRecords contains FQDNs of records created in hypershift.local zone
	// Example: ["api.{cluster}.hypershift.local.", "*.apps.{cluster}.hypershift.local."]
	HypershiftLocalCreatedRecords []string

	// PublicIngressCreatedRecords contains FQDNs of records created in public ingress zone
	// Example: ["*.apps.{cluster}.{baseDomain}."]
	PublicIngressCreatedRecords []string

	// PrivateIngressCreatedRecords contains FQDNs of records created in private ingress zone
	// Example: ["*.apps.{cluster}.{baseDomain}."]
	PrivateIngressCreatedRecords []string
}

DNSSetupResult contains the results of setting up cluster DNS zones.

func ReconcileDNS added in v0.1.74 

func ReconcileDNS(ctx context.Context, hcp *hyperv1.HostedControlPlane, pscEndpointIP string) (*DNSSetupResult, error)

ReconcileDNS reconciles DNS zones and records for a GCP HCP cluster. This is the main entry point from the PSC controller reconciliation loop.

This function is fully idempotent and can be called repeatedly. It will:

  • Create missing DNS zones
  • Ensure required DNS records exist with correct values
  • Skip operations if resources already exist in desired state
  • Return zone information for status updates

Note: DNS zones are always created by the operator. Self-managed scenarios where zones are externally managed are not yet supported.

DNS Resources Managed:

  1. Private hypershift.local zone
  2. Public ingress zone
  3. Private ingress zone
  4. ACME challenge CNAME in public zone (delegates to regional zone)
  5. A record for api.{cluster}.hypershift.local -> PSC endpoint IP

Parameters:

  • ctx: Context for the operation
  • hcp: HostedControlPlane CR containing cluster configuration
  • pscEndpointIP: IP address of the Private Service Connect endpoint

Returns:

  • DNSSetupResult: Contains zone information and NS records for status updates
  • error: Any error encountered during reconciliation

type GCPPrivateServiceConnectReconciler added in v0.1.73 

type GCPPrivateServiceConnectReconciler struct {
	client.Client
	upsert.CreateOrUpdateProvider
	// contains filtered or unexported fields
}

GCPPrivateServiceConnectReconciler manages PSC endpoints in customer projects

func (*GCPPrivateServiceConnectReconciler) Reconcile added in v0.1.73 

func (r *GCPPrivateServiceConnectReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile implements the main reconciliation logic for PSC endpoints

func (*GCPPrivateServiceConnectReconciler) SetupWithManager added in v0.1.73 

func (r *GCPPrivateServiceConnectReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type GCPPrivateServiceObserver 

type GCPPrivateServiceObserver struct {
	client.Client

	ControllerName   string
	ServiceNamespace string
	ServiceName      string
	HCPNamespace     string
	upsert.CreateOrUpdateProvider
	// contains filtered or unexported fields
}

GCPPrivateServiceObserver watches a router Service with Internal Load Balancer and reconciles a GCPPrivateServiceConnect CR representation for it.

func (*GCPPrivateServiceObserver) Reconcile 

func (r *GCPPrivateServiceObserver) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*GCPPrivateServiceObserver) SetupWithManager 

func (r *GCPPrivateServiceObserver) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.