Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ProjectionReconciler ¶
type ProjectionReconciler struct {
client.Client
Scheme *runtime.Scheme
DynamicClient dynamic.Interface
RESTMapper apimeta.RESTMapper
Recorder events.EventRecorder
// SourceMode is the cluster-admin-configured policy for which source
// objects are projectable. Empty string defaults to SourceModeAllowlist.
SourceMode SourceMode
// RequeueInterval controls how long the reconciler sleeps before
// retrying after a successful or failed reconcile. Configured via the
// --requeue-interval CLI flag. Defaults to 30 seconds when unset
// (SetupWithManager fills the zero value so unit-test constructions
// don't need to set it explicitly).
RequeueInterval time.Duration
// SelectorWriteConcurrency bounds the number of in-flight destination
// writes during selector-based fan-out. Each worker issues a Get plus
// (optionally) a Create or Update against the apiserver; HTTP/2
// multiplexing in client-go lets many of these share a single
// connection, but we cap the parallelism so a Projection matching
// thousands of namespaces can't DoS the apiserver or blow out
// controller memory with goroutines. Configured via the
// --selector-write-concurrency CLI flag (Helm value
// selectorWriteConcurrency). Defaults to defaultSelectorWriteConcurrency
// when unset; SetupWithManager fills the zero value so unit-test
// constructions don't need to set it explicitly, and the fan-out site
// guards the same default so direct-Reconcile unit tests that bypass
// SetupWithManager don't deadlock on a zero-capacity semaphore.
SelectorWriteConcurrency int
// Controller is the underlying controller.Controller we built in
// SetupWithManager. We need it so Reconcile can register new source
// watches lazily as previously-unseen source GVKs show up. It is nil
// in unit tests that call Reconcile directly without SetupWithManager.
Controller controller.Controller
// Cache is the manager's cache, used as the source for dynamic watches.
// Also nil in direct-reconcile unit tests.
Cache cache.Cache
// contains filtered or unexported fields
}
ProjectionReconciler reconciles a Projection object.
func (*ProjectionReconciler) SetupWithManager ¶
func (r *ProjectionReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
Two things happen here that Reconcile relies on:
- A field indexer on Projection.spec indexes each CR by the canonical sourceKey of its source ref, so mapSource can list all projections referencing a changed source via a single cached List.
- We use .Build(r) (not .Complete(r)) to capture the controller.Controller so Reconcile can lazily register new source watches as previously-unseen GVKs appear. No up-front source watches — Reconcile adds them on demand.
- A Namespace watch triggers re-reconciliation of selector-based Projections whenever the set of namespaces changes.
type SourceMode ¶
type SourceMode string
SourceMode controls which source objects the operator is willing to project. Configured once per controller via the --source-mode flag.
const ( // SourceModePermissive allows any source object to be projected. Source // owners can still veto individual objects with the // projection.sh/projectable="false" annotation. SourceModePermissive SourceMode = "permissive" // SourceModeAllowlist requires every source object to carry the // projection.sh/projectable="true" annotation before it can be // mirrored. This is the default — Kubernetes convention favors // opt-in for cluster-scoped operators with broad read RBAC. SourceModeAllowlist SourceMode = "allowlist" )
Source Files
Click to show internal directories.
Click to hide internal directories.