Documentation
¶
Index ¶
- Constants
- Variables
- func Ensure(c client.Client, variant string, v3 bool, apiVersion string, log logr.Logger) error
- func EnsureValidating(c client.Client, variant string, v3 bool, apiVersion string, log logr.Logger) error
- func GetMutatingAdmissionPolicies(variant opv1.ProductVariant, v3 bool, apiVersion string) []client.Object
- func GetValidatingAdmissionPolicies(variant opv1.ProductVariant, v3 bool, apiVersion string) []client.Object
- func IsBindingKind(obj client.Object) bool
- func IsPolicyKind(obj client.Object) bool
- func IsValidatingBindingKind(obj client.Object) bool
- func IsValidatingPolicyKind(obj client.Object) bool
- func ListManaged(ctx context.Context, c client.Client, apiVersion string) (policies, bindings []client.Object, err error)
- func ListManagedValidating(ctx context.Context, c client.Client, apiVersion string) (policies, bindings []client.Object, err error)
Constants ¶
const ( // ManagedMAPLabel is the label key applied to operator-managed MutatingAdmissionPolicy and // MutatingAdmissionPolicyBinding resources. ManagedMAPLabel = "operator.tigera.io/mutating-admission-policy" // ManagedMAPLabelValue is the label value for operator-managed MAP resources. ManagedMAPLabelValue = "managed" // ManagedVAPLabel is the label key applied to operator-managed ValidatingAdmissionPolicy and // ValidatingAdmissionPolicyBinding resources. ManagedVAPLabel = "operator.tigera.io/validating-admission-policy" // ManagedVAPLabelValue is the label value for operator-managed VAP resources. ManagedVAPLabelValue = "managed" // APIGroup is the API group for MutatingAdmissionPolicy and ValidatingAdmissionPolicy resources. APIGroup = "admissionregistration.k8s.io" // VersionV1 is the GA API version (k8s 1.36+). VersionV1 = "v1" // VersionV1Beta1 is the beta API version (served k8s 1.34-1.39). VersionV1Beta1 = "v1beta1" // VersionV1Alpha1 is the alpha API version (served k8s 1.32-1.37, behind the MutatingAdmissionPolicy feature gate). VersionV1Alpha1 = "v1alpha1" // KindPolicy is the MutatingAdmissionPolicy kind. KindPolicy = "MutatingAdmissionPolicy" // KindBinding is the MutatingAdmissionPolicyBinding kind. KindBinding = "MutatingAdmissionPolicyBinding" // KindValidatingPolicy is the ValidatingAdmissionPolicy kind. KindValidatingPolicy = "ValidatingAdmissionPolicy" // KindValidatingBinding is the ValidatingAdmissionPolicyBinding kind. KindValidatingBinding = "ValidatingAdmissionPolicyBinding" )
Variables ¶
var PolicyGroupKind = schema.GroupKind{Group: APIGroup, Kind: KindPolicy}
PolicyGroupKind is the GroupKind for MutatingAdmissionPolicy. Exposed so the API discovery registry in cmd/main.go can pre-resolve its served version at startup.
var ValidatingPolicyGroupKind = schema.GroupKind{Group: APIGroup, Kind: KindValidatingPolicy}
ValidatingPolicyGroupKind is the GroupKind for ValidatingAdmissionPolicy. Exposed so the API discovery registry in cmd/main.go can pre-resolve its served version at startup.
Functions ¶
func Ensure ¶
Ensure ensures that MutatingAdmissionPolicies necessary for bootstrapping exist in the cluster. Further reconciliation is handled by the core controller. If apiVersion is empty (no served version of MutatingAdmissionPolicy on the cluster), a warning is logged and the function returns nil. MAPs are only installed when v3 CRDs are enabled.
func EnsureValidating ¶
func EnsureValidating(c client.Client, variant string, v3 bool, apiVersion string, log logr.Logger) error
EnsureValidating ensures that ValidatingAdmissionPolicies necessary for bootstrapping exist in the cluster, mirroring Ensure. ValidatingAdmissionPolicy has its own served version (it reached GA well before MutatingAdmissionPolicy), so it is bootstrapped independently and is not gated on whether the cluster serves MutatingAdmissionPolicy.
func GetMutatingAdmissionPolicies ¶
func GetMutatingAdmissionPolicies(variant opv1.ProductVariant, v3 bool, apiVersion string) []client.Object
GetMutatingAdmissionPolicies returns MutatingAdmissionPolicy and MutatingAdmissionPolicyBinding objects for the given variant, typed at the requested API version. These are only applicable when v3 CRDs are enabled. Each returned object is labeled with ManagedMAPLabel to enable stale resource cleanup.
func GetValidatingAdmissionPolicies ¶
func GetValidatingAdmissionPolicies(variant opv1.ProductVariant, v3 bool, apiVersion string) []client.Object
GetValidatingAdmissionPolicies returns ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding objects for the given variant, typed at the requested API version. These are only applicable when v3 CRDs are enabled. Each returned object is labeled with ManagedVAPLabel to enable stale resource cleanup.
func IsBindingKind ¶ added in v1.42.2
IsBindingKind returns whether obj is a MutatingAdmissionPolicyBinding (any served version).
func IsPolicyKind ¶ added in v1.42.2
IsPolicyKind returns whether obj is a MutatingAdmissionPolicy (any served version).
func IsValidatingBindingKind ¶
IsValidatingBindingKind returns whether obj is a ValidatingAdmissionPolicyBinding (any served version).
func IsValidatingPolicyKind ¶
IsValidatingPolicyKind returns whether obj is a ValidatingAdmissionPolicy (any served version).
func ListManaged ¶ added in v1.42.2
func ListManaged(ctx context.Context, c client.Client, apiVersion string) (policies, bindings []client.Object, err error)
ListManaged returns the operator-managed MutatingAdmissionPolicy and MutatingAdmissionPolicyBinding objects currently present on the cluster at the given API version. Returns nil if apiVersion is empty.
func ListManagedValidating ¶
func ListManagedValidating(ctx context.Context, c client.Client, apiVersion string) (policies, bindings []client.Object, err error)
ListManagedValidating returns the operator-managed ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding objects currently present on the cluster at the given API version, mirroring ListManaged. Returns nil if apiVersion is empty.
Types ¶
This section is empty.
Source Files