Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

controller

package

Go to main page

Versions in this module

v0

v0.5.2

May 2, 2026

Changes in this version

+ const BrokerLeasesFinalizer

+ const CiliumGroupVersion

+ const DefaultAuditRetention

+ const DefaultCollectorImage

+ const DefaultHomeInitImage

+ const DefaultIPTablesInitImage

+ const DefaultProxyImage

+ const HarnessRunFinalizer

+ const KubeSystemNamespace

+ const WorkspaceFinalizer

+ var CiliumNetworkPolicyGVK = schema.GroupVersionKind

+ func APIServerIPsFromConfig(cfg *rest.Config) ([]net.IP, error)

+ func DetectCiliumCNP(d CiliumNetworkPolicyDiscovery) (bool, error)

+ func DetectNetworkPolicyCNI(ctx context.Context, c client.Reader) (bool, string, error)

+ func IsBrokerCodeFatal(err error) bool

+ func IsDigestPinnedImageRef(ref string) bool

+ type AuditEventReconciler struct

+ Retention time.Duration

+ Scheme *runtime.Scheme

+ func (r *AuditEventReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

+ func (r *AuditEventReconciler) SetupWithManager(mgr ctrl.Manager) error

+ type BrokerCASource struct

+ Name string

+ Namespace string

+ type BrokerHTTPClient struct

+ TokenReader brokerclient.TokenReader

+ func NewBrokerHTTPClient(endpoint, tokenPath, caPath string) (*BrokerHTTPClient, error)

+ func (b *BrokerHTTPClient) Issue(ctx context.Context, runName, runNamespace, credentialName string) (*brokerapi.IssueResponse, error)

+ func (b *BrokerHTTPClient) Revoke(ctx context.Context, runName, runNamespace string, ...) error

+ type BrokerIssuer interface

+ Issue func(ctx context.Context, runName, runNamespace, credentialName string) (*brokerapi.IssueResponse, error)

+ Revoke func(ctx context.Context, runName, runNamespace string, ...) error

+ type BrokerPolicyReconciler struct

+ Now func() time.Time

+ Scheme *runtime.Scheme

+ func (r *BrokerPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

+ func (r *BrokerPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error

+ type CiliumNetworkPolicyDiscovery interface

+ ServerResourcesForGroupVersion func(groupVersion string) (*metav1.APIResourceList, error)

+ type ControllerAudit struct

+ Sink auditing.Sink

+ func (c *ControllerAudit) EmitBrokerCredsTampered(ctx context.Context, runName, namespace string, prunedKeys []string)

+ func (c *ControllerAudit) EmitCAProjected(ctx context.Context, runName, namespace, secretName string)

+ func (c *ControllerAudit) EmitCredentialIssuedSummary(ctx context.Context, runName, namespace string, count int)

+ func (c *ControllerAudit) EmitInteractiveRunTerminated(ctx context.Context, runName, namespace, reason string)

+ func (c *ControllerAudit) EmitNetworkPolicyEnforcementWithdrawn(ctx context.Context, runName, namespace, reason string)

+ func (c *ControllerAudit) EmitRunCAMisconfigured(ctx context.Context, runName, namespace, reason string)

+ func (c *ControllerAudit) EmitRunCompleted(ctx context.Context, runName, namespace string, ...)

+ func (c *ControllerAudit) EmitRunFailed(ctx context.Context, runName, namespace, reason, message string)

+ func (c *ControllerAudit) EmitWorkspaceCAMisconfigured(ctx context.Context, wsName, namespace, reason string)

+ type HarnessRunReconciler struct

+ Audit *ControllerAudit

+ BrokerClient BrokerIssuer

+ CollectorImage string

+ HomeInitImage string

+ IPTablesInitImage string

+ ProxyAllowList string

+ Recorder record.EventRecorder

+ RingMaxEvents int

+ Scheme *runtime.Scheme

+ func (r *HarnessRunReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

+ func (r *HarnessRunReconciler) SetupWithManager(mgr ctrl.Manager) error

+ type NetworkPolicyEnforceMode string

+ const NetworkPolicyEnforceAuto

+ const NetworkPolicyEnforceOff

+ const NetworkPolicyEnforceOn

+ type ProxyBrokerConfig struct

+ APIServerIPs []net.IP

+ BrokerCASource BrokerCASource

+ BrokerEndpoint string

+ BrokerNamespace string

+ BrokerPort int32

+ CiliumCNPAvailable bool

+ ClusterPodCIDR string

+ ClusterServiceCIDR string

+ NetworkPolicyAutoEnabled bool

+ NetworkPolicyEnforce NetworkPolicyEnforceMode

+ ProxyCAClusterIssuer string

+ ProxyImage string

+ type WorkspaceReconciler struct

+ Audit *ControllerAudit

+ Recorder record.EventRecorder

+ Scheme *runtime.Scheme

+ SeedImage string

+ func (r *WorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

+ func (r *WorkspaceReconciler) SetupWithManager(mgr ctrl.Manager) error