Documentation
¶
Overview ¶
Package dryrunvalidator implements the DryRunValidator component that performs dry-run reconciliation for webhook validation.
This component: - Subscribes to WebhookValidationRequest events (scatter-gather) - Creates overlay stores simulating resource changes - Performs dry-run reconciliation (rendering + validation) - Publishes WebhookValidationResponse events
The validator ensures resources are valid before they're saved to etcd, preventing invalid configurations from being admitted.
Index ¶
Constants ¶
const ( // ComponentName is the unique identifier for this component. ComponentName = "dryrun-validator" // ValidatorID identifies this validator in scatter-gather responses. ValidatorID = "dryrun" // EventBufferSize is the size of the event subscription buffer. EventBufferSize = 50 // TestExecutionTimeout is the maximum time allowed for running validation tests. // Tests run sequentially with Workers=1, so this should accommodate multiple tests. TestExecutionTimeout = 60 * time.Second )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Component ¶
type Component struct {
// contains filtered or unexported fields
}
Component implements the dry-run validator.
It subscribes to WebhookValidationRequest events, creates store overlays from admission requests, and delegates validation to ProposalValidator.
The component also runs validation tests if configured, which is not handled by ProposalValidator.
func New ¶
func New(cfg *ComponentConfig) *Component
New creates a new DryRunValidator component.
Parameters:
- cfg: Configuration for the component
Returns:
- A new Component instance ready to be started
func (*Component) Name ¶
Name returns the unique identifier for this component. Implements the lifecycle.Component interface.
func (*Component) Start ¶
Start begins the validator's event loop.
This method blocks until the context is cancelled. It processes WebhookValidationRequest events from the pre-subscribed channel.
func (*Component) ValidateDirect ¶
func (c *Component) ValidateDirect(ctx context.Context, gvk, namespace, name string, object interface{}, operation string) (allowed bool, reason string)
ValidateDirect performs synchronous dry-run validation without scatter-gather.
This method is intended for direct webhook integration, eliminating the event-based scatter-gather pattern for improved performance and simplicity.
Parameters:
- ctx: Context for cancellation and timeout
- gvk: GroupVersionKind string (e.g., "networking.k8s.io/v1.Ingress")
- namespace: Resource namespace
- name: Resource name
- object: The Kubernetes resource object
- operation: Admission operation (CREATE, UPDATE, DELETE)
Returns:
- allowed: Whether the resource passed validation
- reason: Denial reason if not allowed, empty otherwise
type ComponentConfig ¶
type ComponentConfig struct {
// EventBus is the event bus for subscribing to requests and publishing responses.
EventBus *busevents.EventBus
// ProposalValidator is the component that performs render-validate pipeline.
ProposalValidator *proposalvalidator.Component
// Config is the controller configuration containing templates.
Config *config.Config
// Engine is the pre-compiled template engine for rendering validation tests.
Engine templating.Engine
// ValidationPaths is the filesystem paths for HAProxy validation.
ValidationPaths *dataplane.ValidationPaths
// Capabilities is the HAProxy capabilities determined from local version.
Capabilities dataplane.Capabilities
// Logger is the structured logger.
Logger *slog.Logger
}
ComponentConfig contains configuration for creating a DryRunValidator.
Source Files