controller

package

v0.8.2 Latest Latest Go to latest Published: Feb 26, 2026 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/otterscale/tenant-operator

Links

Open Source Insights

Documentation ¶

Index ¶

type IstioDetector
- func NewIstioDetector(config *rest.Config) *IstioDetector
- func (d *IstioDetector) IsEnabled() bool
- func (d *IstioDetector) Refresh()
type WorkspaceReconciler
- func (r *WorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *WorkspaceReconciler) SetupWithManager(mgr ctrl.Manager) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IstioDetector ¶

type IstioDetector struct {
	// contains filtered or unexported fields
}

IstioDetector provides a thread-safe way to check whether Istio CRDs are available in the cluster. It uses an atomic boolean that is refreshed via the Discovery API whenever a relevant CRD event is observed.

The DiscoveryClient is cached to avoid creating a new HTTP client on every Refresh.

func NewIstioDetector ¶

func NewIstioDetector(config *rest.Config) *IstioDetector

NewIstioDetector creates an IstioDetector and performs an initial availability check. If the DiscoveryClient cannot be created (e.g., nil config in tests), the detector defaults to disabled and Refresh becomes a no-op.

func (*IstioDetector) IsEnabled ¶

func (d *IstioDetector) IsEnabled() bool

IsEnabled returns whether Istio CRDs are currently available in the cluster.

func (*IstioDetector) Refresh ¶

func (d *IstioDetector) Refresh()

Refresh re-checks Istio CRD availability via the Discovery API and updates the flag. On error the previous state is preserved; this is intentional to avoid flapping caused by transient API-server issues.

type WorkspaceReconciler ¶

type WorkspaceReconciler struct {
	client.Client
	Scheme   *runtime.Scheme
	Version  string
	Recorder events.EventRecorder
	// contains filtered or unexported fields
}

WorkspaceReconciler reconciles a Workspace object. It ensures that the underlying Namespace, RBAC roles, ResourceQuotas, and NetworkPolicies match the desired state defined in the Workspace CR.

The controller is intentionally kept thin: it orchestrates the reconciliation flow, while the actual resource synchronization logic resides in internal/core/workspace/.

func (*WorkspaceReconciler) Reconcile ¶

func (r *WorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is the main loop for the controller. It implements the level-triggered reconciliation logic with a thin orchestration pattern: Fetch -> Domain Sync -> Status Update.

Member-to-label synchronization is handled by the Mutating Webhook (WorkspaceCustomDefaulter), ensuring labels are always consistent before the object reaches etcd.

Deletion is handled entirely by Kubernetes garbage collection: all child resources are created with OwnerReferences pointing to the Workspace, so they are automatically cascade-deleted when the Workspace is removed. No finalizer is needed.

func (*WorkspaceReconciler) SetupWithManager ¶

func (r *WorkspaceReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager registers the controller with the Manager and defines watches.

Istio detection is handled dynamically: the controller watches CustomResourceDefinition objects filtered to the security.istio.io group. When an Istio CRD is created or deleted, the IstioDetector refreshes its state and all Workspaces are re-enqueued so the reconciler can adapt (e.g. switch between NetworkPolicy and Istio AuthorizationPolicy).

If Istio CRDs are already present at startup, the controller also registers Owns() watches for PeerAuthentication and AuthorizationPolicy to detect external drift.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL