Documentation ¶
Index ¶
- func CreateControllers(mgr *Manager, controllerManager ctrl.Manager, crdMode bool) error
- func RegisterHandlers(manager *Manager, srv *utilhttp.Server)
- type Manager
- func (m *Manager) AddAccessPolicy(policy *connectivitypdp.AccessPolicy) error
- func (m *Manager) AddExport(export *v1alpha1.Export)
- func (m *Manager) AddImport(imp *v1alpha1.Import)
- func (m *Manager) AddPeer(pr *v1alpha1.Peer)
- func (m *Manager) DeleteAccessPolicy(name types.NamespacedName, privileged bool) error
- func (m *Manager) DeleteExport(name types.NamespacedName)
- func (m *Manager) DeleteImport(name types.NamespacedName) error
- func (m *Manager) DeletePeer(name string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateControllers ¶
CreateControllers creates the various k8s controllers used to update the xDS manager.
func RegisterHandlers ¶
RegisterHandlers registers the HTTP handlers for dataplane authz requests.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager manages the authorization dataplane connections.
func NewManager ¶
func NewManager(peerTLS *tls.ParsedCertData) (*Manager, error)
NewManager returns a new authorization manager.
func (*Manager) AddAccessPolicy ¶
func (m *Manager) AddAccessPolicy(policy *connectivitypdp.AccessPolicy) error
AddAccessPolicy adds an access policy to allow/deny specific connections.
func (*Manager) DeleteAccessPolicy ¶
func (m *Manager) DeleteAccessPolicy(name types.NamespacedName, privileged bool) error
DeleteAccessPolicy removes an access policy to allow/deny specific connections.
func (*Manager) DeleteExport ¶
func (m *Manager) DeleteExport(name types.NamespacedName)
DeleteExport removes the possibility for ingress dataplane connections to access a given service.
func (*Manager) DeleteImport ¶
func (m *Manager) DeleteImport(name types.NamespacedName) error
DeleteImport removes the listening socket of a previously imported service.
func (*Manager) DeletePeer ¶
DeletePeer removes the possibility for egress dataplane connections to be routed to a given peer.