Overview
The UDS Operator plays a pivotal role in managing the lifecycle of UDS Package Custom Resources (CRs) along with their associated resources like NetworkPolicies and Istio VirtualServices. Leveraging Pepr, the operator binds watch operations to the enqueue and reconciler, taking on several key responsibilities for UDS Packages and exemptions:
Ignoring A Namespace
Section titled “Ignoring A Namespace”You can ignore one or more namespaces from all operator and policy actions by adding them to Pepr’s ignored namespaces list in a bundle override, like so:
packages: - name: core repository: ghcr.io/defenseunicorns/packages/uds/core ref: x.x.x overrides: pepr-uds-core: module: values: - path: additionalIgnoredNamespaces value: - foo-system - bar-system
In the example above, policies would not be enforced on the foo-system
and bar-system
namespaces. In addition, any Package
or Exemption
custom resources in these namespaces would be ignored and not processed.
Key Files and Folders
Section titled “Key Files and Folders”src/pepr/operator/├── controllers # Core business logic called by the reconciler│ ├── exemptions # Manages updating Pepr store with exemptions from UDS Exemption│ ├── istio # Manages Istio VirtualServices and mesh integration for UDS Packages/Namespace│ ├── keycloak # Manages Keycloak client syncing│ ├── monitoring # Manages Prometheus scraping metrics endpoints│ └── network # Manages default and generated NetworkPolicies for UDS Packages/Namespace├── crd│ ├── generated # Type files generated by `uds run -f src/pepr/tasks.yaml gen-crds`│ ├── sources # CRD source files│ ├── migrate.ts # Migrates older versions of UDS Package CRs to new version│ ├── register.ts # Registers the UDS Package CRD with the Kubernetes API│ └── validators # Validates Custom Resources with Pepr├── index.ts # Entrypoint for the UDS Operator└── reconcilers # Reconciles Custom Resources via the controllers