Jan Novak
a78e4421ef
Kubernetes operator that automates HTTPS listener configuration on
Gateway API Gateway resources whenever a cert-manager Certificate is
created or updated.
Core behaviour:
- Watches cert-manager Certificate resources for the annotation
gateway-cert-operator.io/gateway-name to identify the target Gateway
- Builds HTTPS listeners (prefixed "auto-") from each Certificate's
DNS SANs and merges them into the target Gateway's listener list
- Preserves any manually-managed listeners; removes stale auto-listeners
when Certificates are deleted or their annotations are removed
- Supports optional annotations to override the target namespace and
listener port (default 443)
Components:
- main.go – manager setup, scheme registration,
health/readiness probes
- internal/controller/ – Certificate reconciler with field
indexing and dual-watch pattern
- internal/gateway/patch.go – listener construction, merge, and
equality helpers
- deploy/manifests.yaml – Namespace, RBAC, and Deployment
- docs/README.md – usage guide and architecture notes
- Dockerfile – distroless multi-stage build
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
17 lines
350 B
Docker
17 lines
350 B
Docker
FROM golang:1.25 AS builder
|
|
|
|
WORKDIR /workspace
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY main.go main.go
|
|
COPY internal/ internal/
|
|
|
|
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o manager .
|
|
|
|
FROM gcr.io/distroless/static:nonroot
|
|
WORKDIR /
|
|
COPY --from=builder /workspace/manager .
|
|
USER 65532:65532
|
|
ENTRYPOINT ["/manager"]
|