package controllers

/*
Package controllers provides K8s controllers for managing a Linkerd installation
and service mesh.

It does this by reconciling the Linkerd CRD type defined in pkg/edge/linkerd/apis.

Examples

		kind: Linkerd
		apiVersion: linkerd.edge.ncr.com/v1alpha1
		metadata:
			name: linkerd.edge.ncr.com
		spec: {}

Reconciliation

Befor rendering the Linkerd installation manifests and applying them to the
cluster, the controller attempts to reconcile the preconditions for installation,
based on the official documentation for automating TLS certificate renewal: https://linkerd.io/2.11/tasks/automatically-rotating-control-plane-tls-credentials/#save-the-signing-key-pair-as-a-secret

- Creating the trust anchor certificate keypair.  Because the content of the
  key is included in the Linkerd installation manifests, the controller will
	prefer to read an existing secret and only create one if it does not exist.
	This avoids churning the Linkerd installation more than necessary across
	restarts.
- Creating the cert-manager Issuer & Certificate resources referencing the
  generated trust anchor.

Once these preconditions are met, manifests will be rendered using the official
Linkerd Helm Chart using third_party/k8s/linkerd/helm and apply the appropriate
values based on the Spec of the Linkerd object and some required defaults.
*/