compliancescan

package
v1.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 1, 2024 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// configMap that contains the default script
	OpenScapScriptConfigMapName = "openscap-container-entrypoint"
	// This is how the script would be mounted
	OpenScapScriptPath = "/scripts/openscap-container-entrypoint"

	// configMap that contains the runtime kubeletconfig
	KubeletConfigMapName = "openscap-kubeletconfig"
	// This is how the kubeletconfig would be mounted
	KubeletConfigMapPath = "/kubeletconfig"
	// This is how the kubeletconfig would be linked in the host
	KubeletConfigLinkPath = "/host/etc/kubernetes/compliance-operator/kubeletconfig"
	// This is the folder where the kubeletconfig would be linked in the host
	KubeletConfigLinkFolder = "/host/etc/kubernetes/compliance-operator"

	// a configMap with env vars for the script
	OpenScapEnvConfigMapName = "openscap-env-map"
	// A configMap same as above but minus hostroot
	OpenScapPlatformEnvConfigMapName = "openscap-env-map-platform"

	// environment variables the default script consumes
	OpenScapHostRootEnvName     = "HOSTROOT"
	OpenScapProfileEnvName      = "PROFILE"
	OpenScapContentEnvName      = "CONTENT"
	OpenScapReportDirEnvName    = "REPORT_DIR"
	OpenScapRuleEnvName         = "RULE"
	OpenScapVerbosityeEnvName   = "VERBOSITY"
	OpenScapTailoringDirEnvName = "TAILORING_DIR"
	HTTPSProxyEnvName           = "HTTPS_PROXY"
	DisconnectedInstallEnvName  = "DISCONNECTED"

	ResultServerPort = int32(8443)

	// Tailoring constants
	OpenScapTailoringDir = "/tailoring"

	PlatformScanName                  = "api-checks"
	PlatformScanResourceCollectorName = "api-resource-collector"
	// This coincides with the default ocp_data_root var in CaC.
	PlatformScanDataRoot = "/kubernetes-api-resources"
)
View Source
const (
	DefaultContentContainerImage = "ghcr.io/complianceascode/k8scontent:latest"
	CACertDataKey                = "ca.crt"
	CAKeyDataKey                 = "ca.key"
	ServerCertInstanceSuffix     = "-rs"
	ClientCertInstanceSuffix     = "-client"
	ServerCertPrefix             = "result-server-cert-"
	ClientCertPrefix             = "result-client-cert-"
	RootCAPrefix                 = "root-ca-"
	CertValidityDays             = 1
	KubeletConfigCMSuffix        = "-runtime-kubeletconfig"
)
View Source
const (
	// OpenSCAPScanContainerName defines the name of the contianer that will run OpenSCAP
	OpenSCAPScanContainerName = "scanner"
)

Variables

This section is empty.

Functions

func Add

Add creates a new ComplianceScan Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

Types

type Forwarder added in v1.2.0

type Forwarder interface {
	SendComplianceCheckResult(c *compv1alpha1.ComplianceCheckResult) error
	SendComplianceRemediation(r *compv1alpha1.ComplianceRemediation) error
}

func NewForwarder added in v1.2.0

func NewForwarder(s *compv1alpha1.ComplianceScan) Forwarder

type ReconcileComplianceScan

type ReconcileComplianceScan struct {
	// This Client, initialized using mgr.Client() above, is a split Client
	// that reads objects from the cache and writes to the apiserver
	Client    client.Client
	ClientSet *kubernetes.Clientset
	Scheme    *runtime.Scheme
	Recorder  record.EventRecorder
	Metrics   *metrics.Metrics
	// contains filtered or unexported fields
}

ReconcileComplianceScan reconciles a ComplianceScan object

func (*ReconcileComplianceScan) Reconcile

Reconcile reads that state of the cluster for a ComplianceScan object and makes changes based on the state read and what is in the ComplianceScan.Spec Note: The Controller will requeue the Request to be processed again if the returned error is non-nil or Result.Requeue is true, otherwise upon completion it will remove the work from the queue.

func (*ReconcileComplianceScan) SetupWithManager

func (r *ReconcileComplianceScan) SetupWithManager(mgr ctrl.Manager) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL