Documentation ¶
Index ¶
Constants ¶
View Source
const ( // configMap that contains the default script OpenScapScriptConfigMapName = "openscap-container-entrypoint" // This is how the script would be mounted OpenScapScriptPath = "/scripts/openscap-container-entrypoint" // configMap that contains the runtime kubeletconfig KubeletConfigMapName = "openscap-kubeletconfig" // This is how the kubeletconfig would be mounted KubeletConfigMapPath = "/kubeletconfig" // This is how the kubeletconfig would be linked in the host KubeletConfigLinkPath = "/host/etc/kubernetes/compliance-operator/kubeletconfig" // This is the folder where the kubeletconfig would be linked in the host KubeletConfigLinkFolder = "/host/etc/kubernetes/compliance-operator" // a configMap with env vars for the script OpenScapEnvConfigMapName = "openscap-env-map" // A configMap same as above but minus hostroot OpenScapPlatformEnvConfigMapName = "openscap-env-map-platform" // environment variables the default script consumes OpenScapHostRootEnvName = "HOSTROOT" OpenScapProfileEnvName = "PROFILE" OpenScapContentEnvName = "CONTENT" OpenScapReportDirEnvName = "REPORT_DIR" OpenScapRuleEnvName = "RULE" OpenScapVerbosityeEnvName = "VERBOSITY" OpenScapTailoringDirEnvName = "TAILORING_DIR" HTTPSProxyEnvName = "HTTPS_PROXY" DisconnectedInstallEnvName = "DISCONNECTED" ResultServerPort = int32(8443) // Tailoring constants OpenScapTailoringDir = "/tailoring" PlatformScanName = "api-checks" PlatformScanResourceCollectorName = "api-resource-collector" // This coincides with the default ocp_data_root var in CaC. PlatformScanDataRoot = "/kubernetes-api-resources" )
View Source
const ( DefaultContentContainerImage = "ghcr.io/complianceascode/k8scontent:latest" CACertDataKey = "ca.crt" CAKeyDataKey = "ca.key" ServerCertInstanceSuffix = "-rs" ClientCertInstanceSuffix = "-client" ServerCertPrefix = "result-server-cert-" ClientCertPrefix = "result-client-cert-" RootCAPrefix = "root-ca-" CertValidityDays = 1 KubeletConfigCMSuffix = "-runtime-kubeletconfig" )
View Source
const (
// OpenSCAPScanContainerName defines the name of the contianer that will run OpenSCAP
OpenSCAPScanContainerName = "scanner"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Forwarder ¶ added in v1.2.0
type Forwarder interface { SendComplianceCheckResult(c *compv1alpha1.ComplianceCheckResult) error SendComplianceRemediation(r *compv1alpha1.ComplianceRemediation) error }
func NewForwarder ¶ added in v1.2.0
func NewForwarder(s *compv1alpha1.ComplianceScan) Forwarder
type ReconcileComplianceScan ¶
type ReconcileComplianceScan struct { // This Client, initialized using mgr.Client() above, is a split Client // that reads objects from the cache and writes to the apiserver Client client.Client ClientSet *kubernetes.Clientset Scheme *runtime.Scheme Recorder record.EventRecorder Metrics *metrics.Metrics // contains filtered or unexported fields }
ReconcileComplianceScan reconciles a ComplianceScan object
func (*ReconcileComplianceScan) Reconcile ¶
func (r *ReconcileComplianceScan) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error)
Reconcile reads that state of the cluster for a ComplianceScan object and makes changes based on the state read and what is in the ComplianceScan.Spec Note: The Controller will requeue the Request to be processed again if the returned error is non-nil or Result.Requeue is true, otherwise upon completion it will remove the work from the queue.
func (*ReconcileComplianceScan) SetupWithManager ¶
func (r *ReconcileComplianceScan) SetupWithManager(mgr ctrl.Manager) error
Click to show internal directories.
Click to hide internal directories.