Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CriticalRoleMap = map[string]bool{ "admin": true, "cluster-admin": true, "edit": true, "kindnet": true, "kubeadm:get-nodes": true, "local-path-provisioner-role": true, "system:aggregate-to-admin": true, "system:aggregate-to-edit": true, "system:aggregate-to-view": true, "system:certificates.k8s.io:certificatesigningrequests:nodeclient": true, "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient": true, "system:certificates.k8s.io:kube-apiserver-client-approver": true, "system:certificates.k8s.io:kube-apiserver-client-kubelet-approver": true, "system:certificates.k8s.io:kubelet-serving-approver": true, "system:certificates.k8s.io:legacy-unknown-approver": true, "system:controller:attachdetach-controller": true, "system:controller:bootstrap-signer": true, "system:controller:certificate-controller": true, "system:controller:clusterrole-aggregation-controller": true, "system:controller:cronjob-controller": true, "system:controller:daemon-set-controller": true, "system:controller:deployment-controller": true, "system:controller:disruption-controller": true, "system:controller:endpoint-controller": true, "system:controller:endpointslice-controller": true, "system:controller:endpointslicemirroring-controller": true, "system:controller:ephemeral-volume-controller": true, "system:controller:expand-controller": true, "system:controller:generic-garbage-collector": true, "system:controller:horizontal-pod-autoscaler": true, "system:controller:job-controller": true, "system:controller:namespace-controller": true, "system:controller:node-controller": true, "system:controller:persistent-volume-binder": true, "system:controller:pod-garbage-collector": true, "system:controller:pv-protection-controller": true, "system:controller:pvc-protection-controller": true, "system:controller:replicaset-controller": true, "system:controller:replication-controller": true, "system:controller:resourcequota-controller": true, "system:controller:root-ca-cert-publisher": true, "system:controller:route-controller": true, "system:controller:service-account-controller": true, "system:controller:service-controller": true, "system:controller:statefulset-controller": true, "system:controller:token-cleaner": true, "system:controller:ttl-after-finished-controller": true, "system:controller:ttl-controller": true, "system:coredns": true, "system:heapster": true, "system:kube-aggregator": true, "system:kube-controller-manager": true, "system:kube-dns": true, "system:kube-scheduler": true, "system:kubelet-api-admin": true, "system:monitoring": true, "system:node": true, "system:node-bootstrapper": true, "system:node-problem-detector": true, "system:node-proxier": true, "system:persistent-volume-provisioner": true, "system:public-info-viewer ": true, "system:service-account-issuer-discovery": true, "system:volume-scheduler": true, "view": true, }
Functions ¶
This section is empty.
Types ¶
type RiskEngine ¶
type RiskEngine struct {
// contains filtered or unexported fields
}
RiskEngine computes which assets are deemed critical based on a set of pre-configured rules.
func (*RiskEngine) IsCritical ¶
func (ra *RiskEngine) IsCritical(model any) bool
IsCritical reports whether the provided asset should be marked as critical. The function expects a single store model input and currently only supports Roles.
Click to show internal directories.
Click to hide internal directories.