Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Controller ¶
type Controller struct {
// Enforcer is used to check that containers satisfy constraints set by a policy
Enforcer
// PMetrics is used to provide scrapable metrics for prometheus
PMetrics *metrics.PortierisMetrics
// contains filtered or unexported fields
}
Controller is the notary controller
func NewController ¶
func NewController(kubeWrapper kubernetes.WrapperInterface, policyClient policy.Interface, nv *notaryverifier.Verifier, pm *metrics.PortierisMetrics) *Controller
NewController creates a new controller object from the various clients passed in
func (*Controller) Admit ¶
func (c *Controller) Admit(admissionRequest *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse
Admit is the admissionRequest handler
type Enforcer ¶
type Enforcer interface {
DigestByPolicy(string, *image.Reference, credential.Credentials, *policyv1.Policy) (*bytes.Buffer, error, error)
VulnerabilityPolicy(*image.Reference, credential.Credentials, *policyv1.Policy) vulnerability.ScanResponse
}
Enforcer is an interface that enforces pod admission based on a configured policy
func NewEnforcer ¶
func NewEnforcer(kubeClientsetWrapper kubernetes.WrapperInterface, nv *notaryverifier.Verifier) Enforcer
NewEnforcer returns an enforce that wraps the kubenetes interface and a notary verifier
Source Files
Click to show internal directories.
Click to hide internal directories.