controller

package
v10.119.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 5, 2019 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CleanOldState

func CleanOldState()

CleanOldState ensures all state in trireme is cleaned up.

func GetLogParameters

func GetLogParameters() (logToConsole bool, logID string, logLevel string, logFormat string, compressedTagsVersion claimsheader.CompressionType)

GetLogParameters retrieves log parameters for Remote Enforcer.

func LaunchRemoteEnforcer

func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error

LaunchRemoteEnforcer launches a remote enforcer instance.

func SetLogParameters

func SetLogParameters(logToConsole, logWithID bool, logLevel string, logFormat string, compressedTags claimsheader.CompressionType)

SetLogParameters sets up environment to be passed to the remote trireme instances.

Types

type Option

type Option func(*config)

Option is provided using functional arguments.

func OptionCollector

func OptionCollector(c collector.EventCollector) Option

OptionCollector is an option to provide an external collector implementation.

func OptionDatapathService

func OptionDatapathService(s packetprocessor.PacketProcessor) Option

OptionDatapathService is an option to provide an external datapath service implementation.

func OptionDisableMutualAuth

func OptionDisableMutualAuth() Option

OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)

func OptionEnforceFqConfig

func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option

OptionEnforceFqConfig is an option to override filter queues.

func OptionEnforceLinuxProcess

func OptionEnforceLinuxProcess() Option

OptionEnforceLinuxProcess is an option to request support for linux process support.

func OptionPacketLogs

func OptionPacketLogs() Option

OptionPacketLogs is an option to enable packet level logging.

func OptionProcMountPoint

func OptionProcMountPoint(p string) Option

OptionProcMountPoint is an option to provide proc mount point.

func OptionRuntimeErrorChannel

func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option

OptionRuntimeErrorChannel configures the error channel for the policy engine.

func OptionSecret

func OptionSecret(s secrets.Secrets) Option

OptionSecret is an option to provide an external datapath service implementation.

func OptionTargetNetworks

func OptionTargetNetworks(n []string) Option

OptionTargetNetworks is an option to provide target network configuration.

type TriremeController

type TriremeController interface {
	// Run initializes and runs the controller.
	Run(ctx context.Context) error

	// CleanUp cleans all the supervisors and ACLs for a clean exit
	CleanUp() error

	// Enforce asks the controller to enforce policy on a processing unit
	Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UnEnforce asks the controller to ub-enforce policy on a processing unit
	UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UpdatePolicy updates the policy of the isolator for a container.
	UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error

	// UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
	UpdateSecrets(secrets secrets.Secrets) error

	// UpdateConfiguration updates the configuration of the controller. Only specific configuration
	// parameters can be updated during run time.
	UpdateConfiguration(networks []string) error
}

TriremeController is the main API of the Trireme controller

func New

func New(serverID string, mode constants.ModeType, opts ...Option) TriremeController

New returns a trireme interface implementation based on configuration provided.

Directories

Path Synopsis
internal
enforcer/mockenforcer
Package mockenforcer is a generated GoMock package.
Package mockenforcer is a generated GoMock package.
enforcer/proxy
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
enforcer/utils/packetgen
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
enforcer/utils/rpcwrapper/mockrpcwrapper
Package mockrpcwrapper is a generated GoMock package.
Package mockrpcwrapper is a generated GoMock package.
processmon
Package processmon is to manage and monitor remote enforcers.
Package processmon is to manage and monitor remote enforcers.
processmon/mockprocessmon
Package mockprocessmon is a generated GoMock package.
Package mockprocessmon is a generated GoMock package.
supervisor/mocksupervisor
Package mocksupervisor is a generated GoMock package.
Package mocksupervisor is a generated GoMock package.
supervisor/proxy
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
Package mockcontroller is a generated GoMock package.
Package mockcontroller is a generated GoMock package.
pkg
packet
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
remoteenforcer/internal/statsclient/mockstatsclient
Package mockstatsclient is a generated GoMock package.
Package mockstatsclient is a generated GoMock package.
remoteenforcer/internal/statscollector/mockstatscollector
Package mockstatscollector is a generated GoMock package.
Package mockstatscollector is a generated GoMock package.
remoteenforcer/mockremoteenforcer
Package mockremoteenforcer is a generated GoMock package.
Package mockremoteenforcer is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL