Documentation ¶
Index ¶
- func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor, zapConfig zap.Config, ...) error
- type DebugInfo
- type Option
- func OptionAgentVersion(v semver.Version) Option
- func OptionBPFEnabled(bpfEnabled bool) Option
- func OptionBinaryTokens(b bool) Option
- func OptionCollector(c collector.EventCollector) Option
- func OptionDatapathService(s packetprocessor.PacketProcessor) Option
- func OptionDisableMutualAuth() Option
- func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option
- func OptionEnforceLinuxProcess() Option
- func OptionIPSetManager(manager ipsetmanager.ACLManager) Option
- func OptionIPv6Enable(ipv6Enabled bool) Option
- func OptionPacketLogs() Option
- func OptionProcMountPoint(p string) Option
- func OptionRemoteParameters(p *env.RemoteParameters) Option
- func OptionRuntimeConfiguration(c *runtime.Configuration) Option
- func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option
- func OptionSecret(s secrets.Secrets) Option
- func OptionTokenIssuer(t common.ServiceTokenIssuer) Option
- type TriremeController
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LaunchRemoteEnforcer ¶
func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor, zapConfig zap.Config, agentVersion semver.Version) error
LaunchRemoteEnforcer launches a remote enforcer instance.
Types ¶
type DebugInfo ¶
type DebugInfo interface { // EnableReceivedPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID EnableDatapathPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, direction packettracing.TracingDirection, interval time.Duration) error // EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream. EnableIPTablesPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, interval time.Duration) error // Ping runs ping based on the given config. Ping(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, pingConfig *policy.PingConfig) error }
DebugInfo is the interface implemented by controllers to support configuring debug options
type Option ¶
type Option func(*config)
Option is provided using functional arguments.
func OptionAgentVersion ¶
OptionAgentVersion is an option to set agent version.
func OptionBinaryTokens ¶
OptionBinaryTokens enables the binary token datapath
func OptionCollector ¶
func OptionCollector(c collector.EventCollector) Option
OptionCollector is an option to provide an external collector implementation.
func OptionDatapathService ¶
func OptionDatapathService(s packetprocessor.PacketProcessor) Option
OptionDatapathService is an option to provide an external datapath service implementation.
func OptionDisableMutualAuth ¶
func OptionDisableMutualAuth() Option
OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)
func OptionEnforceFqConfig ¶
func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option
OptionEnforceFqConfig is an option to override filter queues.
func OptionEnforceLinuxProcess ¶
func OptionEnforceLinuxProcess() Option
OptionEnforceLinuxProcess is an option to request support for linux process support.
func OptionIPSetManager ¶
func OptionIPSetManager(manager ipsetmanager.ACLManager) Option
OptionIPSetManager is an option to provide ipsetmanager
func OptionIPv6Enable ¶
OptionIPv6Enable is an option to enable ipv6
func OptionPacketLogs ¶
func OptionPacketLogs() Option
OptionPacketLogs is an option to enable packet level logging.
func OptionProcMountPoint ¶
OptionProcMountPoint is an option to provide proc mount point.
func OptionRemoteParameters ¶
func OptionRemoteParameters(p *env.RemoteParameters) Option
OptionRemoteParameters is an option to set the parameters for the remote
func OptionRuntimeConfiguration ¶
func OptionRuntimeConfiguration(c *runtime.Configuration) Option
OptionRuntimeConfiguration is an option to provide target network configuration.
func OptionRuntimeErrorChannel ¶
func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option
OptionRuntimeErrorChannel configures the error channel for the policy engine.
func OptionSecret ¶
OptionSecret is an option to provide an external datapath service implementation.
func OptionTokenIssuer ¶
func OptionTokenIssuer(t common.ServiceTokenIssuer) Option
OptionTokenIssuer provides the token issuer.
type TriremeController ¶
type TriremeController interface { // Run initializes and runs the controller. Run(ctx context.Context) error // CleanUp cleans all the supervisors and ACLs for a clean exit CleanUp() error // Enforce asks the controller to enforce policy on a processing unit Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error) // UnEnforce asks the controller to ub-enforce policy on a processing unit UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error) // UpdatePolicy updates the policy of the isolator for a container. UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push UpdateSecrets(secrets secrets.Secrets) error // UpdateConfiguration updates the configuration of the controller. Only specific configuration // parameters can be updated during run time. UpdateConfiguration(cfg *runtime.Configuration) error DebugInfo }
TriremeController is the main API of the Trireme controller
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
internal
|
|
Package mockcontroller is a generated GoMock package.
|
Package mockcontroller is a generated GoMock package. |
pkg
|
|
packet
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
|
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure. |
remoteenforcer/mockremoteenforcer
Package mockremoteenforcer is a generated GoMock package.
|
Package mockremoteenforcer is a generated GoMock package. |
tokens/mocktokens
Package mocktokens is a generated GoMock package.
|
Package mocktokens is a generated GoMock package. |
usertokens/mockusertokens
Package mockusertokens is a generated GoMock package.
|
Package mockusertokens is a generated GoMock package. |