Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Namespace string `env:"OPERATOR_NAMESPACE"` TargetNamespaces string `env:"OPERATOR_TARGET_NAMESPACES"` ExcludeNamespaces string `env:"OPERATOR_EXCLUDE_NAMESPACES"` ServiceAccount string `env:"OPERATOR_SERVICE_ACCOUNT" envDefault:"starboard-operator"` LogDevMode bool `env:"OPERATOR_LOG_DEV_MODE" envDefault:"false"` ScanJobTimeout time.Duration `env:"OPERATOR_SCAN_JOB_TIMEOUT" envDefault:"5m"` ConcurrentScanJobsLimit int `env:"OPERATOR_CONCURRENT_SCAN_JOBS_LIMIT" envDefault:"10"` ScanJobRetryAfter time.Duration `env:"OPERATOR_SCAN_JOB_RETRY_AFTER" envDefault:"30s"` BatchDeleteLimit int `env:"OPERATOR_BATCH_DELETE_LIMIT" envDefault:"10"` BatchDeleteDelay time.Duration `env:"OPERATOR_BATCH_DELETE_DELAY" envDefault:"10s"` MetricsBindAddress string `env:"OPERATOR_METRICS_BIND_ADDRESS" envDefault:":8080"` HealthProbeBindAddress string `env:"OPERATOR_HEALTH_PROBE_BIND_ADDRESS" envDefault:":9090"` CISKubernetesBenchmarkEnabled bool `env:"OPERATOR_CIS_KUBERNETES_BENCHMARK_ENABLED" envDefault:"true"` VulnerabilityScannerEnabled bool `env:"OPERATOR_VULNERABILITY_SCANNER_ENABLED" envDefault:"true"` VulnerabilityScannerScanOnlyCurrentRevisions bool `env:"OPERATOR_VULNERABILITY_SCANNER_SCAN_ONLY_CURRENT_REVISIONS" envDefault:"false"` VulnerabilityScannerReportTTL *time.Duration `env:"OPERATOR_VULNERABILITY_SCANNER_REPORT_TTL"` ClusterComplianceEnabled bool `env:"OPERATOR_CLUSTER_COMPLIANCE_ENABLED" envDefault:"true"` ConfigAuditScannerEnabled bool `env:"OPERATOR_CONFIG_AUDIT_SCANNER_ENABLED" envDefault:"false"` ConfigAuditScannerScanOnlyCurrentRevisions bool `env:"OPERATOR_CONFIG_AUDIT_SCANNER_SCAN_ONLY_CURRENT_REVISIONS" envDefault:"false"` // ConfigAuditScannerBuiltIn tells Starboard to use the built-in // configuration audit scanner instead of Polaris or Conftest // plugins. // // You cannot use Polaris or Conftest and the built-in scanner at the same // time. The built-in scanners is much faster and does not create Kubernetes // Job objects to perform scans asynchronously. Instead, it evaluates OPA // Rego policies synchronously within the reconciliation loop. ConfigAuditScannerBuiltIn bool `env:"OPERATOR_CONFIG_AUDIT_SCANNER_BUILTIN" envDefault:"true"` LeaderElectionEnabled bool `env:"OPERATOR_LEADER_ELECTION_ENABLED" envDefault:"false"` LeaderElectionID string `env:"OPERATOR_LEADER_ELECTION_ID" envDefault:"starboard-lock"` }
Config defines parameters for running the operator.
func GetOperatorConfig ¶
GetOperatorConfig loads Config from environment variables.
func (Config) GetOperatorNamespace ¶ added in v0.9.0
GetOperatorNamespace returns the namespace the operator should be running in.
func (Config) GetTargetNamespaces ¶ added in v0.9.0
GetTargetNamespaces returns namespaces the operator should be watching for changes.
func (Config) ResolveInstallMode ¶ added in v0.9.0
func (c Config) ResolveInstallMode() (InstallMode, string, []string, error)
ResolveInstallMode resolves InstallMode based on configured Config.Namespace and Config.TargetNamespaces.
type InstallMode ¶
type InstallMode string
InstallMode represents multitenancy support defined by the Operator Lifecycle Manager spec.
const ( OwnNamespace InstallMode = "OwnNamespace" SingleNamespace InstallMode = "SingleNamespace" MultiNamespace InstallMode = "MultiNamespace" AllNamespaces InstallMode = "AllNamespaces" )
Click to show internal directories.
Click to hide internal directories.