kubebench

package

v0.10.3 Latest Latest Go to latest Published: May 14, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aquasecurity/starboard

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kubebench provides primitives for working with CIS Kubernetes benchmarks.

Index ¶

type Builder
- func NewBuilder(scheme *runtime.Scheme) Builder
type Config
type Plugin
- func NewKubeBenchPlugin(clock ext.Clock, config Config) Plugin
type ReadWriter
- func NewReadWriter(client client.Client) ReadWriter
type Reader
type Scanner
- func NewScanner(scheme *runtime.Scheme, clientset kubernetes.Interface, opts kube.ScannerOpts, ...) *Scanner
- func (s *Scanner) Scan(ctx context.Context, node corev1.Node) (v1alpha1.CISKubeBenchReport, error)
type Writer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Builder ¶ added in v0.10.1

type Builder interface {
	Controller(controller metav1.Object) Builder
	Data(data v1alpha1.CISKubeBenchOutput) Builder
	Get() (v1alpha1.CISKubeBenchReport, error)
}

func NewBuilder ¶ added in v0.10.1

func NewBuilder(scheme *runtime.Scheme) Builder

type Config ¶ added in v0.6.0

type Config interface {
	GetKubeBenchImageRef() (string, error)
}

type Plugin ¶ added in v0.10.0

type Plugin interface {

	// GetScanJobSpec describes the pod that will be created by Starboard when
	// it schedules a Kubernetes job to audit the configuration of the specified
	// node.
	GetScanJobSpec(node corev1.Node) (corev1.PodSpec, error)

	// ParseCISKubeBenchOutput is a callback to parse and convert logs of
	// the pod controlled by the scan job to v1alpha1.CISKubeBenchOutput.
	ParseCISKubeBenchOutput(logsStream io.ReadCloser) (v1alpha1.CISKubeBenchOutput, error)

	GetContainerName() string
}

Plugin defines the interface between Starboard and Kubernetes configuration checker with CIS Kubernetes Benchmarks.

func NewKubeBenchPlugin ¶ added in v0.10.0

func NewKubeBenchPlugin(clock ext.Clock, config Config) Plugin

NewKubeBenchPlugin constructs a new Plugin, which is using an official Kube-Bench container image, with the specified Config.

type ReadWriter ¶ added in v0.3.0

type ReadWriter interface {
	Writer
	Reader
}

func NewReadWriter ¶ added in v0.9.0

func NewReadWriter(client client.Client) ReadWriter

type Reader ¶ added in v0.3.0

type Reader interface {
	FindByOwner(ctx context.Context, node kube.Object) (*v1alpha1.CISKubeBenchReport, error)
}

type Scanner ¶

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner ¶

func NewScanner(
	scheme *runtime.Scheme,
	clientset kubernetes.Interface,
	opts kube.ScannerOpts,
	plugin Plugin,
) *Scanner

func (*Scanner) Scan ¶

func (s *Scanner) Scan(ctx context.Context, node corev1.Node) (v1alpha1.CISKubeBenchReport, error)

type Writer ¶

type Writer interface {
	Write(ctx context.Context, report v1alpha1.CISKubeBenchReport) error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL