kube

package
v0.13.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2021 License: Apache-2.0 Imports: 36 Imported by: 14

Documentation

Overview

Package kube provides primitives for working with Kubernetes objects.

Index

Constants

This section is empty.

Variables

View Source
var ErrReplicaSetNotFound = errors.New("replicaset not found")

Functions

func AggregateImagePullSecretsData added in v0.7.1

func AggregateImagePullSecretsData(images ContainerImages, credentials map[string]docker.Auth) map[string][]byte

func ComputeHash added in v0.10.0

func ComputeHash(obj interface{}) string

ComputeHash returns a hash value calculated from a given object. The hash will be safe encoded to avoid bad words.

func ComputeSpecHash added in v0.12.0

func ComputeSpecHash(obj client.Object) (string, error)

ComputeSpecHash computes hash of the specified K8s client.Object. The hash is used to indicate whether the client.Object should be rescanned or not by adding it as the starboard.LabelResourceSpecHash label to an instance of a security report.

func DeepHashObject added in v0.10.0

func DeepHashObject(hasher hash.Hash, objectToWrite interface{})

DeepHashObject writes specified object to hash using the spew library which follows pointers and prints actual values of the nested objects ensuring the hash does not change when a pointer changes.

func GVRForResource added in v0.3.0

func GVRForResource(mapper meta.RESTMapper, resource string) (gvr schema.GroupVersionResource, gvk schema.GroupVersionKind, err error)

func GetActiveDeadlineSeconds added in v0.9.0

func GetActiveDeadlineSeconds(d time.Duration) *int64

func GetPodSpec added in v0.10.0

func GetPodSpec(obj client.Object) (corev1.PodSpec, error)

GetPodSpec returns v1.PodSpec from the specified Kubernetes client.Object. Returns error if the given client.Object is not a Kubernetes workload.

func GetTerminatedContainersStatusesByPod added in v0.9.0

func GetTerminatedContainersStatusesByPod(pod *corev1.Pod) map[string]*corev1.ContainerStateTerminated

func IsBuiltInWorkload added in v0.10.0

func IsBuiltInWorkload(controller *metav1.OwnerReference) bool

IsBuiltInWorkload returns true if the specified v1.OwnerReference is a built-in Kubernetes workload, false otherwise.

func IsClusterScopedKind added in v0.12.0

func IsClusterScopedKind(k string) bool

func KindForObject added in v0.3.0

func KindForObject(object metav1.Object, scheme *runtime.Scheme) (string, error)

func MapContainerNamesToDockerAuths added in v0.7.1

func MapContainerNamesToDockerAuths(images ContainerImages, secrets []corev1.Secret) (map[string]docker.Auth, error)

MapContainerNamesToDockerAuths creates the mapping from a container name to the Docker authentication credentials for the specified kube.ContainerImages and image pull Secrets.

func MapDockerRegistryServersToAuths added in v0.7.1

func MapDockerRegistryServersToAuths(imagePullSecrets []corev1.Secret) (map[string]docker.Auth, error)

MapDockerRegistryServersToAuths creates the mapping from a Docker registry server to the Docker authentication credentials for the specified slice of image pull Secrets.

func NewImagePullSecret added in v0.7.1

func NewImagePullSecret(meta metav1.ObjectMeta, server, username, password string) (*corev1.Secret, error)

NewImagePullSecret constructs a new image pull Secret with the specified registry server and basic authentication credentials.

func NewRunnableJob

func NewRunnableJob(
	scheme *runtime.Scheme,
	clientset kubernetes.Interface,
	job *batchv1.Job,
	secrets ...*corev1.Secret,
) runner.Runnable

NewRunnableJob constructs a new Runnable task defined as Kubernetes job configuration and secrets that it references.

func ObjectToObjectMetadata added in v0.12.0

func ObjectToObjectMetadata(obj client.Object, meta *metav1.ObjectMeta) error

ObjectToObjectMetadata encodes the specified client.Object as a set of labels and annotations added to the given ObjectMeta.

func PartialObjectToLabels added in v0.12.0

func PartialObjectToLabels(obj Object) map[string]string

PartialObjectToLabels encodes the specified Object as a set of labels.

If Object's name cannot be used as the value of the starboard.LabelResourceName label, as a fallback, this method will calculate a hash of the Object's name and use it as the value of the starboard.LabelResourceNameHash label.

Types

type ContainerImages added in v0.2.6

type ContainerImages map[string]string

ContainerImages is a simple structure to hold the mapping between container names and container image references.

func GetContainerImagesFromJob added in v0.10.0

func GetContainerImagesFromJob(job *batchv1.Job) (ContainerImages, error)

GetContainerImagesFromJob returns a map of container names to container images from the specified v1.Job. The mapping is encoded as JSON value of the AnnotationContainerImages annotation.

func GetContainerImagesFromPodSpec added in v0.10.0

func GetContainerImagesFromPodSpec(spec corev1.PodSpec) ContainerImages

GetContainerImagesFromPodSpec returns a map of container names to container images from the specified v1.PodSpec.

func (ContainerImages) AsJSON added in v0.2.6

func (ci ContainerImages) AsJSON() (string, error)

func (ContainerImages) FromJSON added in v0.2.6

func (ci ContainerImages) FromJSON(value string) error

type Kind added in v0.2.3

type Kind string

Kind represents the type of a Kubernetes Object.

const (
	KindUnknown Kind = "Unknown"

	KindNode      Kind = "Node"
	KindNamespace Kind = "Namespace"

	KindPod                   Kind = "Pod"
	KindReplicaSet            Kind = "ReplicaSet"
	KindReplicationController Kind = "ReplicationController"
	KindDeployment            Kind = "Deployment"
	KindStatefulSet           Kind = "StatefulSet"
	KindDaemonSet             Kind = "DaemonSet"
	KindCronJob               Kind = "CronJob"
	KindJob                   Kind = "Job"
	KindService               Kind = "Service"
	KindConfigMap             Kind = "ConfigMap"
	KindRole                  Kind = "Role"
	KindRoleBinding           Kind = "RoleBinding"

	KindClusterRole              Kind = "ClusterRole"
	KindClusterRoleBindings      Kind = "ClusterRoleBinding"
	KindCustomResourceDefinition Kind = "CustomResourceDefinition"
)

type LogsReader added in v0.9.0

type LogsReader interface {
	GetLogsByJobAndContainerName(ctx context.Context, job *batchv1.Job, containerName string) (io.ReadCloser, error)
	GetTerminatedContainersStatusesByJob(ctx context.Context, job *batchv1.Job) (map[string]*corev1.ContainerStateTerminated, error)
}

func NewLogsReader added in v0.9.0

func NewLogsReader(clientset kubernetes.Interface) LogsReader

type Object added in v0.2.3

type Object struct {
	Kind      Kind
	Name      string
	Namespace string
}

TODO Rename from Object to PartialObject (consider embedding types.NamespacedName struct) Object is a simplified representation of a Kubernetes object. Each object has kind, which designates the type of the entity it represents. Objects have names and many of them live in namespaces.

func GetPartialObjectFromKindAndNamespacedName added in v0.10.0

func GetPartialObjectFromKindAndNamespacedName(kind Kind, name types.NamespacedName) Object

func PartialObjectFromObjectMetadata added in v0.12.0

func PartialObjectFromObjectMetadata(objectMeta metav1.ObjectMeta) (Object, error)

type ObjectResolver added in v0.10.0

type ObjectResolver struct {
	client.Client
}

func (*ObjectResolver) CronJobByJob added in v0.13.0

func (o *ObjectResolver) CronJobByJob(ctx context.Context, job *batchv1.Job) (*batchv1beta1.CronJob, error)

func (*ObjectResolver) GetObjectFromPartialObject added in v0.10.0

func (o *ObjectResolver) GetObjectFromPartialObject(ctx context.Context, workload Object) (client.Object, error)

func (*ObjectResolver) GetRelatedReplicasetName added in v0.10.0

func (o *ObjectResolver) GetRelatedReplicasetName(ctx context.Context, object Object) (string, error)

GetRelatedReplicasetName attempts to find the replicaset that is associated with the given owner. If the owner is a Deployment, it will look for a ReplicaSet that is controlled by the Deployment. If the owner is a Pod, it will look for the ReplicaSet that owns the Pod.

func (*ObjectResolver) JobByPod added in v0.13.0

func (o *ObjectResolver) JobByPod(ctx context.Context, pod *corev1.Pod) (*batchv1.Job, error)

func (*ObjectResolver) ReplicaSetByDeployment added in v0.13.0

func (o *ObjectResolver) ReplicaSetByDeployment(ctx context.Context, deploy *appsv1.Deployment) (*appsv1.ReplicaSet, error)

ReplicaSetByDeployment returns the current revision of the specified Deployment. If the current revision cannot be found the ErrReplicaSetNotFound error is returned.

func (*ObjectResolver) ReplicaSetByPod added in v0.13.0

func (o *ObjectResolver) ReplicaSetByPod(ctx context.Context, pod *corev1.Pod) (*appsv1.ReplicaSet, error)

ReplicaSetByPod returns the controller ReplicaSet of the specified Pod.

func (*ObjectResolver) ReportOwner added in v0.13.0

func (o *ObjectResolver) ReportOwner(ctx context.Context, obj client.Object) (client.Object, error)

ReportOwner resolves the owner of a security report for the specified object.

type ScannerOpts added in v0.2.1

type ScannerOpts struct {
	ScanJobTimeout time.Duration
	DeleteScanJob  bool
}

ScannerOpts holds configuration of the vulnerability Scanner. TODO Rename to CLIConfig and move it to the cmd package

type SecretsReader added in v0.7.1

type SecretsReader interface {
	ListByLocalObjectReferences(ctx context.Context, refs []corev1.LocalObjectReference, ns string) ([]corev1.Secret, error)
	ListByServiceAccount(ctx context.Context, name string, ns string) ([]corev1.Secret, error)
	ListImagePullSecretsByPodSpec(ctx context.Context, spec corev1.PodSpec, ns string) ([]corev1.Secret, error)
	CredentialsByWorkload(ctx context.Context, workload client.Object) (map[string]docker.Auth, error)
}

SecretsReader defines methods for reading Secrets.

func NewSecretsReader added in v0.8.0

func NewSecretsReader(client client.Client) SecretsReader

NewSecretsReader constructs a new SecretsReader which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL