kube

package

v0.9.0-rc1 Latest Latest Go to latest Published: Jan 26, 2021 License: Apache-2.0 Imports: 30 Imported by: 14

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/starboard

Documentation ¶

Index ¶

Constants
func AggregateImagePullSecretsData(images ContainerImages, credentials map[string]docker.Auth) map[string][]byte
func GVRForResource(mapper meta.RESTMapper, resource string) (gvr schema.GroupVersionResource, gvk schema.GroupVersionKind, err error)
func GetActiveDeadlineSeconds(d time.Duration) *int64
func GetTerminatedContainersStatusesByPod(pod *corev1.Pod) map[string]*corev1.ContainerStateTerminated
func KindForObject(object metav1.Object, scheme *runtime.Scheme) (string, error)
func MapContainerNamesToDockerAuths(images ContainerImages, secrets []corev1.Secret) (map[string]docker.Auth, error)
func MapDockerRegistryServersToAuths(imagePullSecrets []corev1.Secret) (map[string]docker.Auth, error)
func NewImagePullSecret(meta metav1.ObjectMeta, server, username, password string) (*corev1.Secret, error)
func NewRunnableJob(scheme *runtime.Scheme, clientset kubernetes.Interface, job *batchv1.Job, ...) runner.Runnable
type CRManager
- func NewCRManager(clientset kubernetes.Interface, ...) *CRManager
- func (m *CRManager) Cleanup(ctx context.Context) (err error)
- func (m *CRManager) Init(ctx context.Context) (err error)
type ContainerImages
- func (ci ContainerImages) AsJSON() (string, error)
- func (ci ContainerImages) FromJSON(value string) error
type Kind
type LogsReader
- func NewLogsReader(clientset kubernetes.Interface) LogsReader
type Object
- func ObjectFromLabelsSet(set labels.Set) (Object, error)
type ScannerOpts
type SecretsReader
- func NewControllerRuntimeSecretsReader(client client.Client) SecretsReader
- func NewSecretsReader(clientset kubernetes.Interface) SecretsReader

Constants ¶

View Source

const (
	// TODO I'm wondering if we should rename starboard.resource.* labels to starboard.object.*
	// TODO In Kubernetes API terminology a resource is usually lowercase, plural word (e.g. pods) identifying a set of
	// TODO HTTP endpoints (paths) exposing the CRUD semantics of a certain object type in the system
	LabelResourceKind      = "starboard.resource.kind"
	LabelResourceName      = "starboard.resource.name"
	LabelResourceNamespace = "starboard.resource.namespace"

	LabelContainerName = "starboard.container.name"
	LabelPodSpecHash   = "pod-spec-hash"

	LabelConfigAuditReportScan   = "configAuditReport.scanner"
	LabelVulnerabilityReportScan = "vulnerabilityReport.scanner"

	LabelK8SAppManagedBy = "app.kubernetes.io/managed-by"
	AppStarboardOperator = "starboard-operator"
)

View Source

const (
	AnnotationContainerImages = "starboard.container-images"
)

Variables ¶

This section is empty.

Functions ¶

func AggregateImagePullSecretsData ¶ added in v0.7.1

func AggregateImagePullSecretsData(images ContainerImages, credentials map[string]docker.Auth) map[string][]byte

func GVRForResource ¶ added in v0.3.0

func GVRForResource(mapper meta.RESTMapper, resource string) (gvr schema.GroupVersionResource, gvk schema.GroupVersionKind, err error)

func GetActiveDeadlineSeconds ¶ added in v0.9.0

func GetActiveDeadlineSeconds(d time.Duration) *int64

func GetTerminatedContainersStatusesByPod ¶ added in v0.9.0

func GetTerminatedContainersStatusesByPod(pod *corev1.Pod) map[string]*corev1.ContainerStateTerminated

func KindForObject ¶ added in v0.3.0

func KindForObject(object metav1.Object, scheme *runtime.Scheme) (string, error)

func MapContainerNamesToDockerAuths ¶ added in v0.7.1

func MapContainerNamesToDockerAuths(images ContainerImages, secrets []corev1.Secret) (map[string]docker.Auth, error)

MapContainerNamesToDockerAuths creates the mapping from a container name to the Docker authentication credentials for the specified kube.ContainerImages and image pull Secrets.

func MapDockerRegistryServersToAuths ¶ added in v0.7.1

func MapDockerRegistryServersToAuths(imagePullSecrets []corev1.Secret) (map[string]docker.Auth, error)

MapDockerRegistryServersToAuths creates the mapping from a Docker registry server to the Docker authentication credentials for the specified slice of image pull Secrets.

func NewImagePullSecret ¶ added in v0.7.1

func NewImagePullSecret(meta metav1.ObjectMeta, server, username, password string) (*corev1.Secret, error)

NewImagePullSecret constructs a new image pull Secret with the specified registry server and basic authentication credentials.

func NewRunnableJob ¶

func NewRunnableJob(
	scheme *runtime.Scheme,
	clientset kubernetes.Interface,
	job *batchv1.Job,
	secrets ...*corev1.Secret,
) runner.Runnable

NewRunnableJob constructs a new Runnable task defined as Kubernetes job configuration and secrets that it references.

Types ¶

type CRManager ¶

type CRManager struct {
	// contains filtered or unexported fields
}

func NewCRManager ¶

func NewCRManager(
	clientset kubernetes.Interface,
	clientsetext extapi.ApiextensionsV1beta1Interface,
	configManager starboard.ConfigManager,
) *CRManager

NewCRManager constructs a CRManager with the given starboard.ConfigManager and kubernetes.Interface.

func (*CRManager) Cleanup ¶

func (m *CRManager) Cleanup(ctx context.Context) (err error)

func (*CRManager) Init ¶

func (m *CRManager) Init(ctx context.Context) (err error)

type ContainerImages ¶ added in v0.2.6

type ContainerImages map[string]string

ContainerImages is a simple structure to hold the mapping between container names and container image references.

func (ContainerImages) AsJSON ¶ added in v0.2.6

func (ci ContainerImages) AsJSON() (string, error)

func (ContainerImages) FromJSON ¶ added in v0.2.6

func (ci ContainerImages) FromJSON(value string) error

type Kind ¶ added in v0.2.3

type Kind string

Kind represents the type of a Kubernetes Object.

const (
	KindUnknown Kind = "Unknown"

	KindNode Kind = "Node"

	KindPod                   Kind = "Pod"
	KindReplicaSet            Kind = "ReplicaSet"
	KindReplicationController Kind = "ReplicationController"
	KindDeployment            Kind = "Deployment"
	KindStatefulSet           Kind = "StatefulSet"
	KindDaemonSet             Kind = "DaemonSet"
	KindCronJob               Kind = "CronJob"
	KindJob                   Kind = "Job"
)

type LogsReader ¶ added in v0.9.0

type LogsReader interface {
	GetLogsByJobAndContainerName(ctx context.Context, job *batchv1.Job, containerName string) (io.ReadCloser, error)
	GetTerminatedContainersStatusesByJob(ctx context.Context, job *batchv1.Job) (map[string]*corev1.ContainerStateTerminated, error)
}

func NewLogsReader ¶ added in v0.9.0

func NewLogsReader(clientset kubernetes.Interface) LogsReader

type Object ¶ added in v0.2.3

type Object struct {
	Kind      Kind
	Name      string
	Namespace string
}

Object is a simplified representation of a Kubernetes object. Each object has kind, which designates the type of the entity it represents. Objects have names and many of them live in namespaces.

func ObjectFromLabelsSet ¶ added in v0.2.3

func ObjectFromLabelsSet(set labels.Set) (Object, error)

type ScannerOpts ¶ added in v0.2.1

type ScannerOpts struct {
	ScanJobTimeout time.Duration
	DeleteScanJob  bool
}

ScannerOpts holds configuration of the vulnerability Scanner.

type SecretsReader ¶ added in v0.7.1

type SecretsReader interface {
	ListByLocalObjectReferences(ctx context.Context, refs []corev1.LocalObjectReference, ns string) ([]corev1.Secret, error)
	ListByServiceAccount(ctx context.Context, name string, ns string) ([]corev1.Secret, error)
	ListImagePullSecretsByPodSpec(ctx context.Context, spec corev1.PodSpec, ns string) ([]corev1.Secret, error)
}

SecretsReader defines methods for reading Secrets.

func NewControllerRuntimeSecretsReader ¶ added in v0.8.0

func NewControllerRuntimeSecretsReader(client client.Client) SecretsReader

NewControllerRuntimeSecretsReader constructs a new SecretsReader which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.

func NewSecretsReader ¶ added in v0.8.0

func NewSecretsReader(clientset kubernetes.Interface) SecretsReader

NewSecretsReader constructs a new SecretsReader which is using the client-go module for interacting with the Kubernetes API server.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
pod

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL