resources

package

v0.9.1 Latest Latest Go to latest Published: Feb 10, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/starboard

Links

Open Source Insights

Documentation ¶

Overview ¶

This package provides primitives for working with Kubernetes objects. TODO We should merge this package with the kube package.

Index ¶

func ComputeHash(obj interface{}) string
func DeepHashObject(hasher hash.Hash, objectToWrite interface{})
func GetContainerImagesFromJob(job *batchv1.Job) (kube.ContainerImages, error)
func GetContainerImagesFromPodSpec(spec corev1.PodSpec) kube.ContainerImages
func GetImmediateOwnerReference(pod *corev1.Pod) kube.Object

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ComputeHash ¶

func ComputeHash(obj interface{}) string

ComputeHash returns a hash value calculated from pod spec. The hash will be safe encoded to avoid bad words.

func DeepHashObject ¶

func DeepHashObject(hasher hash.Hash, objectToWrite interface{})

DeepHashObject writes specified object to hash using the spew library which follows pointers and prints actual values of the nested objects ensuring the hash does not change when a pointer changes.

func GetContainerImagesFromJob ¶

func GetContainerImagesFromJob(job *batchv1.Job) (kube.ContainerImages, error)

func GetContainerImagesFromPodSpec ¶

func GetContainerImagesFromPodSpec(spec corev1.PodSpec) kube.ContainerImages

func GetImmediateOwnerReference ¶

func GetImmediateOwnerReference(pod *corev1.Pod) kube.Object

GetImmediateOwnerReference returns the immediate owner of the specified pod. For example, for a pod controlled by a Deployment it will return the active ReplicaSet, whereas for an unmanaged pod the immediate owner is the pod itself.

Note that kubelet can manage pods independently by reading pod definition files from a configured host directory (typically /etc/kubernetes/manifests). Such pods are called *static pods* and are owned by a cluster Node. In this case we treat them as unmanaged pods. (Otherwise we'd require cluster-scoped permissions to get Nodes in order to set the owner reference when we create an instance of custom security report.)

Pods created and controlled by third party frameworks, such as Argo workflow engine, are considered as unmanaged. Otherwise we'd need to maintain and extend the list of RBAC permissions over time. TODO Merge this method with OwnerResolver, which accepts kube.Object and resolves client.Object.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL