Documentation
¶
Index ¶
- func ConfigurePolicies(ctx context.Context, config etc.Config, c client.Client, ...) (*policy.Policies, error)
- func Policies(ctx context.Context, config etc.Config, c client.Client, ...) (*policy.Policies, error)
- type ChecksLoader
- type Misconfiguration
- type NodeCollectorJobController
- type NodeReconciler
- type PolicyConfigController
- type ResourceController
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConfigurePolicies ¶ added in v0.24.1
Types ¶
type ChecksLoader ¶ added in v0.24.1
type ChecksLoader struct {
// contains filtered or unexported fields
}
func NewChecksLoader ¶ added in v0.24.1
func NewChecksLoader( cfg etc.Config, logger logr.Logger, cl client.Client, objectResolver kube.ObjectResolver, pluginContext trivyoperator.PluginContext, pluginConfig configauditreport.PluginInMemory, policyLoader policy.Loader, ) *ChecksLoader
func (*ChecksLoader) GetPolicies ¶ added in v0.24.1
func (*ChecksLoader) SetupWithManager ¶ added in v0.24.1
func (r *ChecksLoader) SetupWithManager(mgr ctrl.Manager) error
type Misconfiguration ¶ added in v0.7.0
type Misconfiguration struct {
// contains filtered or unexported fields
}
type NodeCollectorJobController ¶ added in v0.11.0
type NodeCollectorJobController struct {
logr.Logger
etc.Config
kube.ObjectResolver
kube.LogsReader
PolicyLoader policy.Loader
trivyoperator.ConfigData
trivyoperator.PluginContext
configauditreport.PluginInMemory
InfraReadWriter infraassessment.ReadWriter
trivyoperator.BuildInfo
ChecksLoader *ChecksLoader
}
NodeCollectorJobController watches Kubernetes jobs generates v1alpha1.ClusterInfraAssessmentReport instances using infra assessment scanner
func (*NodeCollectorJobController) SetupWithManager ¶ added in v0.11.0
func (r *NodeCollectorJobController) SetupWithManager(mgr ctrl.Manager) error
type NodeReconciler ¶ added in v0.11.0
type NodeReconciler struct {
logr.Logger
etc.Config
PolicyLoader policy.Loader
trivyoperator.ConfigData
kube.ObjectResolver
trivyoperator.PluginContext
configauditreport.PluginInMemory
jobs.LimitChecker
InfraReadWriter infraassessment.ReadWriter
CacheSyncTimeout time.Duration
trivyoperator.BuildInfo
}
NodeReconciler reconciles corev1.Node and corev1.Job objects
to collect cluster nodes information (fileSystem permission and process arguments) the node information will be evaluated by the compliance control checks per relevant reports, examples: cis-benchmark and nsa
func (*NodeReconciler) SetupWithManager ¶ added in v0.11.0
func (r *NodeReconciler) SetupWithManager(mgr ctrl.Manager) error
type PolicyConfigController ¶ added in v0.8.0
type PolicyConfigController struct {
logr.Logger
etc.Config
kube.ObjectResolver
trivyoperator.PluginContext
PolicyLoader policy.Loader
configauditreport.PluginInMemory
ClusterVersion string
}
PolicyConfigController watches changes on policies config map and generates v1alpha1.ConfigAuditReport instances based on OPA Rego policies as fast as possible.
func (*PolicyConfigController) SetupWithManager ¶ added in v0.8.0
func (r *PolicyConfigController) SetupWithManager(mgr ctrl.Manager) error
type ResourceController ¶
type ResourceController struct {
logr.Logger
etc.Config
PolicyLoader policy.Loader
trivyoperator.ConfigData
kube.ObjectResolver
trivyoperator.PluginContext
configauditreport.PluginInMemory
configauditreport.ReadWriter
RbacReadWriter rbacassessment.ReadWriter
InfraReadWriter infraassessment.ReadWriter
trivyoperator.BuildInfo
ClusterVersion string
CacheSyncTimeout time.Duration
ChecksLoader *ChecksLoader
}
ResourceController watches all Kubernetes kinds and generates v1alpha1.ConfigAuditReport instances based on OPA Rego policies as fast as possible.
func (*ResourceController) SetupWithManager ¶
func (r *ResourceController) SetupWithManager(mgr ctrl.Manager) error
Source Files
Click to show internal directories.
Click to hide internal directories.