Documentation ¶
Index ¶
- func BuildPolicyViolation(policy string, resource kyverno.ResourceSpec, fRules []kyverno.ViolatedRule) kyverno.ClusterPolicyViolation
- func CreatePV(pvLister kyvernolister.ClusterPolicyViolationLister, ...)
- func CreatePVWhenBlocked(pvLister kyvernolister.ClusterPolicyViolationLister, ...)
- type PVControlInterface
- type PolicyViolationController
- type RealPVControl
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildPolicyViolation ¶
func BuildPolicyViolation(policy string, resource kyverno.ResourceSpec, fRules []kyverno.ViolatedRule) kyverno.ClusterPolicyViolation
BuildPolicyViolation returns an value of type PolicyViolation
func CreatePV ¶ added in v0.9.0
func CreatePV(pvLister kyvernolister.ClusterPolicyViolationLister, client *kyvernoclient.Clientset, engineResponses []engine.EngineResponse)
CreatePV creates policy violation resource based on the engine responses
func CreatePVWhenBlocked ¶ added in v0.10.0
func CreatePVWhenBlocked(pvLister kyvernolister.ClusterPolicyViolationLister, client *kyvernoclient.Clientset, dclient *dclient.Client, engineResponses []engine.EngineResponse)
CreatePVWhenBlocked creates pv on resource owner only when admission request is denied
Types ¶
type PVControlInterface ¶
type PVControlInterface interface { UpdateStatusPolicyViolation(newPv *kyverno.ClusterPolicyViolation) error RemovePolicyViolation(name string) error }
type PolicyViolationController ¶
type PolicyViolationController struct {
// contains filtered or unexported fields
}
PolicyViolationController manages the policy violation resource - sync the lastupdate time - check if the resource is active
func NewPolicyViolationController ¶
func NewPolicyViolationController(client *client.Client, kyvernoClient *kyvernoclient.Clientset, pInformer kyvernoinformer.ClusterPolicyInformer, pvInformer kyvernoinformer.ClusterPolicyViolationInformer) (*PolicyViolationController, error)
NewPolicyViolationController creates a new NewPolicyViolationController
func (*PolicyViolationController) Run ¶
func (pvc *PolicyViolationController) Run(workers int, stopCh <-chan struct{})
Run begins watching and syncing.
type RealPVControl ¶
type RealPVControl struct { Client kyvernoclient.Interface Recorder record.EventRecorder }
RealPVControl is the default implementation of PVControlInterface.
func (RealPVControl) RemovePolicyViolation ¶
func (r RealPVControl) RemovePolicyViolation(name string) error
RemovePolicyViolation removes the policy violation
func (RealPVControl) UpdateStatusPolicyViolation ¶
func (r RealPVControl) UpdateStatusPolicyViolation(newPv *kyverno.ClusterPolicyViolation) error
UpdateStatusPolicyViolation updates the status for policy violation
Click to show internal directories.
Click to hide internal directories.