config

package

v0.37.0 Latest Latest Go to latest Published: Sep 4, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/castai/kvisor

Links

Open Source Insights

Documentation ¶

Index ¶

type API
type Bundles
- func (b *Bundles) Decode(input string) error
type CloudScan
type CloudScanEKS
type CloudScanGKE
type Config
- func Load(configPath string) (Config, error)
type ImageScan
type ImageScanImage
type KubeBench
type KubeClient
type Linter
type Log
type PolicyEnforcement
type SecurityAgentVersion
- func (a *SecurityAgentVersion) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type API ¶

type API struct {
	Key       string `envconfig:"API_KEY" yaml:"key"`
	URL       string `envconfig:"API_URL" yaml:"url"`
	ClusterID string `envconfig:"API_CLUSTER_ID" yaml:"clusterID"`
}

type Bundles ¶ added in v0.34.4

type Bundles []string

func (*Bundles) Decode ¶ added in v0.34.4

func (b *Bundles) Decode(input string) error

type CloudScan ¶

type CloudScan struct {
	Enabled      bool          `envconfig:"CLOUD_SCAN_ENABLED" yaml:"enabled"`
	ScanInterval time.Duration `envconfig:"CLOUD_SCAN_SCAN_INTERVAL" yaml:"scanInterval"`
	GKE          *CloudScanGKE `envconfig:"CLOUD_SCAN_GKE" yaml:"gke"`
	EKS          *CloudScanEKS `envconfig:"CLOUD_SCAN_EKS" yaml:"eks"`
}

type CloudScanEKS ¶

type CloudScanEKS struct {
	ClusterName string `envconfig:"CLOUD_SCAN_EKS_CLUSTER_NAME" yaml:"clusterName"`
}

type CloudScanGKE ¶

type CloudScanGKE struct {
	ClusterName        string `envconfig:"CLOUD_SCAN_GKE_CLUSTER_NAME" yaml:"clusterName"`
	CredentialsFile    string `envconfig:"CLOUD_SCAN_GKE_CREDENTIALS_FILE" yaml:"credentialsFile"`
	ServiceAccountName string `envconfig:"CLOUD_SCAN_GKE_SERVICE_ACCOUNT_NAME" yaml:"serviceAccountName"`
}

type Config ¶

type Config struct {
	PodIP             string            `envconfig:"POD_IP" yaml:"podIP"`
	PodNamespace      string            `envconfig:"POD_NAMESPACE" yaml:"podNamespace"`
	ServiceName       string            `envconfig:"SERVICE_NAME" yaml:"serviceName"`
	ServicePort       int               `envconfig:"SERVICE_PORT" yaml:"servicePort"`
	CertsDir          string            `envconfig:"CERTS_DIR" yaml:"certsDir"`
	CertsSecret       string            `envconfig:"CERTS_SECRET" yaml:"certsSecret"`
	LeaderElection    bool              `envconfig:"LEADER_ELECTION" yaml:"leaderElection"`
	PolicyEnforcement PolicyEnforcement `envconfig:"POLICY_ENFORCEMENT" yaml:"policyEnforcement"`
	KubeClient        KubeClient        `envconfig:"KUBE_CLIENT" yaml:"kubeClient"`
	Log               Log               `envconfig:"LOG" yaml:"log"`
	API               API               `envconfig:"API" yaml:"api"`
	HTTPPort          int               `envconfig:"HTTP_PORT" yaml:"httpPort"`
	StatusPort        int               `envconfig:"STATUS_PORT" yaml:"statusPort"`
	Provider          string            `envconfig:"PROVIDER" yaml:"provider"`
	DeltaSyncInterval time.Duration     `envconfig:"DELTA_SYNC_INTERVAL" yaml:"deltaSyncInterval"`
	ImageScan         ImageScan         `envconfig:"IMAGE_SCAN" yaml:"imageScan"`
	Linter            Linter            `envconfig:"LINTER" yaml:"linter"`
	KubeBench         KubeBench         `envconfig:"KUBE_BENCH" yaml:"kubeBench"`
	CloudScan         CloudScan         `envconfig:"CLOUD_SCAN" yaml:"cloudScan"`
}

func Load ¶

func Load(configPath string) (Config, error)

type ImageScan ¶

type ImageScan struct {
	Enabled            bool           `envconfig:"IMAGE_SCAN_ENABLED" yaml:"enabled"`
	ScanInterval       time.Duration  `envconfig:"IMAGE_SCAN_SCAN_INTERVAL" yaml:"scanInterval"`
	ScanTimeout        time.Duration  `envconfig:"IMAGE_SCAN_SCAN_TIMEOUT" yaml:"scanTimeout"`
	MaxConcurrentScans int64          `envconfig:"IMAGE_SCAN_MAX_CONCURRENT_SCANS" yaml:"maxConcurrentScans"`
	Image              ImageScanImage `envconfig:"IMAGE_SCAN_IMAGE" yaml:"image"`
	Mode               string         `envconfig:"IMAGE_SCAN_MODE" yaml:"mode"`
	APIUrl             string         `envconfig:"IMAGE_SCAN_API_URL" yaml:"apiUrl"`
	DockerOptionsPath  string         `envconfig:"IMAGE_SCAN_DOCKER_OPTIONS_PATH" yaml:"dockerOptionsPath"`
	CPURequest         string         `envconfig:"IMAGE_SCAN_CPU_REQUEST" yaml:"cpuRequest"`
	CPULimit           string         `envconfig:"IMAGE_SCAN_CPU_LIMIT" yaml:"cpuLimit"`
	MemoryRequest      string         `envconfig:"IMAGE_SCAN_MEMORY_REQUEST" yaml:"memoryRequest"`
	MemoryLimit        string         `envconfig:"IMAGE_SCAN_MEMORY_LIMIT" yaml:"memoryLimit"`
	Force              bool           `envconfig:"IMAGE_SCAN_FORCE" yaml:"force"`
	ProfileEnabled     bool           `envconfig:"IMAGE_SCAN_PROFILE_ENABLED" yaml:"profileEnabled"`
	PhlareEnabled      bool           `envconfig:"IMAGE_SCAN_PHLARE_ENABLED" yaml:"phlareEnabled"`
	PullSecret         string         `envconfig:"IMAGE_SCAN_PULL_SECRET" yaml:"pullSecret"`
}

type ImageScanImage ¶

type ImageScanImage struct {
	Name       string `envconfig:"IMAGE_SCAN_IMAGE_NAME" yaml:"name"`
	PullPolicy string `envconfig:"IMAGE_SCAN_IMAGE_PULL_POLICY" yaml:"pullPolicy"`
}

type KubeBench ¶

type KubeBench struct {
	Enabled      bool          `envconfig:"KUBE_BENCH_ENABLED" yaml:"enabled"`
	Force        bool          `envconfig:"KUBE_BENCH_FORCE" yaml:"force"`
	ScanInterval time.Duration `envconfig:"KUBE_BENCH_SCAN_INTERVAL" yaml:"scanInterval"`
}

type KubeClient ¶

type KubeClient struct {
	// K8S client rate limiter allows bursts of up to 'burst' to exceed the QPS, while still maintaining a
	// smoothed qps rate of 'qps'.
	// The bucket is initially filled with 'burst' tokens, and refills at a rate of 'qps'.
	// The maximum number of tokens in the bucket is capped at 'burst'.
	QPS   int `envconfig:"KUBE_CLIENT_QPS" yaml:"qps"`
	Burst int `envconfig:"KUBE_CLIENT_BURST" yaml:"burst"`
	// Custom kubeconfig path.
	KubeConfigPath string `envconfig:"KUBE_CLIENT_KUBECONFIG" yaml:"kubeconfig"`
}

type Linter ¶

type Linter struct {
	Enabled bool `envconfig:"LINTER_ENABLED" yaml:"enabled"`
}

type Log ¶

type Log struct {
	Level string `envconfig:"LOG_LEVEL" yaml:"level"`
}

type PolicyEnforcement ¶ added in v0.34.0

type PolicyEnforcement struct {
	Enabled     bool    `envconfig:"POLICY_ENFORCEMENT_ENABLED" yaml:"enabled"`
	WebhookName string  `envconfig:"POLICY_ENFORCEMENT_WEBHOOK_NAME" yaml:"webhookName"`
	Bundles     Bundles `envconfig:"POLICY_ENFORCEMENT_BUNDLES" yaml:"bundles"`
}

type SecurityAgentVersion ¶

type SecurityAgentVersion struct {
	GitCommit, GitRef, Version string
}

func (*SecurityAgentVersion) String ¶

func (a *SecurityAgentVersion) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL