Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the falcon v1alpha1 API group +kubebuilder:object:generate=true +groupName=falcon.crowdstrike.com
Index ¶
- Constants
- Variables
- type AutoPilot
- type Exclusions
- type FalconAPI
- type FalconAdmission
- type FalconAdmissionConfigSpec
- func (in *FalconAdmissionConfigSpec) DeepCopy() *FalconAdmissionConfigSpec
- func (in *FalconAdmissionConfigSpec) DeepCopyInto(out *FalconAdmissionConfigSpec)
- func (watcher FalconAdmissionConfigSpec) DeployWatcherContainer() bool
- func (watcher FalconAdmissionConfigSpec) GetSnapshotsEnabled() bool
- func (watcher FalconAdmissionConfigSpec) GetSnapshotsInterval() time.Duration
- func (watcher FalconAdmissionConfigSpec) GetWatcherEnabled() bool
- type FalconAdmissionList
- type FalconAdmissionNamespace
- type FalconAdmissionRQSpec
- type FalconAdmissionServiceAccount
- type FalconAdmissionSpec
- type FalconAdmissionStatus
- type FalconAdmissionTLS
- type FalconAdmissionUpdateStrategy
- type FalconAdvanced
- func (in *FalconAdvanced) DeepCopy() *FalconAdvanced
- func (in *FalconAdvanced) DeepCopyInto(out *FalconAdvanced)
- func (advanced FalconAdvanced) GetUpdatePolicy() string
- func (advanced FalconAdvanced) HasUpdatePolicy() bool
- func (advanced FalconAdvanced) IsAutoUpdating() bool
- func (advanced FalconAdvanced) IsAutoUpdatingForced() bool
- type FalconCRStatus
- type FalconContainer
- type FalconContainerInjectorSpec
- type FalconContainerInjectorTLS
- type FalconContainerList
- type FalconContainerServiceAccount
- type FalconContainerSpec
- type FalconContainerStatus
- type FalconImageAnalyzer
- type FalconImageAnalyzerConfigSpec
- type FalconImageAnalyzerList
- type FalconImageAnalyzerPriorityClass
- type FalconImageAnalyzerServiceAccount
- type FalconImageAnalyzerSpec
- type FalconImageAnalyzerStatus
- type FalconImageAnalyzerUpdateStrategy
- type FalconNodeSensor
- type FalconNodeSensorConfig
- type FalconNodeSensorList
- type FalconNodeSensorSpec
- type FalconNodeSensorStatus
- type FalconNodeServiceAccount
- type FalconNodeUpdateStrategy
- type FalconSensor
- type PriorityClassConfig
- type RegistryConfig
- type RegistryCreds
- type RegistrySpec
- type RegistryTLSSpec
- type RegistryTypeSpec
- type ResourceList
- type Resources
Constants ¶
View Source
const ( Force = "force" Normal = "normal" Off = "off" )
View Source
const ( ConditionUnknown string = "Unknown" ConditionSuccess string = "Success" ConditionFailed string = "Failed" ConditionPending string = "Pending" ConditionImageReady string = "ImageReady" ConditionConfigMapReady string = "ConfigMapReady" ConditionDaemonSetReady string = "DaemonSetReady" ConditionDeploymentReady string = "DeploymentReady" ConditionServiceReady string = "ServiceReady" ConditionRouteReady string = "RouteReady" ConditionSecretReady string = "SecretReady" ConditionWebhookReady string = "WebhookReady" ReasonReqNotMet string = "RequirementsNotMet" ReasonReqMet string = "RequirementsMet" ReasonInstallSucceeded string = "InstallSucceeded" ReasonInstallFailed string = "InstallFailed" ReasonSucceeded string = "Succeeded" ReasonUpdateSucceeded string = "UpdateSucceeded" ReasonUpdateFailed string = "UpdateFailed" ReasonDeleteSucceeded string = "DeleteSucceeded" ReasonDeleteFailed string = "DeleteFailed" ReasonFailed string = "Failed" ReasonDiscovered string = "Discovered" )
View Source
const ( DeployWatcherDefault = true SnapshotsEnabledDefault = true SnapshotsIntervalDefault = 22 WatcherEnabledDefault = true )
Variables ¶
View Source
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "falcon.crowdstrike.com", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type AutoPilot ¶
type AutoPilot struct {
// Enables the use of GKE Autopilot.
// +operator-sdk:csv:customresourcedefinitions:type=spec
Enabled *bool `json:"autopilot,omitempty"`
}
func (*AutoPilot) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoPilot.
func (*AutoPilot) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Exclusions ¶ added in v1.0.0
type Exclusions struct {
// Configure a list of registries for the Falcon Image Analyzer to ignore.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Exclusions List",order=1
Registries []string `json:"registries,omitempty"`
// Configure a list of namespaces for Image Analyzer to ignore.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Ignore Namespace List",order=2
Namespaces []string `json:"namespaces,omitempty"`
}
func (*Exclusions) DeepCopy ¶ added in v1.0.0
func (in *Exclusions) DeepCopy() *Exclusions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Exclusions.
func (*Exclusions) DeepCopyInto ¶ added in v1.0.0
func (in *Exclusions) DeepCopyInto(out *Exclusions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAPI ¶
type FalconAPI struct {
// Cloud Region defines CrowdStrike Falcon Cloud Region to which the operator will connect and register.
// +kubebuilder:validation:Enum=autodiscover;us-1;us-2;eu-1;us-gov-1
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="CrowdStrike Falcon Cloud Region",order=3
CloudRegion string `json:"cloud_region"`
// Falcon OAuth2 API Client ID
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Client ID",order=1,xDescriptors="urn:alm:descriptor:com.tectonic.ui:password"
ClientId string `json:"client_id"`
// Falcon OAuth2 API Client Secret
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Client Secret",order=2,xDescriptors="urn:alm:descriptor:com.tectonic.ui:password"
ClientSecret string `json:"client_secret"`
// Falcon Customer ID (CID) Override (optional, default is derived from the API Key pair)
// +kubebuilder:validation:Pattern="^[0-9a-fA-F]{32}-[0-9a-fA-F]{2}$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Customer ID (CID)",order=4
CID *string `json:"cid,omitempty"`
// Specifies the hostname of the API endpoint to use. If blank, the public Falcon API endpoint is used.
// Intentionally not exported as a resource property.
HostOverride string `json:"-"`
}
FalconAPI configures connection from your local Falcon operator to CrowdStrike Falcon platform.
func (*FalconAPI) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAPI.
func (*FalconAPI) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdmission ¶
type FalconAdmission struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec FalconAdmissionSpec `json:"spec,omitempty"`
Status FalconCRStatus `json:"status,omitempty"`
}
FalconAdmission is the Schema for the falconadmissions API
func (*FalconAdmission) DeepCopy ¶
func (in *FalconAdmission) DeepCopy() *FalconAdmission
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmission.
func (*FalconAdmission) DeepCopyInto ¶
func (in *FalconAdmission) DeepCopyInto(out *FalconAdmission)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconAdmission) DeepCopyObject ¶
func (in *FalconAdmission) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconAdmissionConfigSpec ¶
type FalconAdmissionConfigSpec struct {
// Define annotations that will be passed down to admision controller service account. This is useful for passing along AWS IAM Role or GCP Workload Identity.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Service Account Configuration",order=7
ServiceAccount FalconAdmissionServiceAccount `json:"serviceAccount,omitempty"`
// Port on which the Falcon Admission Controller service will listen for requests from the cluster.
// +kubebuilder:default:=443
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Minimum:=0
// +kubebuilder:validation:Maximum:=65535
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Service Port",order=3,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:number"}
Port *int32 `json:"servicePort,omitempty"`
// Port on which the Falcon Admission Controller container will listen for requests.
// +kubebuilder:default:=4443
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Minimum:=0
// +kubebuilder:validation:Maximum:=65535
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Container Port",order=4,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:number"}
ContainerPort *int32 `json:"containerPort,omitempty"`
// Configure TLS setings for the Falcon Admission Controller
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller TLS Configuration",order=8
TLS FalconAdmissionTLS `json:"tls,omitempty"`
// Configure the failure policy for the Falcon Admission Controller.
// +kubebuilder:default:=Ignore
// +kubebuilder:validation:Enum=Ignore;Fail
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Failure Policy",order=6
FailurePolicy arv1.FailurePolicyType `json:"failurePolicy,omitempty"`
// Ignore admission control for a specific set of namespaces.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Ignore Namespace List",order=12
DisabledNamespaces FalconAdmissionNamespace `json:"disabledNamespaces,omitempty"`
// Determines if with falcon-watcher container is included in the Pod
// +kubebuilder:default:=true
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy Watcher Container",order=13
DeployWatcher *bool `json:"deployWatcher,omitempty"`
// Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility.
// +kubebuilder:default:=true
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Enable Resource Snapshots",order=15
SnapshotsEnabled *bool `json:"snapshotsEnabled,omitempty"`
// Time interval between two snapshots of Kubernetes resources in the cluster.
// +kubebuilder:default:="22h"
// +kubebuilder:validation:Type:=string
// +kubebuilder:validation:Format:=duration
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Time Interval Between Two Snapshots",order=16
SnapshotsInterval *metav1.Duration `json:"snapshotsInterval,omitempty"`
// Determines if Kubernetes resources are watched for cluster visibility.
// +kubebuilder:default:=true
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Enable Resource Watcher",order=17
WatcherEnabled *bool `json:"watcherEnabled,omitempty"`
// Currently ignored and internally set to 1
// +kubebuilder:default:=2
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Minimum:=0
// +kubebuilder:validation:Maximum:=65535
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Admission Controller Replica Count",order=5,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:number"}
Replicas *int32 `json:"replicas,omitempty"`
// +kubebuilder:default:=Always
// +kubebuilder:validation:Enum=Always;IfNotPresent;Never
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Image Pull Policy",order=2,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:imagePullPolicy"}
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
// ImagePullSecrets is an optional list of references to secrets to use for pulling image from the image location.
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Falcon Admission Controller Image Pull Secrets",xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"}
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Client Resources",order=9,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"}
// +kubebuilder:default:={"limits":{"cpu":"750m","memory":"384Mi"},"requests":{"cpu":"500m","memory":"384Mi"}}
ResourcesClient *corev1.ResourceRequirements `json:"resourcesClient,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Watcher Resources",order=14,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"}
// +kubebuilder:default:={"limits":{"cpu":"750m","memory":"384Mi"},"requests":{"cpu":"500m","memory":"384Mi"}}
ResourcesWatcher *corev1.ResourceRequirements `json:"resourcesWatcher,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Resources",order=10,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"}
//+kubebuilder:default:={"limits":{"cpu":"300m","memory":"256Mi"},"requests":{"cpu":"300m","memory":"256Mi"}}
ResourcesAC *corev1.ResourceRequirements `json:"resources,omitempty"`
// Type of Deployment update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
// +kubebuilder:default:={"rollingUpdate":{"maxUnavailable":0,"maxSurge":1}}
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deployment Update Strategy",order=11
DepUpdateStrategy FalconAdmissionUpdateStrategy `json:"updateStrategy,omitempty"`
}
func (*FalconAdmissionConfigSpec) DeepCopy ¶
func (in *FalconAdmissionConfigSpec) DeepCopy() *FalconAdmissionConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionConfigSpec.
func (*FalconAdmissionConfigSpec) DeepCopyInto ¶
func (in *FalconAdmissionConfigSpec) DeepCopyInto(out *FalconAdmissionConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (FalconAdmissionConfigSpec) DeployWatcherContainer ¶ added in v1.3.0
func (watcher FalconAdmissionConfigSpec) DeployWatcherContainer() bool
func (FalconAdmissionConfigSpec) GetSnapshotsEnabled ¶ added in v1.3.0
func (watcher FalconAdmissionConfigSpec) GetSnapshotsEnabled() bool
func (FalconAdmissionConfigSpec) GetSnapshotsInterval ¶ added in v1.3.0
func (watcher FalconAdmissionConfigSpec) GetSnapshotsInterval() time.Duration
func (FalconAdmissionConfigSpec) GetWatcherEnabled ¶ added in v1.3.0
func (watcher FalconAdmissionConfigSpec) GetWatcherEnabled() bool
type FalconAdmissionList ¶
type FalconAdmissionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []FalconAdmission `json:"items"`
}
FalconAdmissionList contains a list of FalconAdmission
func (*FalconAdmissionList) DeepCopy ¶
func (in *FalconAdmissionList) DeepCopy() *FalconAdmissionList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionList.
func (*FalconAdmissionList) DeepCopyInto ¶
func (in *FalconAdmissionList) DeepCopyInto(out *FalconAdmissionList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconAdmissionList) DeepCopyObject ¶
func (in *FalconAdmissionList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconAdmissionNamespace ¶
type FalconAdmissionNamespace struct {
// Configure a list of namespaces to ignore admission control.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Ignore Namespace List",order=1
Namespaces []string `json:"namespaces,omitempty"`
}
func (*FalconAdmissionNamespace) DeepCopy ¶
func (in *FalconAdmissionNamespace) DeepCopy() *FalconAdmissionNamespace
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionNamespace.
func (*FalconAdmissionNamespace) DeepCopyInto ¶
func (in *FalconAdmissionNamespace) DeepCopyInto(out *FalconAdmissionNamespace)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdmissionRQSpec ¶
type FalconAdmissionRQSpec struct {
// Limits the number of admission controller pods that can be created in the namespace.
// +kubebuilder:default:="2"
// +kubebuilder:validation:String
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Resource Quota Pod Limit",order=1,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:podCount"}
PodLimit string `json:"pods,omitempty"`
}
func (*FalconAdmissionRQSpec) DeepCopy ¶
func (in *FalconAdmissionRQSpec) DeepCopy() *FalconAdmissionRQSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionRQSpec.
func (*FalconAdmissionRQSpec) DeepCopyInto ¶
func (in *FalconAdmissionRQSpec) DeepCopyInto(out *FalconAdmissionRQSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdmissionServiceAccount ¶
type FalconAdmissionServiceAccount struct {
// Define annotations that will be passed down to the Service Account. This is useful for passing along AWS IAM Role or GCP Workload Identity.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Service Account Annotations",order=1
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*FalconAdmissionServiceAccount) DeepCopy ¶
func (in *FalconAdmissionServiceAccount) DeepCopy() *FalconAdmissionServiceAccount
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionServiceAccount.
func (*FalconAdmissionServiceAccount) DeepCopyInto ¶
func (in *FalconAdmissionServiceAccount) DeepCopyInto(out *FalconAdmissionServiceAccount)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdmissionSpec ¶
type FalconAdmissionSpec struct {
// Namespace where the Falcon Admission Controller should be installed.
// For best security practices, this should be a dedicated namespace that is not used for any other purpose.
// It also should not be the same namespace where the Falcon Operator or the Falcon Sensor is installed.
// +kubebuilder:default:=falcon-kac
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,xDescriptors={"urn:alm:descriptor:io.kubernetes:Namespace"}
InstallNamespace string `json:"installNamespace,omitempty"`
// CrowdStrike Falcon sensor configuration
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Sensor Configuration",order=3
Falcon FalconSensor `json:"falcon,omitempty"`
// FalconAPI configures connection from your local Falcon operator to CrowdStrike Falcon platform.
//
// When configured, it will pull the sensor from registry.crowdstrike.com and deploy the appropriate sensor to the cluster.
//
// If using the API is not desired, the sensor can be manually configured by setting the Image and Version fields.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Platform API Configuration",order=2
FalconAPI *FalconAPI `json:"falcon_api,omitempty"`
// ResourceQuota configures the ResourceQuota for the Falcon Admission Controller. This is useful for limiting the number of pods that can be created in the namespace.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Resource Quota",order=4
ResQuota FalconAdmissionRQSpec `json:"resourcequota,omitempty"`
// Registry configures container image registry to which the Admission Controller image will be pushed.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Registry Configuration",order=6
Registry RegistrySpec `json:"registry,omitempty"`
// Additional configuration for Falcon Admission Controller deployment.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Configuration",order=5
AdmissionConfig FalconAdmissionConfigSpec `json:"admissionConfig,omitempty"`
// Location of the Falcon Sensor image. Use only in cases when you mirror the original image to your repository/name:tag, and CrowdStrike OAuth2 API is not used.
// +kubebuilder:validation:Pattern="^.*:.*$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Image URI",order=7
Image string `json:"image,omitempty"`
// Falcon Admission Controller Version. The latest version will be selected when version specifier is missing. Example: 6.31, 6.31.0, 6.31.0-1409, etc.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Version",order=8
Version *string `json:"version,omitempty"`
}
FalconAdmissionSpec defines the desired state of FalconAdmission
func (*FalconAdmissionSpec) DeepCopy ¶
func (in *FalconAdmissionSpec) DeepCopy() *FalconAdmissionSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionSpec.
func (*FalconAdmissionSpec) DeepCopyInto ¶
func (in *FalconAdmissionSpec) DeepCopyInto(out *FalconAdmissionSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdmissionStatus ¶
type FalconAdmissionStatus struct {
// Version of the CrowdStrike Falcon Sensor
// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Falcon Sensor Version",xDescriptors={"urn:alm:descriptor:text"}
Sensor *string `json:"sensor,omitempty"`
// Version of the CrowdStrike Falcon Operator
// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Falcon Operator Version",xDescriptors={"urn:alm:descriptor:text"}
Version string `json:"version,omitempty"`
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Falcon Admission Conditions",xDescriptors={"urn:alm:descriptor:io.kubernetes.conditions"}
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
FalconAdmissionStatus defines the observed state of FalconAdmission
func (*FalconAdmissionStatus) DeepCopy ¶
func (in *FalconAdmissionStatus) DeepCopy() *FalconAdmissionStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionStatus.
func (*FalconAdmissionStatus) DeepCopyInto ¶
func (in *FalconAdmissionStatus) DeepCopyInto(out *FalconAdmissionStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdmissionTLS ¶
type FalconAdmissionTLS struct {
// Validity of the TLS certificate in days. Default is 3650 days.
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Pattern="^[0-9]{1-4}$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Injector TLS Validity Length (days)",order=1,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:number"}
Validity *int `json:"validity,omitempty"`
}
func (*FalconAdmissionTLS) DeepCopy ¶
func (in *FalconAdmissionTLS) DeepCopy() *FalconAdmissionTLS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionTLS.
func (*FalconAdmissionTLS) DeepCopyInto ¶
func (in *FalconAdmissionTLS) DeepCopyInto(out *FalconAdmissionTLS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdmissionUpdateStrategy ¶
type FalconAdmissionUpdateStrategy struct {
// RollingUpdate is used to specify the strategy used to roll out a deployment
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admisison Controller deployment update configuration",order=1,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:updateStrategy"}
RollingUpdate appsv1.RollingUpdateDeployment `json:"rollingUpdate,omitempty"`
}
func (*FalconAdmissionUpdateStrategy) DeepCopy ¶
func (in *FalconAdmissionUpdateStrategy) DeepCopy() *FalconAdmissionUpdateStrategy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdmissionUpdateStrategy.
func (*FalconAdmissionUpdateStrategy) DeepCopyInto ¶
func (in *FalconAdmissionUpdateStrategy) DeepCopyInto(out *FalconAdmissionUpdateStrategy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconAdvanced ¶ added in v1.2.0
type FalconAdvanced struct {
// UpdatePolicy is the name of a sensor update policy configured and enabled in Falcon UI. It is ignored when Image and/or Version are set.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Sensor Update Policy",order=1
UpdatePolicy *string `json:"updatePolicy,omitempty"`
// AutoUpdate determines whether to install new versions of the sensor as they become available. Defaults to "off" and is ignored if FalconAPI is not set.
// Setting this to "force" causes the reconciler to run on every polling cycle, even if a new sensor version is not available.
// Setting it to "normal" only reconciles when a new version is detected.
// +kubebuilder:validation:Enum=off;normal;force
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Sensor Automatic Updates",order=2
AutoUpdate *string `json:"autoUpdate,omitempty"`
}
FalconAdvanced configures various options that go against industry practices or are otherwise not recommended for use. Adjusting these settings may result in incorrect or undesirable behavior. Proceed at your own risk. For more information, please see https://github.com/CrowdStrike/falcon-operator/blob/main/docs/ADVANCED.md.
func (*FalconAdvanced) DeepCopy ¶ added in v1.2.0
func (in *FalconAdvanced) DeepCopy() *FalconAdvanced
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconAdvanced.
func (*FalconAdvanced) DeepCopyInto ¶ added in v1.2.0
func (in *FalconAdvanced) DeepCopyInto(out *FalconAdvanced)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (FalconAdvanced) GetUpdatePolicy ¶ added in v1.2.0
func (advanced FalconAdvanced) GetUpdatePolicy() string
func (FalconAdvanced) HasUpdatePolicy ¶ added in v1.2.0
func (advanced FalconAdvanced) HasUpdatePolicy() bool
func (FalconAdvanced) IsAutoUpdating ¶ added in v1.2.0
func (advanced FalconAdvanced) IsAutoUpdating() bool
func (FalconAdvanced) IsAutoUpdatingForced ¶ added in v1.2.0
func (advanced FalconAdvanced) IsAutoUpdatingForced() bool
type FalconCRStatus ¶
type FalconCRStatus struct {
// Version of the CrowdStrike Falcon Sensor
Sensor *string `json:"sensor,omitempty"`
// Version of the CrowdStrike Falcon Operator
Version string `json:"version,omitempty"`
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
FalconAdmissionStatus defines the observed state of FalconAdmission
func (*FalconCRStatus) DeepCopy ¶
func (in *FalconCRStatus) DeepCopy() *FalconCRStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconCRStatus.
func (*FalconCRStatus) DeepCopyInto ¶
func (in *FalconCRStatus) DeepCopyInto(out *FalconCRStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconContainer ¶
type FalconContainer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec FalconContainerSpec `json:"spec,omitempty"`
Status FalconContainerStatus `json:"status,omitempty"`
}
FalconContainer is the Schema for the falconcontainers API
func (*FalconContainer) DeepCopy ¶
func (in *FalconContainer) DeepCopy() *FalconContainer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconContainer.
func (*FalconContainer) DeepCopyInto ¶
func (in *FalconContainer) DeepCopyInto(out *FalconContainer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconContainer) DeepCopyObject ¶
func (in *FalconContainer) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconContainerInjectorSpec ¶
type FalconContainerInjectorSpec struct {
// Define annotations that will be passed down to injector service account. This is useful for passing along AWS IAM Role or GCP Workload Identity.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Service Account Configuration",order=1
ServiceAccount FalconContainerServiceAccount `json:"serviceAccount,omitempty"`
// +kubebuilder:default:=4433
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Minimum:=0
// +kubebuilder:validation:Maximum:=65535
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Injector Listen Port",order=2
ListenPort *int32 `json:"listenPort,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Injector TLS Configuration",order=3
TLS FalconContainerInjectorTLS `json:"tls,omitempty"`
// +kubebuilder:default:=Always
// +kubebuilder:validation:Enum=Always;IfNotPresent;Never
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Image Pull Policy",order=4
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
// +kubebuilder:default=crowdstrike-falcon-pull-secret
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Image Pull Secret Name",order=5
ImagePullSecretName string `json:"imagePullSecret,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Shared Log Volume",order=6
LogVolume *corev1.Volume `json:"logVolume,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Injector Resources",order=7
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Sensor Resources",order=8
SensorResources *corev1.ResourceRequirements `json:"sensorResources,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Additional Environment Variables",order=9
AdditionalEnvironmentVariables *map[string]string `json:"additionalEnvironmentVariables,omitempty"`
// +kubebuilder:default=false
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable Default Namespace Injection",order=10
DisableDefaultNSInjection bool `json:"disableDefaultNamespaceInjection,omitempty"`
// +kubebuilder:default=false
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable Default Pod Injection",order=11
DisableDefaultPodInjection bool `json:"disableDefaultPodInjection,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Azure Config file path",order=12
AzureConfigPath string `json:"azureConfigPath,omitempty"`
// +kubebuilder:default:=2
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Minimum:=0
// +kubebuilder:validation:Maximum:=65535
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Injector replica count",order=13
Replicas *int32 `json:"replicas,omitempty"`
}
func (*FalconContainerInjectorSpec) DeepCopy ¶
func (in *FalconContainerInjectorSpec) DeepCopy() *FalconContainerInjectorSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconContainerInjectorSpec.
func (*FalconContainerInjectorSpec) DeepCopyInto ¶
func (in *FalconContainerInjectorSpec) DeepCopyInto(out *FalconContainerInjectorSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconContainerInjectorTLS ¶
type FalconContainerInjectorTLS struct {
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Pattern="^[0-9]{1-4}$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Injector TLS Validity Length (days)",order=1
Validity *int `json:"validity,omitempty"`
}
func (*FalconContainerInjectorTLS) DeepCopy ¶
func (in *FalconContainerInjectorTLS) DeepCopy() *FalconContainerInjectorTLS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconContainerInjectorTLS.
func (*FalconContainerInjectorTLS) DeepCopyInto ¶
func (in *FalconContainerInjectorTLS) DeepCopyInto(out *FalconContainerInjectorTLS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconContainerList ¶
type FalconContainerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []FalconContainer `json:"items"`
}
FalconContainerList contains a list of FalconContainer
func (*FalconContainerList) DeepCopy ¶
func (in *FalconContainerList) DeepCopy() *FalconContainerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconContainerList.
func (*FalconContainerList) DeepCopyInto ¶
func (in *FalconContainerList) DeepCopyInto(out *FalconContainerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconContainerList) DeepCopyObject ¶
func (in *FalconContainerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconContainerServiceAccount ¶
type FalconContainerServiceAccount struct {
// Define annotations that will be passed down to the Service Account. This is useful for passing along AWS IAM Role or GCP Workload Identity.
// +operator-sdk:csv:customresourcedefinitions:type=spec
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*FalconContainerServiceAccount) DeepCopy ¶
func (in *FalconContainerServiceAccount) DeepCopy() *FalconContainerServiceAccount
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconContainerServiceAccount.
func (*FalconContainerServiceAccount) DeepCopyInto ¶
func (in *FalconContainerServiceAccount) DeepCopyInto(out *FalconContainerServiceAccount)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconContainerSpec ¶
type FalconContainerSpec struct {
// Namespace where the Falcon Sensor should be installed.
// For best security practices, this should be a dedicated namespace that is not used for any other purpose.
// It also should not be the same namespace where the Falcon Operator, or other Falcon resources are deployed.
// +kubebuilder:default:=falcon-system
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,xDescriptors={"urn:alm:descriptor:io.kubernetes:Namespace"}
InstallNamespace string `json:"installNamespace,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Sensor Configuration",order=1
Falcon FalconSensor `json:"falcon,omitempty"`
// FalconAPI configures connection from your local Falcon operator to CrowdStrike Falcon platform.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Platform API Configuration",order=2
FalconAPI *FalconAPI `json:"falcon_api,omitempty"`
// Registry configures container image registry to which the Falcon Container image will be pushed
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Image Registry Configuration",order=3
Registry RegistrySpec `json:"registry,omitempty"`
// Injector represents additional configuration for Falcon Container Injector
// +kubebuilder:default:={imagePullPolicy:Always}
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Injector Configuration",order=4
Injector FalconContainerInjectorSpec `json:"injector,omitempty"`
// +kubebuilder:validation:Pattern="^.*:.*$"
// +operator-sdk:cv:customresourcedefinitions:type=spec,displayName="Falcon Container Image URI",order=5
Image *string `json:"image,omitempty"`
// Falcon Container Version. The latest version will be selected when version specifier is missing; ignored when Image is set.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Image Version",order=6
Version *string `json:"version,omitempty"`
// Advanced configures various options that go against industry practices or are otherwise not recommended for use.
// Adjusting these settings may result in incorrect or undesirable behavior. Proceed at your own risk.
// For more information, please see https://github.com/CrowdStrike/falcon-operator/blob/main/docs/ADVANCED.md.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Advanced Settings"
Advanced FalconAdvanced `json:"advanced,omitempty"`
}
FalconContainerSpec defines the desired state of FalconContainer +k8s:openapi-gen=true
func (*FalconContainerSpec) DeepCopy ¶
func (in *FalconContainerSpec) DeepCopy() *FalconContainerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconContainerSpec.
func (*FalconContainerSpec) DeepCopyInto ¶
func (in *FalconContainerSpec) DeepCopyInto(out *FalconContainerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconContainerStatus ¶
type FalconContainerStatus struct {
// Version of the CrowdStrike Falcon Sensor
Sensor *string `json:"sensor,omitempty"`
// Version of the CrowdStrike Falcon Operator
Version string `json:"version,omitempty"`
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
FalconContainerStatus defines the observed state of FalconContainer +k8s:openapi-gen=true
func (*FalconContainerStatus) DeepCopy ¶
func (in *FalconContainerStatus) DeepCopy() *FalconContainerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconContainerStatus.
func (*FalconContainerStatus) DeepCopyInto ¶
func (in *FalconContainerStatus) DeepCopyInto(out *FalconContainerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconImageAnalyzer ¶ added in v1.0.0
type FalconImageAnalyzer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec FalconImageAnalyzerSpec `json:"spec,omitempty"`
Status FalconCRStatus `json:"status,omitempty"`
}
FalconImageAnalyzer is the Schema for the falconImageAnalyzers API
func (*FalconImageAnalyzer) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzer) DeepCopy() *FalconImageAnalyzer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzer.
func (*FalconImageAnalyzer) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzer) DeepCopyInto(out *FalconImageAnalyzer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconImageAnalyzer) DeepCopyObject ¶ added in v1.0.0
func (in *FalconImageAnalyzer) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconImageAnalyzerConfigSpec ¶ added in v1.0.0
type FalconImageAnalyzerConfigSpec struct {
// Define annotations that will be passed down to Image Analyzer service account. This is useful for passing along AWS IAM Role or GCP Workload Identity.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Service Account Configuration",order=1
ServiceAccount FalconImageAnalyzerServiceAccount `json:"serviceAccount,omitempty"`
// +kubebuilder:default:=Always
// +kubebuilder:validation:Enum=Always;IfNotPresent;Never
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Image Pull Policy",order=2,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:imagePullPolicy"}
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
// ImagePullSecrets is an optional list of references to secrets to use for pulling image from the image location.
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=3,displayName="Falcon Image Analyzer Image Pull Secrets",xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"}
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Resources",order=4,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"}
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Azure Config file path",order=5
AzureConfigPath string `json:"azureConfigPath,omitempty"`
// Enable priority class for the Falcon Image Analyzer deployment.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Priority Class",order=6
PriorityClass FalconImageAnalyzerPriorityClass `json:"priorityClass,omitempty"`
// Type of Deployment update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
// +kubebuilder:default:={"rollingUpdate":{"maxUnavailable":0,"maxSurge":1}}
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deployment Update Strategy",order=7
DepUpdateStrategy FalconImageAnalyzerUpdateStrategy `json:"updateStrategy,omitempty"`
// Set the falcon image analyzer volume size limit.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Volume Size Limit",order=8
// +kubebuilder:default:="20Gi"
VolumeSizeLimit string `json:"sizeLimit,omitempty"`
// Set the falcon image analyzer volume mount path.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Volume Mount Path",order=9
// +kubebuilder:default:="/tmp"
VolumeMountPath string `json:"mountPath,omitempty"`
// Name of the Kubernetes Cluster.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Cluster Name",order=10
ClusterName string `json:"clusterName,omitempty"`
// Exclusions for the Falcon Image Analyzer.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Exclusions",order=11
Exclusions Exclusions `json:"exclusions,omitempty"`
// RegistryConfig for the Falcon Image Analyzer.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Registry Configuration Options",order=12
RegistryConfig RegistryConfig `json:"registryConfig,omitempty"`
// Enable debugging for the Falcon Image Analyzer.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Enable Debugging",order=13
// +kubebuilder:default:=false
EnableDebug bool `json:"debug,omitempty"`
}
func (*FalconImageAnalyzerConfigSpec) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzerConfigSpec) DeepCopy() *FalconImageAnalyzerConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzerConfigSpec.
func (*FalconImageAnalyzerConfigSpec) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzerConfigSpec) DeepCopyInto(out *FalconImageAnalyzerConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconImageAnalyzerList ¶ added in v1.0.0
type FalconImageAnalyzerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []FalconImageAnalyzer `json:"items"`
}
FalconImageAnalyzerList contains a list of FalconImageAnalyzer
func (*FalconImageAnalyzerList) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzerList) DeepCopy() *FalconImageAnalyzerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzerList.
func (*FalconImageAnalyzerList) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzerList) DeepCopyInto(out *FalconImageAnalyzerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconImageAnalyzerList) DeepCopyObject ¶ added in v1.0.0
func (in *FalconImageAnalyzerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconImageAnalyzerPriorityClass ¶ added in v1.0.0
type FalconImageAnalyzerPriorityClass struct {
// Name of the priority class to use.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Name of the Priority Class to use",order=1
Name string `json:"name,omitempty"`
}
func (*FalconImageAnalyzerPriorityClass) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzerPriorityClass) DeepCopy() *FalconImageAnalyzerPriorityClass
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzerPriorityClass.
func (*FalconImageAnalyzerPriorityClass) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzerPriorityClass) DeepCopyInto(out *FalconImageAnalyzerPriorityClass)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconImageAnalyzerServiceAccount ¶ added in v1.0.0
type FalconImageAnalyzerServiceAccount struct {
// Define annotations that will be passed down to the Service Account. This is useful for passing along AWS IAM Role or GCP Workload Identity.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Service Account Annotations",order=1
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*FalconImageAnalyzerServiceAccount) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzerServiceAccount) DeepCopy() *FalconImageAnalyzerServiceAccount
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzerServiceAccount.
func (*FalconImageAnalyzerServiceAccount) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzerServiceAccount) DeepCopyInto(out *FalconImageAnalyzerServiceAccount)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconImageAnalyzerSpec ¶ added in v1.0.0
type FalconImageAnalyzerSpec struct {
// Namespace where the Falcon Image Analyzer should be installed.
// For best security practices, this should be a dedicated namespace that is not used for any other purpose.
// It also should not be the same namespace where the Falcon Operator or the Falcon Sensor is installed.
// +kubebuilder:default:=falcon-iar
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,xDescriptors={"urn:alm:descriptor:io.kubernetes:Namespace"}
InstallNamespace string `json:"installNamespace,omitempty"`
// FalconAPI configures connection from your local Falcon operator to CrowdStrike Falcon platform.
//
// When configured, it will pull the sensor from registry.crowdstrike.com and deploy the appropriate sensor to the cluster.
//
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Platform API Configuration",order=2
FalconAPI *FalconAPI `json:"falcon_api,omitempty"`
// Registry configures container image registry to which the Image Analyzer image will be pushed.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Registry Configuration",order=6
Registry RegistrySpec `json:"registry,omitempty"`
// Additional configuration for Falcon Image Analyzer deployment.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Configuration",order=5
ImageAnalyzerConfig FalconImageAnalyzerConfigSpec `json:"imageAnalyzerConfig,omitempty"`
// Location of the Image Analyzer image. Use only in cases when you mirror the original image to your repository/name:tag
// +kubebuilder:validation:Pattern="^.*:.*$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Image URI",order=7
Image string `json:"image,omitempty"`
// Falcon Image Analyzer Version. The latest version will be selected when version specifier is missing. Example: 6.31, 6.31.0, 6.31.0-1409, etc.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Version",order=8
Version *string `json:"version,omitempty"`
}
FalconImageAnalyzerSpec defines the desired state of FalconImageAnalyzer
func (*FalconImageAnalyzerSpec) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzerSpec) DeepCopy() *FalconImageAnalyzerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzerSpec.
func (*FalconImageAnalyzerSpec) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzerSpec) DeepCopyInto(out *FalconImageAnalyzerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconImageAnalyzerStatus ¶ added in v1.0.0
type FalconImageAnalyzerStatus struct {
// Version of the CrowdStrike Falcon Sensor
// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Falcon Sensor Version",xDescriptors={"urn:alm:descriptor:text"}
Sensor *string `json:"sensor,omitempty"`
// Version of the CrowdStrike Falcon Operator
// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Falcon Operator Version",xDescriptors={"urn:alm:descriptor:text"}
Version string `json:"version,omitempty"`
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Falcon Image Analyzer Conditions",xDescriptors={"urn:alm:descriptor:io.kubernetes.conditions"}
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
FalconImageAnalyzerStatus defines the observed state of FalconImageAnalyzer
func (*FalconImageAnalyzerStatus) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzerStatus) DeepCopy() *FalconImageAnalyzerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzerStatus.
func (*FalconImageAnalyzerStatus) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzerStatus) DeepCopyInto(out *FalconImageAnalyzerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconImageAnalyzerUpdateStrategy ¶ added in v1.0.0
type FalconImageAnalyzerUpdateStrategy struct {
// RollingUpdate is used to specify the strategy used to roll out a deployment
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admisison Controller deployment update configuration",order=1,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:updateStrategy"}
RollingUpdate appsv1.RollingUpdateDeployment `json:"rollingUpdate,omitempty"`
}
func (*FalconImageAnalyzerUpdateStrategy) DeepCopy ¶ added in v1.0.0
func (in *FalconImageAnalyzerUpdateStrategy) DeepCopy() *FalconImageAnalyzerUpdateStrategy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageAnalyzerUpdateStrategy.
func (*FalconImageAnalyzerUpdateStrategy) DeepCopyInto ¶ added in v1.0.0
func (in *FalconImageAnalyzerUpdateStrategy) DeepCopyInto(out *FalconImageAnalyzerUpdateStrategy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconNodeSensor ¶
type FalconNodeSensor struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec FalconNodeSensorSpec `json:"spec,omitempty"`
Status FalconNodeSensorStatus `json:"status,omitempty"`
}
FalconNodeSensor is the Schema for the falconnodesensors API +k8s:openapi-gen=true
func (*FalconNodeSensor) DeepCopy ¶
func (in *FalconNodeSensor) DeepCopy() *FalconNodeSensor
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeSensor.
func (*FalconNodeSensor) DeepCopyInto ¶
func (in *FalconNodeSensor) DeepCopyInto(out *FalconNodeSensor)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconNodeSensor) DeepCopyObject ¶
func (in *FalconNodeSensor) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconNodeSensorConfig ¶
type FalconNodeSensorConfig struct {
// Specifies tolerations for custom taints. Defaults to allowing scheduling on all nodes.
// +kubebuilder:default:={{key: "node-role.kubernetes.io/master", operator: "Exists", effect: "NoSchedule"}, {key: "node-role.kubernetes.io/control-plane", operator: "Exists", effect: "NoSchedule"}, {key: "node-role.kubernetes.io/infra", operator: "Exists", effect: "NoSchedule"}}
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=4
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// Specifies node affinity for scheduling the DaemonSet. Defaults to allowing scheduling on all nodes.
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=5
NodeAffinity corev1.NodeAffinity `json:"nodeAffinity,omitempty"`
// +kubebuilder:default=Always
// +kubebuilder:validation:Enum=Always;IfNotPresent;Never
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=3
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
// Location of the Falcon Sensor image. Use only in cases when you mirror the original image to your repository/name:tag
// +kubebuilder:validation:Pattern="^.*:.*$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=2
Image string `json:"image,omitempty"`
// ImagePullSecrets is an optional list of references to secrets in the falcon-system namespace to use for pulling image from image_override location.
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
// Type of DaemonSet update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="DaemonSet Update Strategy",order=6
DSUpdateStrategy FalconNodeUpdateStrategy `json:"updateStrategy,omitempty"`
// Kills pod after a specificed amount of time (in seconds). Default is 30 seconds.
// +kubebuilder:default:=30
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=7
TerminationGracePeriod int64 `json:"terminationGracePeriod,omitempty"`
// Add metadata to the DaemonSet Service Account for IAM roles.
// +operator-sdk:csv:customresourcedefinitions:type=spec
ServiceAccount FalconNodeServiceAccount `json:"serviceAccount,omitempty"`
// Disables the cleanup of the sensor through DaemonSet on the nodes.
// Disabling might have unintended consequences for certain operations such as sensor downgrading.
// +kubebuilder:default=false
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=8
NodeCleanup *bool `json:"disableCleanup,omitempty"`
// Configure resource requests and limits for the DaemonSet Sensor. Only applies when using the eBPF backend.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon eBPF Sensor Resources",order=9
SensorResources Resources `json:"resources,omitempty"`
// Sets the backend to be used by the DaemonSet Sensor.
// +kubebuilder:default=bpf
// +kubebuilder:validation:Enum=kernel;bpf
// +operator-sdk-csv:customresourcedefinitions:type=spec,order=10
Backend string `json:"backend,omitempty"`
// Enables the use of GKE Autopilot.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="GKE Autopilot Settings",order=11
GKE AutoPilot `json:"gke,omitempty"`
// Enable priority class for the DaemonSet. This is useful for GKE Autopilot clusters, but can be set for any cluster.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Priority Class",order=12
PriorityClass PriorityClassConfig `json:"priorityClass,omitempty"`
// Version of the sensor to be installed. The latest version will be selected when this version specifier is missing.
Version *string `json:"version,omitempty"`
// Advanced configures various options that go against industry practices or are otherwise not recommended for use.
// Adjusting these settings may result in incorrect or undesirable behavior. Proceed at your own risk.
// For more information, please see https://github.com/CrowdStrike/falcon-operator/blob/main/docs/ADVANCED.md.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="DaemonSet Advanced Settings"
Advanced FalconAdvanced `json:"advanced,omitempty"`
}
FalconNodeSensorConfig defines aspects about how the daemonset works. +k8s:openapi-gen=true
func (*FalconNodeSensorConfig) DeepCopy ¶
func (in *FalconNodeSensorConfig) DeepCopy() *FalconNodeSensorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeSensorConfig.
func (*FalconNodeSensorConfig) DeepCopyInto ¶
func (in *FalconNodeSensorConfig) DeepCopyInto(out *FalconNodeSensorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconNodeSensorList ¶
type FalconNodeSensorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []FalconNodeSensor `json:"items"`
}
FalconNodeSensorList contains a list of FalconNodeSensor
func (*FalconNodeSensorList) DeepCopy ¶
func (in *FalconNodeSensorList) DeepCopy() *FalconNodeSensorList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeSensorList.
func (*FalconNodeSensorList) DeepCopyInto ¶
func (in *FalconNodeSensorList) DeepCopyInto(out *FalconNodeSensorList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FalconNodeSensorList) DeepCopyObject ¶
func (in *FalconNodeSensorList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FalconNodeSensorSpec ¶
type FalconNodeSensorSpec struct {
// Namespace where the Falcon Sensor should be installed.
// For best security practices, this should be a dedicated namespace that is not used for any other purpose.
// It also should not be the same namespace where the Falcon Operator, or other Falcon resources are deployed.
// +kubebuilder:default:=falcon-system
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,xDescriptors={"urn:alm:descriptor:io.kubernetes:Namespace"}
InstallNamespace string `json:"installNamespace,omitempty"`
// Various configuration for DaemonSet Deployment
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="DaemonSet Configuration",order=3
Node FalconNodeSensorConfig `json:"node,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Sensor Configuration",order=2
Falcon FalconSensor `json:"falcon,omitempty"`
// FalconAPI configures connection from your local Falcon operator to CrowdStrike Falcon platform.
//
// When configured, it will pull the sensor from registry.crowdstrike.com and deploy the appropriate sensor to the cluster.
//
// If using the API is not desired, the sensor can be manually configured.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Platform API Configuration",order=1
FalconAPI *FalconAPI `json:"falcon_api,omitempty"`
}
FalconNodeSensorSpec defines the desired state of FalconNodeSensor +k8s:openapi-gen=true
func (*FalconNodeSensorSpec) DeepCopy ¶
func (in *FalconNodeSensorSpec) DeepCopy() *FalconNodeSensorSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeSensorSpec.
func (*FalconNodeSensorSpec) DeepCopyInto ¶
func (in *FalconNodeSensorSpec) DeepCopyInto(out *FalconNodeSensorSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconNodeSensorStatus ¶
type FalconNodeSensorStatus struct {
// Version of the CrowdStrike Falcon Sensor
Sensor *string `json:"sensor,omitempty"`
// Version of the CrowdStrike Falcon Operator
Version string `json:"version,omitempty"`
// Conditions represent the latest available observations of an object's state
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
FalconNodeSensorStatus defines the observed state of FalconNodeSensor +k8s:openapi-gen=true
func (*FalconNodeSensorStatus) DeepCopy ¶
func (in *FalconNodeSensorStatus) DeepCopy() *FalconNodeSensorStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeSensorStatus.
func (*FalconNodeSensorStatus) DeepCopyInto ¶
func (in *FalconNodeSensorStatus) DeepCopyInto(out *FalconNodeSensorStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconNodeServiceAccount ¶
type FalconNodeServiceAccount struct {
// Define annotations that will be passed down to the Service Account. This is useful for passing along AWS IAM Role or GCP Workload Identity.
// +operator-sdk:csv:customresourcedefinitions:type=spec
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*FalconNodeServiceAccount) DeepCopy ¶
func (in *FalconNodeServiceAccount) DeepCopy() *FalconNodeServiceAccount
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeServiceAccount.
func (*FalconNodeServiceAccount) DeepCopyInto ¶
func (in *FalconNodeServiceAccount) DeepCopyInto(out *FalconNodeServiceAccount)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconNodeUpdateStrategy ¶
type FalconNodeUpdateStrategy struct {
// +kubebuilder:default=RollingUpdate
// +kubebuilder:validation:Enum=RollingUpdate;OnDelete
// +operator-sdk:csv:customresourcedefinitions:type=spec
Type appsv1.DaemonSetUpdateStrategyType `json:"type,omitempty"`
RollingUpdate appsv1.RollingUpdateDaemonSet `json:"rollingUpdate,omitempty"`
}
func (*FalconNodeUpdateStrategy) DeepCopy ¶
func (in *FalconNodeUpdateStrategy) DeepCopy() *FalconNodeUpdateStrategy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeUpdateStrategy.
func (*FalconNodeUpdateStrategy) DeepCopyInto ¶
func (in *FalconNodeUpdateStrategy) DeepCopyInto(out *FalconNodeUpdateStrategy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FalconSensor ¶
type FalconSensor struct {
// Falcon Customer ID (CID)
// +kubebuilder:validation:Pattern:="^[0-9a-fA-F]{32}-[0-9a-fA-F]{2}$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Customer ID (CID)",order=1
CID *string `json:"cid,omitempty"`
// Disable the Falcon Sensor's use of a proxy.
// +kubebuilder:default:=false
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable Falcon Proxy",order=3,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch"
APD *bool `json:"apd,omitempty"`
// The application proxy host to use for Falcon sensor proxy configuration.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Proxy Host",order=4
APH string `json:"aph,omitempty"`
// The application proxy port to use for Falcon sensor proxy configuration.
// +kubebuilder:validation:Minimum:=0
// +kubebuilder:validation:Maximum:=65535
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Proxy Port",order=5,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:number"}
APP *int `json:"app,omitempty"`
// Utilize default or Pay-As-You-Go billing.
// +kubebuilder:validation:Enum:=default;metered
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Billing",order=8
Billing string `json:"billing,omitempty"`
// Installation token that prevents unauthorized hosts from being accidentally or maliciously added to your customer ID (CID).
// +kubebuilder:validation:Pattern:="^[0-9a-fA-F]{8}$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Provisioning Token",order=2
PToken string `json:"provisioning_token,omitempty"`
// Sensor grouping tags are optional, user-defined identifiers that can used to group and filter hosts. Allowed characters: all alphanumerics, '/', '-', and '_'.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Sensor Grouping Tags",order=6
Tags []string `json:"tags,omitempty"`
// Set sensor trace level.
// +kubebuilder:validation:Enum:=none;err;warn;info;debug
// +kubebuilder:default:=none
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Trace Level",order=7
Trace string `json:"trace,omitempty"`
}
CrowdStrike Falcon Sensor configuration settings. +k8s:openapi-gen=true
func (*FalconSensor) DeepCopy ¶
func (in *FalconSensor) DeepCopy() *FalconSensor
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconSensor.
func (*FalconSensor) DeepCopyInto ¶
func (in *FalconSensor) DeepCopyInto(out *FalconSensor)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PriorityClassConfig ¶
type PriorityClassConfig struct {
// Enables the operator to deploy a PriorityClass instead of rolling your own. Default is false.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy Priority Class to cluster",order=2
Deploy *bool `json:"deploy,omitempty"`
// Name of the priority class to use for the DaemonSet.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Name of the Priority Class to use",order=2
Name string `json:"name,omitempty"`
// Value of the priority class to use for the DaemonSet. Requires the Deploy field to be set to true.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Priority Class Value",order=3
Value *int32 `json:"value,omitempty"`
}
func (*PriorityClassConfig) DeepCopy ¶
func (in *PriorityClassConfig) DeepCopy() *PriorityClassConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityClassConfig.
func (*PriorityClassConfig) DeepCopyInto ¶
func (in *PriorityClassConfig) DeepCopyInto(out *PriorityClassConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistryConfig ¶ added in v1.0.0
type RegistryConfig struct {
// If neceeary, configure the registry credentials for the Falcon Image Analyzer.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry Credentials",order=1
Credentials []RegistryCreds `json:"credentials,omitempty"`
}
func (*RegistryConfig) DeepCopy ¶ added in v1.0.0
func (in *RegistryConfig) DeepCopy() *RegistryConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryConfig.
func (*RegistryConfig) DeepCopyInto ¶ added in v1.0.0
func (in *RegistryConfig) DeepCopyInto(out *RegistryConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistryCreds ¶ added in v1.0.0
type RegistryCreds struct {
// Namespace where the registry container secret is located.
Namespace string `json:"namespace,omitempty"`
// Name of the registry container secret.
SecretName string `json:"secretName,omitempty"`
}
func (*RegistryCreds) DeepCopy ¶ added in v1.0.0
func (in *RegistryCreds) DeepCopy() *RegistryCreds
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryCreds.
func (*RegistryCreds) DeepCopyInto ¶ added in v1.0.0
func (in *RegistryCreds) DeepCopyInto(out *RegistryCreds)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistrySpec ¶
type RegistrySpec struct {
// Type of container registry to be used
// +kubebuilder:validation:Enum=acr;ecr;gcr;crowdstrike;openshift
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry Type",order=1
Type RegistryTypeSpec `json:"type"`
// TLS configures TLS connection for push of Falcon Container image to the registry
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry TLS Configuration",order=2
TLS RegistryTLSSpec `json:"tls,omitempty"`
// Azure Container Registry Name represents the name of the ACR for the Falcon Container push. Only applicable to Azure cloud.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Azure Container Registry Name",order=3
AcrName *string `json:"acr_name,omitempty"`
}
RegistrySpec configures container image registry to which the Falcon Container image will be pushed
func (*RegistrySpec) DeepCopy ¶
func (in *RegistrySpec) DeepCopy() *RegistrySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrySpec.
func (*RegistrySpec) DeepCopyInto ¶
func (in *RegistrySpec) DeepCopyInto(out *RegistrySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistryTLSSpec ¶
type RegistryTLSSpec struct {
// Allow pushing to docker registries over HTTPS with failed TLS verification. Note that this does not affect other TLS connections.
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Skip Registry TLS Verification",order=1,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch"
InsecureSkipVerify bool `json:"insecure_skip_verify,omitempty"`
// Allow for users to provide a CA Cert Bundle, as either a string or base64 encoded string
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry CA Certificate Bundle; optionally (double) base64 encoded",order=2
CACertificate string `json:"caCertificate,omitempty"`
// Allow for users to provide a ConfigMap containing a CA Cert Bundle under a key ending in .crt
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="ConfigMap containing Registry CA Certificate Bundle",order=3,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap"}
CACertificateConfigMap string `json:"caCertificateConfigMap,omitempty"`
}
RegistryTLSSpec configures TLS for registry pushing
func (*RegistryTLSSpec) DeepCopy ¶
func (in *RegistryTLSSpec) DeepCopy() *RegistryTLSSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryTLSSpec.
func (*RegistryTLSSpec) DeepCopyInto ¶
func (in *RegistryTLSSpec) DeepCopyInto(out *RegistryTLSSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistryTypeSpec ¶
type RegistryTypeSpec string
const ( // RegistryTypeOpenshift represents OpenShift Image Stream RegistryTypeOpenshift RegistryTypeSpec = "openshift" // RegistryTypeGCR represents Google Container Registry RegistryTypeGCR RegistryTypeSpec = "gcr" // RegistryTypeECR represents AWS Elastic Container Registry RegistryTypeECR RegistryTypeSpec = "ecr" // RegistryTypeACR represents Azure Container Registry RegistryTypeACR RegistryTypeSpec = "acr" // RegistryTypeCrowdStrike represents deployment that won't push Falcon Container to local registry, instead CrowdStrike registry will be used. RegistryTypeCrowdStrike RegistryTypeSpec = "crowdstrike" )
type ResourceList ¶
type ResourceList struct {
// Minimum allowed is 250m.
// +operator-sdk:csv:customresourcedefinitions:type=spec
// +kubebuilder:validation:Pattern="^(([0-9]{4,}|[2-9][5-9][0-9])m$)|[0-9]+$"
CPU string `json:"cpu,omitempty"`
// Minimum allowed is 500Mi.
// +operator-sdk:csv:customresourcedefinitions:type=spec
// +kubebuilder:validation:Pattern="^(([5-9][0-9]{2}[Mi]+)|([0-9.]+[iEGTP]+))|(([5-9][0-9]{8})|([0-9]{10,}))$"
Memory string `json:"memory,omitempty"`
// +operator-sdk:csv:customresourcedefinitions:type=spec
EphemeralStorage string `json:"ephemeral-storage,omitempty"`
}
func (*ResourceList) DeepCopy ¶
func (in *ResourceList) DeepCopy() *ResourceList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceList.
func (*ResourceList) DeepCopyInto ¶
func (in *ResourceList) DeepCopyInto(out *ResourceList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Resources ¶
type Resources struct {
// Sets the resource limits for the DaemonSet Sensor. Only applies when using the eBPF backend.
// +operator-sdk:csv:customresourcedefinitions:type=spec
Limits ResourceList `json:"limits,omitempty"`
// Sets the resource requests for the DaemonSet Sensor. Only applies when using the eBPF backend.
// +operator-sdk:csv:customresourcedefinitions:type=spec
Requests ResourceList `json:"requests,omitempty"`
}
func (*Resources) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Resources.
func (*Resources) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
Click to show internal directories.
Click to hide internal directories.