Documentation ¶
Index ¶
- type PolicyBindMounts
- type PolicyDefaultSeccompPolicy
- type PolicyDenyUnconfinedApparmorPolicy
- type PolicyDockerSock
- type PolicyEmptyDirSizeLimit
- type PolicyImageImmutableReference
- type PolicyImagePullPolicy
- type PolicyMutateSafeToEvict
- type PolicyNoExec
- type PolicyNoHostNetwork
- type PolicyNoHostPID
- type PolicyNoNewCapabilities
- type PolicyNoPrivilegedContainer
- type PolicyNoRootUser
- type PolicyNoShareProcessNamespace
- type PolicyNoTiller
- type PolicySafeToEvict
- type PolicyTrustedRepository
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PolicyBindMounts ¶
type PolicyBindMounts struct{}
func (PolicyBindMounts) Name ¶
func (p PolicyBindMounts) Name() string
func (PolicyBindMounts) Validate ¶
func (p PolicyBindMounts) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyDefaultSeccompPolicy ¶
type PolicyDefaultSeccompPolicy struct{}
func (PolicyDefaultSeccompPolicy) Name ¶
func (p PolicyDefaultSeccompPolicy) Name() string
func (PolicyDefaultSeccompPolicy) Validate ¶
func (p PolicyDefaultSeccompPolicy) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyDenyUnconfinedApparmorPolicy ¶
type PolicyDenyUnconfinedApparmorPolicy struct{}
func (PolicyDenyUnconfinedApparmorPolicy) Name ¶
func (p PolicyDenyUnconfinedApparmorPolicy) Name() string
func (PolicyDenyUnconfinedApparmorPolicy) Validate ¶
func (p PolicyDenyUnconfinedApparmorPolicy) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyDockerSock ¶
type PolicyDockerSock struct{}
func (PolicyDockerSock) Name ¶
func (p PolicyDockerSock) Name() string
func (PolicyDockerSock) Validate ¶
func (p PolicyDockerSock) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyEmptyDirSizeLimit ¶
type PolicyEmptyDirSizeLimit struct { }
func (PolicyEmptyDirSizeLimit) Name ¶
func (p PolicyEmptyDirSizeLimit) Name() string
func (PolicyEmptyDirSizeLimit) Validate ¶
func (p PolicyEmptyDirSizeLimit) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyImageImmutableReference ¶
type PolicyImageImmutableReference struct{}
func (PolicyImageImmutableReference) Name ¶
func (p PolicyImageImmutableReference) Name() string
func (PolicyImageImmutableReference) Validate ¶
func (p PolicyImageImmutableReference) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyImagePullPolicy ¶
type PolicyImagePullPolicy struct{}
PolicyImagePullPolicy is to enforce the imagePullPolicy
func (PolicyImagePullPolicy) Name ¶
func (p PolicyImagePullPolicy) Name() string
Name is to return the name of the policy
func (PolicyImagePullPolicy) Validate ¶
func (p PolicyImagePullPolicy) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
Validate is to enforce the imagePullPolicy
type PolicyMutateSafeToEvict ¶
type PolicyMutateSafeToEvict struct{}
func (PolicyMutateSafeToEvict) Name ¶
func (p PolicyMutateSafeToEvict) Name() string
func (PolicyMutateSafeToEvict) Validate ¶
func (p PolicyMutateSafeToEvict) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoExec ¶
type PolicyNoExec struct{}
func (PolicyNoExec) Name ¶
func (p PolicyNoExec) Name() string
func (PolicyNoExec) Validate ¶
func (p PolicyNoExec) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoHostNetwork ¶
type PolicyNoHostNetwork struct{}
func (PolicyNoHostNetwork) Name ¶
func (p PolicyNoHostNetwork) Name() string
func (PolicyNoHostNetwork) Validate ¶
func (p PolicyNoHostNetwork) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoHostPID ¶
type PolicyNoHostPID struct{}
func (PolicyNoHostPID) Name ¶
func (p PolicyNoHostPID) Name() string
func (PolicyNoHostPID) Validate ¶
func (p PolicyNoHostPID) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoNewCapabilities ¶
type PolicyNoNewCapabilities struct{}
func (PolicyNoNewCapabilities) Name ¶
func (p PolicyNoNewCapabilities) Name() string
func (PolicyNoNewCapabilities) Validate ¶
func (p PolicyNoNewCapabilities) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoPrivilegedContainer ¶
type PolicyNoPrivilegedContainer struct{}
func (PolicyNoPrivilegedContainer) Name ¶
func (p PolicyNoPrivilegedContainer) Name() string
func (PolicyNoPrivilegedContainer) Validate ¶
func (p PolicyNoPrivilegedContainer) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoRootUser ¶ added in v3.4.2
type PolicyNoRootUser struct{}
func (PolicyNoRootUser) Name ¶ added in v3.4.2
func (p PolicyNoRootUser) Name() string
func (PolicyNoRootUser) Validate ¶ added in v3.4.2
func (p PolicyNoRootUser) Validate(ctx context.Context, _ policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoShareProcessNamespace ¶
type PolicyNoShareProcessNamespace struct{}
func (PolicyNoShareProcessNamespace) Name ¶
func (p PolicyNoShareProcessNamespace) Name() string
func (PolicyNoShareProcessNamespace) Validate ¶
func (p PolicyNoShareProcessNamespace) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyNoTiller ¶
type PolicyNoTiller struct{}
func (PolicyNoTiller) Name ¶
func (p PolicyNoTiller) Name() string
func (PolicyNoTiller) Validate ¶
func (p PolicyNoTiller) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicySafeToEvict ¶
type PolicySafeToEvict struct{}
func (PolicySafeToEvict) Name ¶
func (p PolicySafeToEvict) Name() string
func (PolicySafeToEvict) Validate ¶
func (p PolicySafeToEvict) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
type PolicyTrustedRepository ¶
type PolicyTrustedRepository struct{}
func (PolicyTrustedRepository) Name ¶
func (p PolicyTrustedRepository) Name() string
func (PolicyTrustedRepository) Validate ¶
func (p PolicyTrustedRepository) Validate(ctx context.Context, config policies.Config, ar *admissionv1.AdmissionRequest) ([]policies.ResourceViolation, []policies.PatchOperation)
Source Files ¶
- bind_mounts.go
- deny_unconfined_apparmor.go
- docker_sock.go
- empty_dir_size_limit.go
- immutable_image_digest.go
- mutate_default_seccomp_policy.go
- mutate_image_pull_policy.go
- mutate_safe_to_evict.go
- no_exec.go
- no_host_network.go
- no_host_pid.go
- no_new_capabilities.go
- no_privileged_container.go
- no_root.go
- no_shareprocessnamespace.go
- no_tiller.go
- safe_to_evict.go
- trusted_repository.go
Click to show internal directories.
Click to hide internal directories.