Documentation
¶
Index ¶
- type AllowedHostPath
- type DenyHostNamespace
- type DenyHostPathVolumes
- type DenyHostPorts
- type DenyNonCoreVolumeTypes
- type DenyPrivilegeEscalation
- type DenyPrivilegedContainers
- type DenyRootGroups
- type DenyRunAsRoot
- type DenyUnsafeAppArmor
- type DenyUnsafeCapabilities
- type DenyUnsafeProcMount
- type DenyUnsafeSELinux
- type DenyUnsafeSeccomp
- type DenyUnsafeSysctls
- type PortRange
- type Validator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AllowedHostPath ¶ added in v0.2.0
type AllowedHostPath struct {
PathPrefix string `json:"pathPrefix"`
}
type DenyHostNamespace ¶
type DenyHostNamespace struct{}
DenyHostNamespace is a Validator that denies sharing the host namespaces
type DenyHostPathVolumes ¶
type DenyHostPathVolumes struct {
// contains filtered or unexported fields
}
DenyHostPathVolumes is a Validator that denies usage of HostPath volumes
func NewDenyHostPaths ¶ added in v0.2.0
func NewDenyHostPaths(hostPaths []AllowedHostPath) DenyHostPathVolumes
type DenyHostPorts ¶
type DenyHostPorts struct {
// contains filtered or unexported fields
}
DenyHostPorts is a Validator that denies usage of HostPorts
func NewDenyHostPorts ¶
func NewDenyHostPorts(hostPorts []PortRange) DenyHostPorts
type DenyNonCoreVolumeTypes ¶
type DenyNonCoreVolumeTypes struct{}
DenyNonCoreVolumeTypes is a Validator that denies usage of non-core volume types
type DenyPrivilegeEscalation ¶
type DenyPrivilegeEscalation struct{}
DenyPrivilegeEscalation is a Validator that denies privilege escalation
type DenyPrivilegedContainers ¶
type DenyPrivilegedContainers struct{}
DenyPrivilegedContainers is a Validator that denies privileged containers
type DenyRootGroups ¶
type DenyRootGroups struct{}
DenyRootGroups is a Validator that denies running with a root primary or supplementary GID
type DenyRunAsRoot ¶
type DenyRunAsRoot struct{}
DenyRunAsRoot is a Validator that denies running as root users
type DenyUnsafeAppArmor ¶
type DenyUnsafeAppArmor struct{}
DenyUnsafeAppArmor is a Validator that denies overriding or disabling the default AppArmor profile
type DenyUnsafeCapabilities ¶
type DenyUnsafeCapabilities struct {
// contains filtered or unexported fields
}
DenyUnsafeCapabilities is a Validator that denies adding capabilities beyond the default set
func NewDenyUnsafeCapabilities ¶
func NewDenyUnsafeCapabilities(capabilities []string) DenyUnsafeCapabilities
type DenyUnsafeProcMount ¶
type DenyUnsafeProcMount struct{}
DenyUnsafeProcMount is a Validator that denies unmasked proc mount
type DenyUnsafeSELinux ¶
type DenyUnsafeSELinux struct{}
DenyUnsafeSELinux is a Validator that denies setting custom SELinux options
type DenyUnsafeSeccomp ¶
type DenyUnsafeSeccomp struct{}
DenyUnsafeSeccomp is a Validator that denies usage of non-default Seccomp profile
type DenyUnsafeSysctls ¶
type DenyUnsafeSysctls struct{}
DenyUnsafeSysctls is a Validator that denies usage of unsafe sysctls
Source Files
¶
- deny_host_namespace.go
- deny_host_path_volumes.go
- deny_host_ports.go
- deny_non_core_volume_types.go
- deny_privileged_containers.go
- deny_privileged_escalation.go
- deny_root_groups.go
- deny_run_as_root.go
- deny_unsafe_apparmor.go
- deny_unsafe_capabilities.go
- deny_unsafe_procmount.go
- deny_unsafe_seccomp.go
- deny_unsafe_selinux.go
- deny_unsafe_sysctls.go
- validator.go