Documentation
¶
Index ¶
- Constants
- Variables
- func BlueLock()
- func GetContainerID() (string, error)
- type BlueLockDaemon
- func (dm *BlueLockDaemon) CreateEndpointWithPod()
- func (dm *BlueLockDaemon) CreateNewPod()
- func (dm *BlueLockDaemon) CreateSecurityPolicy(policy ksp.KubeArmorPolicy) (secPolicy tp.SecurityPolicy, err error)
- func (dm *BlueLockDaemon) GetSecurityPolicies(identities []string) []tp.SecurityPolicy
- func (dm *BlueLockDaemon) UpdateSecurityPolicy(action string, secPolicy tp.SecurityPolicy)
- func (dm *BlueLockDaemon) WatchSecurityPolicies() *http.Response
- type K8sHandler
- func (kh *K8sHandler) CheckCustomResourceDefinition(resourceName string) bool
- func (kh *K8sHandler) DoRequest(cmd string, data interface{}, path string) ([]byte, error)
- func (kh *K8sHandler) InitInclusterAPIClient() bool
- func (kh *K8sHandler) InitK8sClient() bool
- func (kh *K8sHandler) InitLocalAPIClient() bool
Constants ¶
View Source
const PodNotFoundErr = "Matching pod not found"
Variables ¶
View Source
var StopChan chan struct{}
StopChan Channel
Functions ¶
func GetContainerID ¶
getContainerIDFromCGroup returns the ID of the container from the cgroup file. If cgroup v1 container ID provider fails, then fall back to cgroup v2 container ID provider. If no container ID found, an empty string will be returned.
Types ¶
type BlueLockDaemon ¶
type BlueLockDaemon struct {
// K8s specific
// whether running in K8s cluster
K8sEnabled bool
// K8s pod being monitored
K8sPod tp.K8sPod
// K8s EndPoint
EndPoint tp.EndPoint
// The container in which KubeArmor is running
Container tp.Container
// Security policies for the container
SecurityPolicies []tp.SecurityPolicy
SecurityPoliciesLock *sync.RWMutex
// DefaultPosture
DefaultPosture tp.DefaultPosture
// Logger
Logger *feeder.Feeder
// Enforcer
RuntimeEnforcer *enforcer.PtraceEnforcer
}
func NewBlueLockDaemon ¶
func NewBlueLockDaemon() *BlueLockDaemon
func (*BlueLockDaemon) CreateEndpointWithPod ¶
func (dm *BlueLockDaemon) CreateEndpointWithPod()
func (*BlueLockDaemon) CreateSecurityPolicy ¶
func (dm *BlueLockDaemon) CreateSecurityPolicy(policy ksp.KubeArmorPolicy) (secPolicy tp.SecurityPolicy, err error)
func (*BlueLockDaemon) GetSecurityPolicies ¶
func (dm *BlueLockDaemon) GetSecurityPolicies(identities []string) []tp.SecurityPolicy
func (*BlueLockDaemon) UpdateSecurityPolicy ¶
func (dm *BlueLockDaemon) UpdateSecurityPolicy(action string, secPolicy tp.SecurityPolicy)
UpdateSecurityPolicy Function
func (*BlueLockDaemon) WatchSecurityPolicies ¶
func (dm *BlueLockDaemon) WatchSecurityPolicies() *http.Response
watches security policies only for a particular pod
type K8sHandler ¶
type K8sHandler struct {
K8sClient *kubernetes.Clientset
KSPClient *kspclient.Clientset
HTTPClient *http.Client
WatchClient *http.Client
K8sToken string
K8sHost string
K8sPort string
}
var K8s *K8sHandler
func (*K8sHandler) CheckCustomResourceDefinition ¶
func (kh *K8sHandler) CheckCustomResourceDefinition(resourceName string) bool
CheckCustomResourceDefinition Function
func (*K8sHandler) DoRequest ¶
func (kh *K8sHandler) DoRequest(cmd string, data interface{}, path string) ([]byte, error)
DoRequest Function
func (*K8sHandler) InitInclusterAPIClient ¶
func (kh *K8sHandler) InitInclusterAPIClient() bool
InitInclusterAPIClient Function
func (*K8sHandler) InitK8sClient ¶
func (kh *K8sHandler) InitK8sClient() bool
InitK8sClient Function
func (*K8sHandler) InitLocalAPIClient ¶
func (kh *K8sHandler) InitLocalAPIClient() bool
InitLocalAPIClient Function
Source Files
Click to show internal directories.
Click to hide internal directories.