podsecuritypolicy

package

v2.0.6-rc1+incompatible Latest Latest Go to latest Published: Jul 10, 2018 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/huntsman-li/rancher

Documentation ¶

Index ¶

func RegisterBindings(context *config.UserContext)
func RegisterCluster(context *config.UserContext)
func RegisterNamespace(context *config.UserContext)
func RegisterServiceAccount(context *config.UserContext)
func RegisterTemplate(context *config.UserContext)
type Lifecycle

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterBindings ¶

func RegisterBindings(context *config.UserContext)

RegisterBindings updates the pod security policy for this binding if it has been changed. Also resync service accounts so they pick up the change. If no policy exists then exits without doing anything.

func RegisterCluster ¶

func RegisterCluster(context *config.UserContext)

RegisterCluster updates the pod security policy if the pod security policy template default for this cluster has been updated, then resyncs all service accounts in this namespace.

func RegisterNamespace ¶

func RegisterNamespace(context *config.UserContext)

RegisterNamespace resyncs the current namespace's service accounts. This is necessary because service accounts determine their parent project via an annotation on the namespace, and the namespace is not always present when the service account handler is triggered. So we have this handler to retrigger the serviceaccount handler once the annotation has been added.

func RegisterServiceAccount ¶

func RegisterServiceAccount(context *config.UserContext)

RegisterServiceAccount ensures that:

Each namespace has a pod security policy assigned to a role if: a. its project has a PSPT assigned to it OR b. its cluster has a default PSPT assigned to it
PSPs are bound to their associated service accounts via a cluster role binding

func RegisterTemplate ¶

func RegisterTemplate(context *config.UserContext)

RegisterTemplate propagates updates to pod security policy templates to their associated pod security policies. Ignores pod security policy templates not assigned to a cluster or project.

Types ¶

type Lifecycle ¶

type Lifecycle struct {
	// contains filtered or unexported fields
}

func (*Lifecycle) Create ¶

func (l *Lifecycle) Create(obj *v3.PodSecurityPolicyTemplate) (*v3.PodSecurityPolicyTemplate, error)

func (*Lifecycle) Remove ¶

func (l *Lifecycle) Remove(obj *v3.PodSecurityPolicyTemplate) (*v3.PodSecurityPolicyTemplate, error)

func (*Lifecycle) Updated ¶

func (l *Lifecycle) Updated(obj *v3.PodSecurityPolicyTemplate) (*v3.PodSecurityPolicyTemplate, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL