Documentation ¶
Index ¶
- type Config
- func (c Config) GetOperatorNamespace() (string, error)
- func (c Config) GetPrivateRegistryScanSecretsNames() (map[string]string, error)
- func (c Config) GetTargetNamespaces() []string
- func (c Config) GetTargetWorkloads() []string
- func (c Config) ResolveInstallMode() (InstallMode, string, []string, error)
- type InstallMode
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Namespace string `env:"OPERATOR_NAMESPACE"` TargetNamespaces string `env:"OPERATOR_TARGET_NAMESPACES"` ExcludeNamespaces string `env:"OPERATOR_EXCLUDE_NAMESPACES"` ServiceAccount string `env:"OPERATOR_SERVICE_ACCOUNT" envDefault:"tunnel-operator"` LogDevMode bool `env:"OPERATOR_LOG_DEV_MODE" envDefault:"false"` ScanJobTimeout time.Duration `env:"OPERATOR_SCAN_JOB_TIMEOUT" envDefault:"5m"` ScanJobTTL *time.Duration `env:"OPERATOR_SCAN_JOB_TTL"` ConcurrentScanJobsLimit int `env:"OPERATOR_CONCURRENT_SCAN_JOBS_LIMIT" envDefault:"10"` ConcurrentNodeCollectorLimit int `env:"OPERATOR_CONCURRENT_NODE_COLLECTOR_LIMIT" envDefault:"1"` ScanJobRetryAfter time.Duration `env:"OPERATOR_SCAN_JOB_RETRY_AFTER" envDefault:"30s"` BatchDeleteLimit int `env:"OPERATOR_BATCH_DELETE_LIMIT" envDefault:"10"` BatchDeleteDelay time.Duration `env:"OPERATOR_BATCH_DELETE_DELAY" envDefault:"10s"` MetricsBindAddress string `env:"OPERATOR_METRICS_BIND_ADDRESS" envDefault:":8080"` MetricsFindingsEnabled bool `env:"OPERATOR_METRICS_FINDINGS_ENABLED" envDefault:"true"` MetricsVulnerabilityId bool `env:"OPERATOR_METRICS_VULN_ID_ENABLED" envDefault:"false"` MetricsExposedSecretInfo bool `env:"OPERATOR_METRICS_EXPOSED_SECRET_INFO_ENABLED" envDefault:"false"` MetricsConfigAuditInfo bool `env:"OPERATOR_METRICS_CONFIG_AUDIT_INFO_ENABLED" envDefault:"false"` MetricsRbacAssessmentInfo bool `env:"OPERATOR_METRICS_RBAC_ASSESSMENT_INFO_ENABLED" envDefault:"false"` MetricsInfraAssessmentInfo bool `env:"OPERATOR_METRICS_INFRA_ASSESSMENT_INFO_ENABLED" envDefault:"false"` HealthProbeBindAddress string `env:"OPERATOR_HEALTH_PROBE_BIND_ADDRESS" envDefault:":9090"` VulnerabilityScannerEnabled bool `env:"OPERATOR_VULNERABILITY_SCANNER_ENABLED" envDefault:"true"` SbomGenerationEnable bool `env:"OPERATOR_SBOM_GENERATION_ENABLED" envDefault:"true"` VulnerabilityScannerScanOnlyCurrentRevisions bool `env:"OPERATOR_VULNERABILITY_SCANNER_SCAN_ONLY_CURRENT_REVISIONS" envDefault:"true"` ScannerReportTTL *time.Duration `env:"OPERATOR_SCANNER_REPORT_TTL" envDefault:"24h"` ClusterComplianceEnabled bool `env:"OPERATOR_CLUSTER_COMPLIANCE_ENABLED" envDefault:"true"` InvokeClusterComplianceOnce bool `env:"OPERATOR_INVOKE_CLUSTER_COMPLIANCE_ONCE" envDefault:"false"` // for testing purposes only ConfigAuditScannerEnabled bool `env:"OPERATOR_CONFIG_AUDIT_SCANNER_ENABLED" envDefault:"true"` RbacAssessmentScannerEnabled bool `env:"OPERATOR_RBAC_ASSESSMENT_SCANNER_ENABLED" envDefault:"true"` InfraAssessmentScannerEnabled bool `env:"OPERATOR_INFRA_ASSESSMENT_SCANNER_ENABLED" envDefault:"true"` ConfigAuditScannerScanOnlyCurrentRevisions bool `env:"OPERATOR_CONFIG_AUDIT_SCANNER_SCAN_ONLY_CURRENT_REVISIONS" envDefault:"true"` LeaderElectionEnabled bool `env:"OPERATOR_LEADER_ELECTION_ENABLED" envDefault:"false"` LeaderElectionID string `env:"OPERATOR_LEADER_ELECTION_ID" envDefault:"tunneloperator-lock"` ExposedSecretScannerEnabled bool `env:"OPERATOR_EXPOSED_SECRET_SCANNER_ENABLED" envDefault:"true"` WebhookBroadcastURL string `env:"OPERATOR_WEBHOOK_BROADCAST_URL"` WebhookBroadcastTimeout *time.Duration `env:"OPERATOR_WEBHOOK_BROADCAST_TIMEOUT" envDefault:"30s"` WebhookSendDeletedReports bool `env:"OPERATOR_SEND_DELETED_REPORTS" envDefault:"false"` TargetWorkloads string `env:"OPERATOR_TARGET_WORKLOADS" envDefault:"Pod,ReplicaSet,ReplicationController,StatefulSet,DaemonSet,CronJob,Job"` AccessGlobalSecretsAndServiceAccount bool `env:"OPERATOR_ACCESS_GLOBAL_SECRETS_SERVICE_ACCOUNTS" envDefault:"true"` PrivateRegistryScanSecretsNames string `env:"OPERATOR_PRIVATE_REGISTRY_SCAN_SECRETS_NAMES"` BuiltInTunnelServer bool `env:"OPERATOR_BUILT_IN_TUNNEL_SERVER" envDefault:"false"` TunnelServerHealthCheckCacheExpiration *time.Duration `env:"TUNNEL_SERVER_HEALTH_CHECK_CACHE_EXPIRATION" envDefault:"10h"` MergeRbacFindingWithConfigAudit bool `env:"OPERATOR_MERGE_RBAC_FINDING_WITH_CONFIG_AUDIT" envDefault:"false"` ControllerCacheSyncTimeout *time.Duration `env:"CONTROLLER_CACHE_SYNC_TIMEOUT" envDefault:"5m"` }
Config defines parameters for running the operator.
func GetOperatorConfig ¶
GetOperatorConfig loads Config from environment variables.
func (Config) GetOperatorNamespace ¶
GetOperatorNamespace returns the namespace the operator should be running in.
func (Config) GetPrivateRegistryScanSecretsNames ¶
func (Config) GetTargetNamespaces ¶
GetTargetNamespaces returns namespaces the operator should be watching for changes.
func (Config) GetTargetWorkloads ¶
func (Config) ResolveInstallMode ¶
func (c Config) ResolveInstallMode() (InstallMode, string, []string, error)
ResolveInstallMode resolves InstallMode based on configured Config.Namespace and Config.TargetNamespaces.
type InstallMode ¶
type InstallMode string
InstallMode represents multitenancy support defined by the Operator Lifecycle Manager spec.
const ( OwnNamespace InstallMode = "OwnNamespace" SingleNamespace InstallMode = "SingleNamespace" MultiNamespace InstallMode = "MultiNamespace" AllNamespaces InstallMode = "AllNamespaces" )
Click to show internal directories.
Click to hide internal directories.