nodeagent

package
v0.0.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package nodeagent provides tarian node agent functionality

Index

Constants

View Source 
const (
	// ContainerIDLength is the standard length of the Container ID
	ContainerIDLength = 64

	// BpfContainerIDLength Minimum 31 chars to assume it is a Container ID
	// in case it was truncated
	BpfContainerIDLength = 31

	DockerIDLength = 128

	HostProcDir = "/host/proc"
)
View Source 
const (
	ThreatScanAnnotation = "pod-agent.k8s.tarian.dev/threat-scan"
	RegisterAnnotation   = "pod-agent.k8s.tarian.dev/register"
)

Variables

This section is empty.

Functions

func SetLogger 

func SetLogger(l *zap.SugaredLogger)

Types

type CaptureExec 

type CaptureExec struct {
	// contains filtered or unexported fields
}

func NewCaptureExec 

func NewCaptureExec() (*CaptureExec, error)

func (*CaptureExec) Close 

func (c *CaptureExec) Close()

func (*CaptureExec) GetEventsChannel 

func (c *CaptureExec) GetEventsChannel() chan ExecEvent

func (*CaptureExec) SetNodeName 

func (c *CaptureExec) SetNodeName(name string)

func (*CaptureExec) Start 

func (c *CaptureExec) Start()

type ExecEvent 

type ExecEvent struct {
	Pid               uint32
	Comm              string
	Filename          string
	ContainerID       string
	K8sPodUID         string
	K8sPodName        string
	K8sNamespace      string
	K8sPodLabels      map[string]string
	K8sPodAnnotations map[string]string
}

type K8sPodWatcher 

type K8sPodWatcher interface {
	FindPod(containerID string) *corev1.Pod
}

type NodeAgent 

type NodeAgent struct {
	// contains filtered or unexported fields
}

func NewNodeAgent 

func NewNodeAgent(clusterAgentAddress string) *NodeAgent

func (*NodeAgent) Dial 

func (n *NodeAgent) Dial()

func (*NodeAgent) EnableAddConstraint 

func (n *NodeAgent) EnableAddConstraint(enabled bool)

func (*NodeAgent) GetConstraints 

func (n *NodeAgent) GetConstraints() []*tarianpb.Constraint

func (*NodeAgent) GracefulStop 

func (n *NodeAgent) GracefulStop()

func (*NodeAgent) RegisterViolationsAsNewConstraint 

func (n *NodeAgent) RegisterViolationsAsNewConstraint(violation *ProcessViolation)

func (*NodeAgent) ReportViolationsToClusterAgent 

func (n *NodeAgent) ReportViolationsToClusterAgent(violation *ProcessViolation)

func (*NodeAgent) Run 

func (n *NodeAgent) Run()

func (*NodeAgent) SetConstraints 

func (n *NodeAgent) SetConstraints(constraints []*tarianpb.Constraint)

func (*NodeAgent) SetNodeName 

func (n *NodeAgent) SetNodeName(name string)

func (*NodeAgent) SyncConstraints 

func (n *NodeAgent) SyncConstraints()

func (*NodeAgent) ValidateProcess 

func (n *NodeAgent) ValidateProcess(evt *ExecEvent) *ProcessViolation

type PodWatcher 

type PodWatcher struct {
	// contains filtered or unexported fields
}

func NewPodWatcher 

func NewPodWatcher(k8sClient *kubernetes.Clientset, nodeName string) *PodWatcher

func (*PodWatcher) FindPod 

func (watcher *PodWatcher) FindPod(containerID string) *corev1.Pod

func (*PodWatcher) Start 

func (watcher *PodWatcher) Start()

type ProcessViolation 

type ProcessViolation struct {
	ExecEvent
}

Source Files

View all Source files

Directories

Path Synopsis
Package ebpf wraps ebpf programs and provides simpler abstraction
 Package ebpf wraps ebpf programs and provides simpler abstraction

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.