collector

package
v0.0.51 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 7, 2024 License: Apache-2.0 Imports: 20 Imported by: 4

Documentation

Index

Constants

View Source
const (
	RecordStrategyAlways          = "always"
	RecordStrategyOnlyIfNotExists = "only-if-not-exists"
	MaxOpenEvents                 = 10000 // Per container profile.
	MaxNetworkEvents              = 10000 // Per container profile.
)
View Source
const (
	// ApplicationProfileKind is the kind of ApplicationProfile
	ApplicationProfileKind string = "ApplicationProfile"
	// ApplicationProfileGroup is the group of ApplicationProfile
	ApplicationProfileGroup string = "kubescape.io"
	// ApplicationProfileVersion is the version of ApplicationProfile
	ApplicationProfileVersion string = "v1"
	// ApplicationProfilePlural is the plural of ApplicationProfile
	ApplicationProfilePlural string = "applicationprofiles"
	// ApplicationProfileApiVersion is the api version of ApplicationProfile
	ApplicationProfileApiVersion string = ApplicationProfileGroup + "/" + ApplicationProfileVersion
)

Variables

Functions

func ConvertInterfaceToPod added in v0.0.27

func ConvertInterfaceToPod(obj interface{}) (*v1.Pod, error)

Types

type ApplicationProfile

type ApplicationProfile struct {
	v1.TypeMeta   `json:",inline"`
	v1.ObjectMeta `json:"metadata,omitempty"`
	// Specification of the desired behavior of the ApplicationProfile.
	Spec ApplicationProfileSpec `json:"spec,omitempty"`
}

type ApplicationProfileSpec

type ApplicationProfileSpec struct {
	Containers []ContainerProfile `json:"containers" yaml:"containers"`
}

type CapabilitiesCalls

type CapabilitiesCalls struct {
	Capabilities []string `json:"caps" yaml:"caps"`
	Syscall      string   `json:"syscall" yaml:"syscall"`
}

func (CapabilitiesCalls) Equals added in v0.0.34

type CollectorManager

type CollectorManager struct {
	// contains filtered or unexported fields
}

func StartCollectorManager

func StartCollectorManager(config *CollectorManagerConfig) (*CollectorManager, error)

func (*CollectorManager) CollectContainerEvents

func (cm *CollectorManager) CollectContainerEvents(id *ContainerId)

func (*CollectorManager) ContainerStarted

func (cm *CollectorManager) ContainerStarted(id *ContainerId, attach bool)

func (*CollectorManager) ContainerStopped

func (cm *CollectorManager) ContainerStopped(id *ContainerId)

func (*CollectorManager) FinalizeApplicationProfile added in v0.0.18

func (cm *CollectorManager) FinalizeApplicationProfile(id *ContainerId)

func (*CollectorManager) GetApplicationProfileName added in v0.0.49

func (cm *CollectorManager) GetApplicationProfileName(namespace, kind, name string) string

func (*CollectorManager) MarkPodNotRecording added in v0.0.27

func (cm *CollectorManager) MarkPodNotRecording(pod, namespace string)

func (*CollectorManager) MarkPodRecording added in v0.0.27

func (cm *CollectorManager) MarkPodRecording(pod, namespace string, attach bool)

func (*CollectorManager) OnContainerActivityEvent

func (cm *CollectorManager) OnContainerActivityEvent(event *tracing.ContainerActivityEvent)

func (*CollectorManager) StartFinalizerWatcher added in v0.0.27

func (cm *CollectorManager) StartFinalizerWatcher()

func (*CollectorManager) StopCollectorManager

func (cm *CollectorManager) StopCollectorManager() error

func (*CollectorManager) StopFinalizerWatcher added in v0.0.27

func (cm *CollectorManager) StopFinalizerWatcher()

type CollectorManagerConfig

type CollectorManagerConfig struct {
	// Event sink object
	EventSink *eventsink.EventSink
	// Interval in seconds for collecting data from containers
	Interval uint64
	// Finalize application profiles time
	FinalizeTime uint64
	// Finalize jitter
	FinalizeJitter uint64
	// Kubernetes configuration
	K8sConfig *rest.Config
	// Tracer object
	Tracer tracing.ITracer
	// Record strategy
	RecordStrategy string
	// Node name
	NodeName string
	// Should ignore mounts
	IgnoreMounts bool
	// Should ignore prefixes
	IgnorePrefixes []string
	// Should store profiles in the same namespace
	StoreNamespace string
}

type ContainerId

type ContainerId struct {
	Namespace string
	PodName   string
	Container string
	// Low level identifiers
	ContainerID string
	NsMntId     uint64
	Pid         uint32
}

type ContainerProfile

type ContainerProfile struct {
	Name            string              `json:"name" yaml:"name"`
	Execs           []ExecCalls         `json:"execs" yaml:"execs"`
	Opens           []OpenCalls         `json:"opens" yaml:"opens"`
	NetworkActivity NetworkActivity     `json:"networkActivity" yaml:"networkActivity"`
	Capabilities    []CapabilitiesCalls `json:"capabilities" yaml:"capabilities"`
	Dns             []DnsCalls          `json:"dns" yaml:"dns"`
	SysCalls        []string            `json:"syscalls" yaml:"syscalls"`
}

type ContainerState

type ContainerState struct {
	// contains filtered or unexported fields
}

type DnsCalls

type DnsCalls struct {
	DnsName   string   `json:"dnsName" yaml:"dnsName"`
	Addresses []string `json:"addresses" yaml:"addresses"`
}

func (DnsCalls) Equals added in v0.0.34

func (a DnsCalls) Equals(b DnsCalls) bool

type ExecCalls

type ExecCalls struct {
	Path string   `json:"path" yaml:"path"`
	Args []string `json:"args" yaml:"args"`
	Envs []string `json:"envs" yaml:"envs"`
}

func (ExecCalls) Equals

func (a ExecCalls) Equals(b ExecCalls) bool

type NetworkActivity

type NetworkActivity struct {
	Incoming []NetworkCalls `json:"incoming" yaml:"incoming"`
	Outgoing []NetworkCalls `json:"outgoing" yaml:"outgoing"`
}

func (NetworkActivity) Equals added in v0.0.34

func (a NetworkActivity) Equals(b NetworkActivity) bool

type NetworkCalls

type NetworkCalls struct {
	Protocol    string `json:"protocol" yaml:"protocol"`
	Port        uint16 `json:"port" yaml:"port"`
	DstEndpoint string `json:"dstEndpoint" yaml:"dstEndpoint"`
}

func (NetworkCalls) Equals added in v0.0.34

func (a NetworkCalls) Equals(b NetworkCalls) bool

type OpenCalls

type OpenCalls struct {
	Path  string   `json:"path" yaml:"path"`
	Flags []string `json:"flags" yaml:"flags"`
}

func (OpenCalls) Equals added in v0.0.34

func (a OpenCalls) Equals(b OpenCalls) bool

type PodProfileFinalizerState added in v0.0.27

type PodProfileFinalizerState struct {
	// Pod name
	PodName string
	// Pod namespace
	Namespace string
	// Timer
	FinalizationTimer *time.Timer
	// Recording state
	Recording bool
}

type TotalEvents added in v0.0.22

type TotalEvents struct {
	ExecEvents         []*tracing.ExecveEvent
	OpenEvents         []*tracing.OpenEvent
	SyscallEvents      []string
	CapabilitiesEvents []*tracing.CapabilitiesEvent
	DnsEvents          []*tracing.DnsEvent
	NetworkEvents      []*tracing.NetworkEvent
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL