Documentation
¶
Overview ¶
package continuousscanning provides utilities that help the Operator watch for changes in the cluster it operates in
Resource Kinds that the Operator is interested in ¶
The non-namespaced kinds the Operator is interested in are:
- */*/ClusterRole
- */*/ClusterRoleBinding
- rbac.authorization.k8s.io/v1/ClusterRole
- rbac.authorization.k8s.io/v1/ClusterRoleBinding
- /v1/Namespace
- */*/Namespace
- /v1/Node
- admissionregistration.k8s.io/*/MutatingWebhookConfiguration
- admissionregistration.k8s.io/*/ValidatingWebhookConfiguration
- apiregistration.k8s.io/v1/APIService
- policy/*/PodSecurityPolicy
The Namespaced kinds the Operator is interested in are:
- */*/ConfigMap
- */*/CronJob
- */*/DaemonSet
- */*/Deployment
- */*/Job
- */*/Pod
- */*/ReplicaSet
- */*/Role
- */*/RoleBinding
- */*/ServiceAccount
- */*/StatefulSet
- /v1/Pod
- /v1/Service
- /v1/ServiceAccount
- apps/v1/DaemonSet
- apps/v1/Deployment
- apps/v1/ReplicaSet
- apps/v1/StatefulSet
- batch/*/CronJob
- batch/*/Job
- networking.k8s.io/v1/Ingress
- networking.k8s.io/v1/NetworkPolicy
- rbac.authorization.k8s.io/v1/Role
- rbac.authorization.k8s.io/v1/RoleBinding
Index ¶
- Variables
- func NewDynamicWatch(ctx context.Context, client dynamic.Interface, gvr schema.GroupVersionResource, ...) (watch.Interface, error)
- func NewFileFetcher(r io.Reader) *fileFetcher
- func NewTargetLoader(f MatchingRuleFetcher) *targetLoader
- type APIResourceMatch
- type ContinuousScanningService
- type EventHandler
- type MatchingRuleFetcher
- type MatchingRules
- type SelfHealingWatch
- type TargetLoader
- type WatchPool
Constants ¶
This section is empty.
Variables ¶
var (
ErrUnexpectedGVRString = errors.New("unexpected Group Version Resource string")
)
Functions ¶
func NewDynamicWatch ¶
func NewFileFetcher ¶
NewFileFetcher returns a new file-based rule matches fetcher
func NewTargetLoader ¶
func NewTargetLoader(f MatchingRuleFetcher) *targetLoader
NewTargetLoader returns a new Target Loader
Types ¶
type APIResourceMatch ¶
type APIResourceMatch struct {
Groups []string `json:"apiGroups"`
Versions []string `json:"apiVersions"`
Resources []string `json:"resources"`
}
APIResourceMatch is a definition of a matching rule for API Resources
It defines a rule on how to generate GVRs from it. The rule definition captures ANY of the mentioned Groups, Versions and Resources
type ContinuousScanningService ¶
type ContinuousScanningService struct {
// contains filtered or unexported fields
}
func NewContinuousScanningService ¶
func NewContinuousScanningService(client dynamic.Interface, tl TargetLoader, h ...EventHandler) *ContinuousScanningService
func (*ContinuousScanningService) AddEventHandler ¶
func (s *ContinuousScanningService) AddEventHandler(fn EventHandler)
func (*ContinuousScanningService) Launch ¶
func (s *ContinuousScanningService) Launch(ctx context.Context) <-chan armoapi.Command
Launch launches the service.
It sets up the provided watches, listens for events they deliver in the background and dispatches them to registered event handlers. Launch blocks until all the underlying watches are ready to accept events.
func (*ContinuousScanningService) Stop ¶
func (s *ContinuousScanningService) Stop()
type EventHandler ¶
func NewDeletedCleanerHandler ¶
func NewDeletedCleanerHandler(wp *ants.PoolWithFunc, clusterConfig config.IConfig, storageClient kssc.Interface) EventHandler
func NewTriggeringHandler ¶
func NewTriggeringHandler(wp *ants.PoolWithFunc, clusterConfig config.IConfig) EventHandler
type MatchingRuleFetcher ¶
type MatchingRuleFetcher interface {
Fetch(ctx context.Context) (*MatchingRules, error)
}
MatchingRuleFetcher fetches Matching Rules from somewhere
type MatchingRules ¶
type MatchingRules struct {
APIResources []APIResourceMatch `json:"match"`
Namespaces []string `json:"namespaces"`
}
MatchingRules is a definition of resource matching rules
type SelfHealingWatch ¶
type SelfHealingWatch struct {
// contains filtered or unexported fields
}
func NewSelfHealingWatch ¶
func NewSelfHealingWatch(client dynamic.Interface, gvr schema.GroupVersionResource, opts metav1.ListOptions) *SelfHealingWatch
func (*SelfHealingWatch) RunUntilWatchCloses ¶
type TargetLoader ¶
type TargetLoader interface {
LoadGVRs(ctx context.Context) []schema.GroupVersionResource
}
type WatchPool ¶
type WatchPool struct {
// contains filtered or unexported fields
}
func NewWatchPool ¶
func NewWatchPool(_ context.Context, client dynamic.Interface, gvrs []schema.GroupVersionResource, opts metav1.ListOptions) (*WatchPool, error)
Source Files