Documentation
¶
Index ¶
- Constants
- func CreateClientConfig(kubeconfig string, qps float64, burst int) (*rest.Config, error)
- func CreateClientConfigWithContext(kubeconfig string, context string) (*rest.Config, error)
- func DnsNames(commonName string, namespace string) []string
- func InClusterServiceName(commonName string, namespace string) string
- func KyvernoConfigMapName() string
- func KyvernoDeploymentName() string
- func KyvernoDryRunNamespace() string
- func KyvernoMetricsConfigMapName() string
- func KyvernoNamespace() string
- func KyvernoPodName() string
- func KyvernoRoleName() string
- func KyvernoServiceAccountName() string
- func KyvernoServiceName() string
- func KyvernoUserName(serviceaccount string) string
- func NewDefaultConfiguration(skipResourceFilters bool) *configuration
- func NewDefaultMetricsConfiguration() *metricsConfig
- type Configuration
- type MetricsConfiguration
- type WebhookConfig
Constants ¶
View Source
const ( // PolicyValidatingWebhookConfigurationName default policy validating webhook configuration name PolicyValidatingWebhookConfigurationName = "kyverno-policy-validating-webhook-cfg" // ValidatingWebhookConfigurationName ... ValidatingWebhookConfigurationName = "kyverno-resource-validating-webhook-cfg" // ExceptionValidatingWebhookConfigurationName ... ExceptionValidatingWebhookConfigurationName = "kyverno-exception-validating-webhook-cfg" // GlobalContextValidatingWebhookConfigurationName ... GlobalContextValidatingWebhookConfigurationName = "kyverno-global-context-validating-webhook-cfg" // CleanupValidatingWebhookConfigurationName ... CleanupValidatingWebhookConfigurationName = "kyverno-cleanup-validating-webhook-cfg" // PolicyMutatingWebhookConfigurationName default policy mutating webhook configuration name PolicyMutatingWebhookConfigurationName = "kyverno-policy-mutating-webhook-cfg" // MutatingWebhookConfigurationName default resource mutating webhook configuration name MutatingWebhookConfigurationName = "kyverno-resource-mutating-webhook-cfg" // VerifyMutatingWebhookConfigurationName default verify mutating webhook configuration name VerifyMutatingWebhookConfigurationName = "kyverno-verify-mutating-webhook-cfg" // TtlValidatingWebhookConfigurationName ttl label validating webhook configuration name TtlValidatingWebhookConfigurationName = "kyverno-ttl-validating-webhook-cfg" )
webhook configuration names
View Source
const ( // PolicyValidatingWebhookName default policy validating webhook name PolicyValidatingWebhookName = "validate-policy.kyverno.svc" // ValidatingWebhookName ... ValidatingWebhookName = "validate.kyverno.svc" // PolicyMutatingWebhookName default policy mutating webhook name PolicyMutatingWebhookName = "mutate-policy.kyverno.svc" // MutatingWebhookName default resource mutating webhook name MutatingWebhookName = "mutate.kyverno.svc" // VerifyMutatingWebhookName default verify mutating webhook name VerifyMutatingWebhookName = "monitor-webhooks.kyverno.svc" )
webhook names
View Source
const ( // PolicyValidatingWebhookServicePath is the path for policy validation webhook(used to validate policy resource) PolicyValidatingWebhookServicePath = "/policyvalidate" // ValidatingWebhookServicePath is the path for validation webhook ValidatingWebhookServicePath = "/validate" // ExceptionValidatingWebhookServicePath is the path for policy exception validation webhook(used to validate policy exception resource) ExceptionValidatingWebhookServicePath = "/exceptionvalidate" // GlobalContextValidatingWebhookServicePath is the path for global context validation webhook(used to validate global context entries) GlobalContextValidatingWebhookServicePath = "/globalcontextvalidate" // CleanupValidatingWebhookServicePath is the path for cleanup policy validation webhook(used to validate cleanup policy resource) CleanupValidatingWebhookServicePath = "/validate" // TtlValidatingWebhookServicePath is the path for validation of cleanup.kyverno.io/ttl label value TtlValidatingWebhookServicePath = "/verifyttl" // PolicyMutatingWebhookServicePath is the path for policy mutation webhook(used to default) PolicyMutatingWebhookServicePath = "/policymutate" // MutatingWebhookServicePath is the path for mutation webhook MutatingWebhookServicePath = "/mutate" // VerifyMutatingWebhookServicePath is the path for verify webhook(used to veryfing if admission control is enabled and active) VerifyMutatingWebhookServicePath = "/verifymutate" // LivenessServicePath is the path for check liveness health LivenessServicePath = "/health/liveness" // ReadinessServicePath is the path for check readness health ReadinessServicePath = "/health/readiness" // MetricsPath is the path for exposing metrics MetricsPath = "/metrics" // FineGrainedWebhookPath is the sub-path for fine-grained webhook configurationss FineGrainedWebhookPath = "/finegrained" )
paths
View Source
const UpdateRequestThreshold = 1000
Variables ¶
This section is empty.
Functions ¶
func CreateClientConfig ¶ added in v1.1.0
CreateClientConfig creates client config and applies rate limit QPS and burst
func CreateClientConfigWithContext ¶ added in v1.8.1
CreateClientConfigWithContext creates client config from custom kubeconfig file and context Used for cli commands
func InClusterServiceName ¶ added in v1.10.5
func KyvernoConfigMapName ¶ added in v1.7.0
func KyvernoConfigMapName() string
func KyvernoDeploymentName ¶ added in v1.3.0
func KyvernoDeploymentName() string
func KyvernoDryRunNamespace ¶ added in v1.8.2
func KyvernoDryRunNamespace() string
func KyvernoMetricsConfigMapName ¶ added in v1.10.0
func KyvernoMetricsConfigMapName() string
func KyvernoNamespace ¶ added in v1.3.0
func KyvernoNamespace() string
func KyvernoPodName ¶ added in v1.7.0
func KyvernoPodName() string
func KyvernoRoleName ¶ added in v1.13.0
func KyvernoRoleName() string
func KyvernoServiceAccountName ¶ added in v1.8.0
func KyvernoServiceAccountName() string
func KyvernoServiceName ¶ added in v1.3.0
func KyvernoServiceName() string
func KyvernoUserName ¶ added in v1.10.0
func NewDefaultConfiguration ¶ added in v1.8.1
func NewDefaultConfiguration(skipResourceFilters bool) *configuration
NewDefaultConfiguration ...
func NewDefaultMetricsConfiguration ¶ added in v1.9.0
func NewDefaultMetricsConfiguration() *metricsConfig
NewDefaultMetricsConfiguration ...
Types ¶
type Configuration ¶ added in v1.7.0
type Configuration interface {
// GetDefaultRegistry return default image registry
GetDefaultRegistry() string
// GetEnableDefaultRegistryMutation returns true if image references should be mutated
GetEnableDefaultRegistryMutation() bool
// IsExcluded checks exlusions/inclusions to determine if the admission request should be excluded or not
IsExcluded(username string, groups []string, roles []string, clusterroles []string) bool
// ToFilter checks if the given resource is set to be filtered in the configuration
ToFilter(kind schema.GroupVersionKind, subresource, namespace, name string) bool
// GetGenerateSuccessEvents return if should generate success events
GetGenerateSuccessEvents() bool
// GetWebhooks returns the webhook configs
GetWebhooks() []WebhookConfig
// GetWebhookAnnotations returns annotations to set on webhook configs
GetWebhookAnnotations() map[string]string
// GetWebhookLabels returns labels to set on webhook configs
GetWebhookLabels() map[string]string
// GetMatchConditions returns match conditions to set on webhook configs
GetMatchConditions() []admissionregistrationv1.MatchCondition
// Load loads configuration from a configmap
Load(*corev1.ConfigMap)
// OnChanged adds a callback to be invoked when the configuration is reloaded
OnChanged(func())
// GetUpdateRequestThreshold gets the threshold limit for the total number of updaterequests
GetUpdateRequestThreshold() int64
}
Configuration to be used by consumer to check filters
type MetricsConfiguration ¶ added in v1.9.0
type MetricsConfiguration interface {
// GetExcludeNamespaces returns the namespaces to ignore for metrics exposure
GetExcludeNamespaces() []string
// GetIncludeNamespaces returns the namespaces to specifically consider for metrics exposure
GetIncludeNamespaces() []string
// GetMetricsRefreshInterval returns the refresh interval for the metrics
GetMetricsRefreshInterval() time.Duration
// CheckNamespace returns `true` if the namespace has to be considered
CheckNamespace(string) bool
// GetBucketBoundaries returns the bucket boundaries for Histogram metrics
GetBucketBoundaries() []float64
// BuildMeterProviderViews returns OTL view removing attributes which were disabled in the config
BuildMeterProviderViews() []sdkmetric.View
// Load loads configuration from a configmap
Load(*corev1.ConfigMap)
// OnChanged adds a callback to be invoked when the configuration is reloaded
OnChanged(func())
}
MetricsConfig stores the config for metrics
type WebhookConfig ¶ added in v1.4.0
type WebhookConfig struct {
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
ObjectSelector *metav1.LabelSelector `json:"objectSelector,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.