config

package
v1.6.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 29, 2022 License: Apache-2.0 Imports: 20 Imported by: 6

Documentation

Index

Constants

View Source
const (
	//MutatingWebhookConfigurationName default resource mutating webhook configuration name
	MutatingWebhookConfigurationName = "kyverno-resource-mutating-webhook-cfg"
	//MutatingWebhookConfigurationDebugName default resource mutating webhook configuration name for debug mode
	MutatingWebhookConfigurationDebugName = "kyverno-resource-mutating-webhook-cfg-debug"
	//MutatingWebhookName default resource mutating webhook name
	MutatingWebhookName = "mutate.kyverno.svc"

	ValidatingWebhookConfigurationName      = "kyverno-resource-validating-webhook-cfg"
	ValidatingWebhookConfigurationDebugName = "kyverno-resource-validating-webhook-cfg-debug"
	ValidatingWebhookName                   = "validate.kyverno.svc"

	//VerifyMutatingWebhookConfigurationName default verify mutating webhook configuration name
	VerifyMutatingWebhookConfigurationName = "kyverno-verify-mutating-webhook-cfg"
	//VerifyMutatingWebhookConfigurationDebugName default verify mutating webhook configuration name for debug mode
	VerifyMutatingWebhookConfigurationDebugName = "kyverno-verify-mutating-webhook-cfg-debug"
	//VerifyMutatingWebhookName default verify mutating webhook name
	VerifyMutatingWebhookName = "monitor-webhooks.kyverno.svc"

	//PolicyValidatingWebhookConfigurationName default policy validating webhook configuration name
	PolicyValidatingWebhookConfigurationName = "kyverno-policy-validating-webhook-cfg"
	//PolicyValidatingWebhookConfigurationDebugName default policy validating webhook configuration name for debug mode
	PolicyValidatingWebhookConfigurationDebugName = "kyverno-policy-validating-webhook-cfg-debug"
	//PolicyValidatingWebhookName default policy validating webhook name
	PolicyValidatingWebhookName = "validate-policy.kyverno.svc"

	//PolicyMutatingWebhookConfigurationName default policy mutating webhook configuration name
	PolicyMutatingWebhookConfigurationName = "kyverno-policy-mutating-webhook-cfg"
	//PolicyMutatingWebhookConfigurationDebugName default policy mutating webhook configuration name for debug mode
	PolicyMutatingWebhookConfigurationDebugName = "kyverno-policy-mutating-webhook-cfg-debug"
	//PolicyMutatingWebhookName default policy mutating webhook name
	PolicyMutatingWebhookName = "mutate-policy.kyverno.svc"

	// DeploymentKind define the default deployment resource kind
	DeploymentKind = "Deployment"

	// DeploymentAPIVersion define the default deployment resource apiVersion
	DeploymentAPIVersion = "apps/v1"

	// NamespaceKind define the default namespace resource kind
	NamespaceKind = "Namespace"

	// NamespaceAPIVersion define the default namespace resource apiVersion
	NamespaceAPIVersion = "v1"

	// ClusterRoleAPIVersion define the default clusterrole resource apiVersion
	ClusterRoleAPIVersion = "rbac.authorization.k8s.io/v1"

	// ClusterRoleKind define the default clusterrole resource kind
	ClusterRoleKind = "ClusterRole"
)

These constants MUST be equal to the corresponding names in service definition in definitions/install.yaml

Variables

View Source
var (
	//KyvernoNamespace is the Kyverno namespace
	KyvernoNamespace = getKyvernoNameSpace()

	// KyvernoDeploymentName is the Kyverno deployment name
	KyvernoDeploymentName = getKyvernoDeploymentName()

	//KyvernoServiceName is the Kyverno service name
	KyvernoServiceName = getKyvernoServiceName()

	//MutatingWebhookServicePath is the path for mutation webhook
	MutatingWebhookServicePath = "/mutate"

	//ValidatingWebhookServicePath is the path for validation webhook
	ValidatingWebhookServicePath = "/validate"

	//PolicyValidatingWebhookServicePath is the path for policy validation webhook(used to validate policy resource)
	PolicyValidatingWebhookServicePath = "/policyvalidate"

	//PolicyMutatingWebhookServicePath is the path for policy mutation webhook(used to default)
	PolicyMutatingWebhookServicePath = "/policymutate"

	//VerifyMutatingWebhookServicePath is the path for verify webhook(used to veryfing if admission control is enabled and active)
	VerifyMutatingWebhookServicePath = "/verifymutate"

	// LivenessServicePath is the path for check liveness health
	LivenessServicePath = "/health/liveness"

	// ReadinessServicePath is the path for check readness health
	ReadinessServicePath = "/health/readiness"
)

Functions

func CreateClientConfig added in v1.1.0

func CreateClientConfig(kubeconfig string, qps float64, burst int, log logr.Logger) (*rest.Config, error)

CreateClientConfig creates client config and applies rate limit QPS and burst

Types

type ConfigData added in v0.11.0

type ConfigData struct {
	// contains filtered or unexported fields
}

ConfigData stores the configuration

func NewConfigData added in v0.11.0

func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8sResources, excludeGroupRole, excludeUsername string, reconcilePolicyReport, updateWebhookConfigurations chan<- bool, log logr.Logger) *ConfigData

NewConfigData ...

func (*ConfigData) FilterNamespaces added in v1.3.2

func (cd *ConfigData) FilterNamespaces(namespaces []string) []string

FilterNamespaces filters exclude namespace

func (*ConfigData) GetExcludeGroupRole added in v1.2.0

func (cd *ConfigData) GetExcludeGroupRole() []string

GetExcludeGroupRole return exclude roles

func (*ConfigData) GetExcludeUsername added in v1.2.0

func (cd *ConfigData) GetExcludeUsername() []string

GetExcludeUsername return exclude username

func (*ConfigData) GetGenerateSuccessEvents added in v1.4.2

func (cd *ConfigData) GetGenerateSuccessEvents() bool

GetGenerateSuccessEvents return if should generate success events

func (*ConfigData) GetInitConfigMapName added in v1.4.0

func (cd *ConfigData) GetInitConfigMapName() string

GetInitConfigMapName returns the init configmap name

func (*ConfigData) GetWebhooks added in v1.4.0

func (cd *ConfigData) GetWebhooks() []WebhookConfig

GetWebhooks returns the webhook configs

func (*ConfigData) RestrictDevelopmentUsername added in v1.2.0

func (cd *ConfigData) RestrictDevelopmentUsername() []string

RestrictDevelopmentUsername return exclude development username

func (*ConfigData) Run added in v0.11.0

func (cd *ConfigData) Run(stopCh <-chan struct{})

Run checks syncing

func (*ConfigData) ToFilter added in v0.11.0

func (cd *ConfigData) ToFilter(kind, namespace, name string) bool

ToFilter checks if the given resource is set to be filtered in the configuration

type Interface added in v0.11.0

type Interface interface {
	ToFilter(kind, namespace, name string) bool
	GetExcludeGroupRole() []string
	GetExcludeUsername() []string
	GetGenerateSuccessEvents() bool
	RestrictDevelopmentUsername() []string
	FilterNamespaces(namespaces []string) []string
	GetWebhooks() []WebhookConfig
	GetInitConfigMapName() string
}

Interface to be used by consumer to check filters

type MetricsConfig added in v1.4.3

type MetricsConfig struct {
	// contains filtered or unexported fields
}

MetricsConfig stores the config for metrics

type MetricsConfigData added in v1.4.3

type MetricsConfigData struct {
	// contains filtered or unexported fields
}

MetricsConfigData stores the metrics-related configuration

func NewMetricsConfigData added in v1.4.3

func NewMetricsConfigData(rclient kubernetes.Interface, log logr.Logger) (*MetricsConfigData, error)

NewMetricsConfigData ...

func (*MetricsConfigData) GetExcludeNamespaces added in v1.4.3

func (mcd *MetricsConfigData) GetExcludeNamespaces() []string

GetExcludeNamespaces returns the namespaces to ignore for metrics exposure

func (*MetricsConfigData) GetIncludeNamespaces added in v1.4.3

func (mcd *MetricsConfigData) GetIncludeNamespaces() []string

GetIncludeNamespaces returns the namespaces to specifically consider for metrics exposure

func (*MetricsConfigData) GetMetricsConfigMapName added in v1.4.3

func (mcd *MetricsConfigData) GetMetricsConfigMapName() string

GetMetricsConfigMapName returns the configmap name for the metric

func (*MetricsConfigData) GetMetricsRefreshInterval added in v1.4.3

func (mcd *MetricsConfigData) GetMetricsRefreshInterval() time.Duration

GetMetricsRefreshInterval returns the refresh interval for the metrics

type WebhookConfig added in v1.4.0

type WebhookConfig struct {
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,5,opt,name=namespaceSelector"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL