Documentation ¶
Index ¶
- func MergeResources(a, b map[string]unstructured.Unstructured)
- func ParseNamespacedPolicy(key string) (string, string, bool)
- func Validate(policy kyverno.PolicyInterface, client dclient.Interface, mock bool, ...) (*admissionv1.AdmissionResponse, error)
- func ValidateOnPolicyUpdate(p kyverno.PolicyInterface, onPolicyUpdate bool) error
- func ValidateVariables(p kyverno.PolicyInterface, backgroundMode bool) error
- type Condition
- type PolicyController
- type ResourceManager
- func (rm *ResourceManager) Drop()
- func (rm *ResourceManager) GetScope(kind string) (bool, error)
- func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool
- func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)
- func (rm *ResourceManager) RegisterScope(kind string, namespaced bool)
- type Validation
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MergeResources ¶ added in v1.3.0
func MergeResources(a, b map[string]unstructured.Unstructured)
MergeResources merges b into a map
func ParseNamespacedPolicy ¶ added in v1.3.6
func Validate ¶ added in v1.2.0
func Validate(policy kyverno.PolicyInterface, client dclient.Interface, mock bool, openAPIController *openapi.Controller) (*admissionv1.AdmissionResponse, error)
Validate checks the policy and rules declarations for required configurations
func ValidateOnPolicyUpdate ¶ added in v1.7.0
func ValidateOnPolicyUpdate(p kyverno.PolicyInterface, onPolicyUpdate bool) error
func ValidateVariables ¶ added in v1.5.2
func ValidateVariables(p kyverno.PolicyInterface, backgroundMode bool) error
Types ¶
type PolicyController ¶
type PolicyController struct {
// contains filtered or unexported fields
}
PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations
func NewPolicyController ¶
func NewPolicyController( kubeClient kubernetes.Interface, kyvernoClient kyvernoclient.Interface, client client.Interface, pInformer kyvernoinformer.ClusterPolicyInformer, npInformer kyvernoinformer.PolicyInformer, urInformer urkyvernoinformer.UpdateRequestInformer, configHandler config.Configuration, eventGen event.Interface, prGenerator policyreport.GeneratorInterface, policyReportEraser policyreport.PolicyReportEraser, namespaces informers.NamespaceInformer, log logr.Logger, reconcilePeriod time.Duration, promConfig *metrics.PromConfig, ) (*PolicyController, error)
NewPolicyController create a new PolicyController
func (*PolicyController) Run ¶
func (pc *PolicyController) Run(workers int, reconcileCh <-chan bool, stopCh <-chan struct{})
Run begins watching and syncing.
type ResourceManager ¶
type ResourceManager struct {
// contains filtered or unexported fields
}
ResourceManager stores the details on already processed resources for caching
func NewResourceManager ¶
func NewResourceManager(rebuildTime int64) *ResourceManager
NewResourceManager returns a new ResourceManager
func (*ResourceManager) Drop ¶
func (rm *ResourceManager) Drop()
Drop drop the cache after every rebuild interval mins
func (*ResourceManager) GetScope ¶ added in v1.3.0
func (rm *ResourceManager) GetScope(kind string) (bool, error)
GetScope gets the scope of the given kind return error if kind is not registered
func (*ResourceManager) ProcessResource ¶
func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool
ProcessResource returns true if the policy was not applied on the resource
func (*ResourceManager) RegisterResource ¶
func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)
RegisterResource stores if the policy is processed on this resource version
func (*ResourceManager) RegisterScope ¶ added in v1.3.0
func (rm *ResourceManager) RegisterScope(kind string, namespaced bool)
RegisterScope stores the scope of the given kind
type Validation ¶ added in v1.2.0
Validation provides methods to validate a rule