config

package
v1.8.2-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 18, 2022 License: Apache-2.0 Imports: 20 Imported by: 6

Documentation

Index

Constants

View Source
const (
	// MutatingWebhookConfigurationName default resource mutating webhook configuration name
	MutatingWebhookConfigurationName = "kyverno-resource-mutating-webhook-cfg"
	// MutatingWebhookName default resource mutating webhook name
	MutatingWebhookName = "mutate.kyverno.svc"
	// ValidatingWebhookConfigurationName ...
	ValidatingWebhookConfigurationName = "kyverno-resource-validating-webhook-cfg"
	// ValidatingWebhookName ...
	ValidatingWebhookName = "validate.kyverno.svc"
	// VerifyMutatingWebhookConfigurationName default verify mutating webhook configuration name
	VerifyMutatingWebhookConfigurationName = "kyverno-verify-mutating-webhook-cfg"
	// VerifyMutatingWebhookName default verify mutating webhook name
	VerifyMutatingWebhookName = "monitor-webhooks.kyverno.svc"
	// PolicyValidatingWebhookConfigurationName default policy validating webhook configuration name
	PolicyValidatingWebhookConfigurationName = "kyverno-policy-validating-webhook-cfg"
	// PolicyValidatingWebhookName default policy validating webhook name
	PolicyValidatingWebhookName = "validate-policy.kyverno.svc"
	// PolicyMutatingWebhookConfigurationName default policy mutating webhook configuration name
	PolicyMutatingWebhookConfigurationName = "kyverno-policy-mutating-webhook-cfg"
	// PolicyMutatingWebhookName default policy mutating webhook name
	PolicyMutatingWebhookName = "mutate-policy.kyverno.svc"
	// Due to kubernetes issue, we must use next literal constants instead of deployment TypeMeta fields
	// Issue: https://github.com/kubernetes/kubernetes/pull/63972
	// When the issue is closed, we should use TypeMeta struct instead of this constants
	// ClusterRoleAPIVersion define the default clusterrole resource apiVersion
	ClusterRoleAPIVersion = "rbac.authorization.k8s.io/v1"
	// ClusterRoleKind define the default clusterrole resource kind
	ClusterRoleKind = "ClusterRole"
	// MutatingWebhookServicePath is the path for mutation webhook
	MutatingWebhookServicePath = "/mutate"
	// ValidatingWebhookServicePath is the path for validation webhook
	ValidatingWebhookServicePath = "/validate"
	// PolicyValidatingWebhookServicePath is the path for policy validation webhook(used to validate policy resource)
	PolicyValidatingWebhookServicePath = "/policyvalidate"
	// PolicyMutatingWebhookServicePath is the path for policy mutation webhook(used to default)
	PolicyMutatingWebhookServicePath = "/policymutate"
	// VerifyMutatingWebhookServicePath is the path for verify webhook(used to veryfing if admission control is enabled and active)
	VerifyMutatingWebhookServicePath = "/verifymutate"
	// LivenessServicePath is the path for check liveness health
	LivenessServicePath = "/health/liveness"
	// ReadinessServicePath is the path for check readness health
	ReadinessServicePath = "/health/readiness"
)

These constants MUST be equal to the corresponding names in service definition in definitions/install.yaml

Variables

This section is empty.

Functions

func CreateClientConfig added in v1.1.0

func CreateClientConfig(kubeconfig string, qps float64, burst int) (*rest.Config, error)

CreateClientConfig creates client config and applies rate limit QPS and burst

func CreateClientConfigWithContext added in v1.8.1

func CreateClientConfigWithContext(kubeconfig string, context string) (*rest.Config, error)

CreateClientConfigWithContext creates client config from custom kubeconfig file and context Used for cli commands

func KyvernoConfigMapName added in v1.7.0

func KyvernoConfigMapName() string

func KyvernoDeploymentName added in v1.3.0

func KyvernoDeploymentName() string

func KyvernoDryRunNamespace added in v1.8.2

func KyvernoDryRunNamespace() string

func KyvernoNamespace added in v1.3.0

func KyvernoNamespace() string

func KyvernoPodName added in v1.7.0

func KyvernoPodName() string

func KyvernoServiceAccountName added in v1.8.0

func KyvernoServiceAccountName() string

func KyvernoServiceName added in v1.3.0

func KyvernoServiceName() string

func NewDefaultConfiguration added in v1.8.1

func NewDefaultConfiguration() *configuration

NewConfiguration ...

Types

type Configuration added in v1.7.0

type Configuration interface {
	// ToFilter checks if the given resource is set to be filtered in the configuration
	ToFilter(kind, namespace, name string) bool
	// GetExcludeGroupRole return exclude roles
	GetExcludeGroupRole() []string
	// GetExcludeUsername return exclude username
	GetExcludeUsername() []string
	// GetGenerateSuccessEvents return if should generate success events
	GetGenerateSuccessEvents() bool
	// RestrictDevelopmentUsername return exclude development username
	RestrictDevelopmentUsername() []string
	// FilterNamespaces filters exclude namespace
	FilterNamespaces(namespaces []string) []string
	// GetWebhooks returns the webhook configs
	GetWebhooks() []WebhookConfig
	// Load loads configuration from a configmap
	Load(cm *corev1.ConfigMap)
}

Configuration to be used by consumer to check filters

func NewConfiguration added in v1.7.0

func NewConfiguration(client kubernetes.Interface) (Configuration, error)

NewConfiguration ...

func NewFakeConfig added in v1.8.0

func NewFakeConfig() Configuration

type MetricsConfig added in v1.4.3

type MetricsConfig struct {
	// contains filtered or unexported fields
}

MetricsConfig stores the config for metrics

type MetricsConfigData added in v1.4.3

type MetricsConfigData struct {
	// contains filtered or unexported fields
}

MetricsConfigData stores the metrics-related configuration

func NewFakeMetricsConfig added in v1.8.0

func NewFakeMetricsConfig(client kubernetes.Interface) *MetricsConfigData

func NewMetricsConfigData added in v1.4.3

func NewMetricsConfigData(rclient kubernetes.Interface) (*MetricsConfigData, error)

NewMetricsConfigData ...

func (*MetricsConfigData) GetExcludeNamespaces added in v1.4.3

func (mcd *MetricsConfigData) GetExcludeNamespaces() []string

GetExcludeNamespaces returns the namespaces to ignore for metrics exposure

func (*MetricsConfigData) GetIncludeNamespaces added in v1.4.3

func (mcd *MetricsConfigData) GetIncludeNamespaces() []string

GetIncludeNamespaces returns the namespaces to specifically consider for metrics exposure

func (*MetricsConfigData) GetMetricsConfigMapName added in v1.4.3

func (mcd *MetricsConfigData) GetMetricsConfigMapName() string

GetMetricsConfigMapName returns the configmap name for the metric

func (*MetricsConfigData) GetMetricsRefreshInterval added in v1.4.3

func (mcd *MetricsConfigData) GetMetricsRefreshInterval() time.Duration

GetMetricsRefreshInterval returns the refresh interval for the metrics

type WebhookConfig added in v1.4.0

type WebhookConfig struct {
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,5,opt,name=namespaceSelector"`
	ObjectSelector    *metav1.LabelSelector `json:"objectSelector,omitempty" protobuf:"bytes,11,opt,name=objectSelector"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL