Documentation
¶
Overview ¶
Copyright paskal.maksim@gmail.com Licensed under the Apache License, Version 2.0 (the "License") you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
Constants ¶
View Source
const ( // label for namespaces that managed by pod-admission-controller. LabelManaged = annotationPrefix + "/managed" // annotation that will added to pod if mutation executes. AnnotationInjected = annotationPrefix + "/injected" // skip mutation. AnnotationIgnore = annotationPrefix + "/ignore" // list of containers that should be skipped from RunAsNonRoot. AnnotationIgnoreEnv = annotationPrefix + "/ignoreEnv" // Deprecated: list of containers that should be skipped from RunAsNonRoot. AnnotationIgnoreRunAsNonRoot = annotationPrefix + "/ignoreRunAsNonRoot" // Deprecated: list of containers that should be skipped from AddDefaultResources. AnnotationIgnoreAddDefaultResources = annotationPrefix + "/ignoreAddDefaultResources" // Default CPU requests. AnnotationDefaultResourcesCPU = annotationPrefix + "/defaultResourcesCPU" // Default Memory requests. AnnotationDefaultResourcesMemory = annotationPrefix + "/defaultResourcesMemory" // ingress default suffix. AnnotationDefaultIngressSuffix = annotationPrefix + "/ingressSuffix" // warning when AnnotationIgnore is enabled. WarningObjectDoedNotNeedMutation = annotationPrefix + ": ignore mutation by annotation " + AnnotationIgnore // warning when no patch is generated. WarningNoPatchGenerated = annotationPrefix + ". No patches found" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddDefaultResources ¶
type Condition ¶ added in v0.0.10
type Condition struct {
Key string
Operator ConditionOperator
Value string
Values []string
}
type ConditionOperator ¶ added in v0.0.10
type ConditionOperator string
must be lowercase.
const ( OperatorEqual ConditionOperator = "equal" OperatorNotEqual ConditionOperator = "notequal" OperatorRegexp ConditionOperator = "regexp" OperatorNotRegexp ConditionOperator = "notregexp" OperatorIn ConditionOperator = "in" OperatorNotIn ConditionOperator = "notin" OperatorEmpty ConditionOperator = "empty" OperatorNotEmpty ConditionOperator = "notempty" )
func (ConditionOperator) IsNegate ¶ added in v0.0.10
func (op ConditionOperator) IsNegate() bool
func (ConditionOperator) Validate ¶ added in v0.0.10
func (op ConditionOperator) Validate() error
func (ConditionOperator) Value ¶ added in v0.0.10
func (op ConditionOperator) Value() ConditionOperator
type ContainerImage ¶ added in v0.0.3
type ContainerInfo ¶
type ContainerInfo struct {
PodContainer *PodContainer
ContainerName string
ContainerType PodContainerType
Namespace string
NamespaceAnnotations map[string]string
NamespaceLabels map[string]string
Image *ContainerImage
PodAnnotations map[string]string
PodLabels map[string]string
SelectedRules []*Rule
}
func (*ContainerInfo) GetPodAnnotation ¶
func (c *ContainerInfo) GetPodAnnotation(key string) (string, bool)
return namespaced pod annotation value.
func (*ContainerInfo) GetSelectedRulesEnv ¶
func (c *ContainerInfo) GetSelectedRulesEnv() []corev1.EnvVar
func (*ContainerInfo) String ¶
func (c *ContainerInfo) String() string
return JSON representation of the container info.
type CreateSecret ¶ added in v0.0.5
type PatchOperation ¶
type PatchOperation struct {
Op string `json:"op"`
Path string `json:"path"`
Value interface{} `json:"value,omitempty"`
}
func (*PatchOperation) String ¶ added in v0.0.5
func (p *PatchOperation) String() string
type PodContainer ¶ added in v0.0.5
type PodContainer struct {
Pod *corev1.Pod
Namespace *corev1.Namespace
Order int
Type PodContainerType
Container *corev1.Container
}
func PodContainersFromPod ¶ added in v0.0.5
func PodContainersFromPod(namespace *corev1.Namespace, pod *corev1.Pod) []*PodContainer
func (*PodContainer) ContainerPath ¶ added in v0.0.5
func (c *PodContainer) ContainerPath() string
func (*PodContainer) OwnerKind ¶ added in v0.0.10
func (c *PodContainer) OwnerKind() string
return owner kind of the pod. usage: .PodContainer.OwnerKind example: ReplicaSet
func (*PodContainer) PodPVCNames ¶ added in v0.0.12
func (c *PodContainer) PodPVCNames() []string
return string array of pods pvc names. usage: .PodContainer.PodPVCNames example: ["pvc1", "pvc2"]
func (*PodContainer) String ¶ added in v0.0.5
func (c *PodContainer) String() string
type PodContainerType ¶ added in v0.0.10
type PodContainerType string
const ( PodContainerTypeInitContainer PodContainerType = "initContainer" PodContainerTypeContainer PodContainerType = "container" )
type ReplaceContainerImageHost ¶ added in v0.0.5
type Rule ¶
type Rule struct {
Debug bool
Name string
Env []corev1.EnvVar
Conditions []Condition
AddDefaultResources AddDefaultResources
RunAsNonRoot RunAsNonRoot
ReplaceContainerImageHost ReplaceContainerImageHost
Tolerations []corev1.Toleration
ImagePullSecrets []corev1.LocalObjectReference
CustomPatches []PatchOperation
}
type RunAsNonRoot ¶
type RunAsNonRoot struct {
Enabled bool
// replace RunAsUser in container
ReplaceUser RunAsNonRootReplaceUser
}
type RunAsNonRootReplaceUser ¶
Source Files
Click to show internal directories.
Click to hide internal directories.