Documentation ¶
Index ¶
- func HasMutateOrValidate(policy kyverno.ClusterPolicy) bool
- func HasMutateOrValidatePolicies(policies []*kyverno.ClusterPolicy) bool
- func RecheckDeletionTimestamp(getObject func() (metav1.Object, error)) func() error
- type BaseControllerRefManager
- type Condition
- type PVControlInterface
- type PolicyController
- type PolicyStat
- type PolicyStatInfo
- type PolicyStatusAggregator
- type PolicyStatusInterface
- type PolicyViolationControllerRefManager
- type RealPVControl
- type ResourceManager
- type RuleStatinfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HasMutateOrValidate ¶
func HasMutateOrValidate(policy kyverno.ClusterPolicy) bool
func HasMutateOrValidatePolicies ¶
func HasMutateOrValidatePolicies(policies []*kyverno.ClusterPolicy) bool
func RecheckDeletionTimestamp ¶
RecheckDeletionTimestamp returns a CanAdopt() function to recheck deletion.
The CanAdopt() function calls getObject() to fetch the latest value, and denies adoption attempts if that object has a non-nil DeletionTimestamp.
Types ¶
type BaseControllerRefManager ¶
type BaseControllerRefManager struct { Controller metav1.Object Selector labels.Selector CanAdoptFunc func() error // contains filtered or unexported fields }
BaseControllerRefManager ...
func (*BaseControllerRefManager) CanAdopt ¶
func (m *BaseControllerRefManager) CanAdopt() error
CanAdopt ...
type PVControlInterface ¶
PVControlInterface provides interface to operate on policy violation resource
type PolicyController ¶
type PolicyController struct {
// contains filtered or unexported fields
}
PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations
func NewPolicyController ¶
func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.ClusterPolicyInformer, pvInformer kyvernoinformer.ClusterPolicyViolationInformer, eventGen event.Interface, webhookInformer webhookinformer.MutatingWebhookConfigurationInformer, webhookRegistrationClient *webhookconfig.WebhookRegistrationClient) (*PolicyController, error)
NewPolicyController create a new PolicyController
func (*PolicyController) GetPolicyStatusAggregator ¶
func (pc *PolicyController) GetPolicyStatusAggregator() PolicyStatusInterface
GetPolicyStatusAggregator returns interface to send policy status stats
func (*PolicyController) Run ¶
func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})
Run begins watching and syncing.
type PolicyStat ¶
type PolicyStat struct { PolicyName string Stats PolicyStatInfo }
PolicyStat stored stats for policy
type PolicyStatInfo ¶
type PolicyStatusAggregator ¶
type PolicyStatusAggregator struct {
// contains filtered or unexported fields
}
PolicyStatusAggregator stores information abt aggregation
func NewPolicyStatAggregator ¶
func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator
NewPolicyStatAggregator returns a new policy status
func (*PolicyStatusAggregator) GetPolicyStats ¶
func (psa *PolicyStatusAggregator) GetPolicyStats(policyName string) PolicyStatInfo
GetPolicyStats returns the policy stats
func (*PolicyStatusAggregator) RemovePolicyStats ¶
func (psa *PolicyStatusAggregator) RemovePolicyStats(policyName string)
RemovePolicyStats rmves policy stats records
func (*PolicyStatusAggregator) Run ¶
func (psa *PolicyStatusAggregator) Run(workers int, stopCh <-chan struct{})
Run begins aggregator
func (*PolicyStatusAggregator) SendStat ¶
func (psa *PolicyStatusAggregator) SendStat(stat PolicyStat)
SendStat sends the stat information for aggregation
type PolicyStatusInterface ¶
type PolicyStatusInterface interface {
SendStat(stat PolicyStat)
}
PolicyStatusInterface provides methods to modify policyStatus
type PolicyViolationControllerRefManager ¶
type PolicyViolationControllerRefManager struct { BaseControllerRefManager // contains filtered or unexported fields }
PolicyViolationControllerRefManager manages adoption of policy violation by a policy
func NewPolicyViolationControllerRefManager ¶
func NewPolicyViolationControllerRefManager( pvControl PVControlInterface, controller metav1.Object, selector labels.Selector, controllerKind schema.GroupVersionKind, canAdopt func() error, ) *PolicyViolationControllerRefManager
NewPolicyViolationControllerRefManager returns new PolicyViolationControllerRefManager
type RealPVControl ¶
type RealPVControl struct { Client kyvernoclient.Interface Recorder record.EventRecorder }
RealPVControl is the default implementation of PVControlInterface.
func (RealPVControl) PatchPolicyViolation ¶
func (r RealPVControl) PatchPolicyViolation(name string, data []byte) error
PatchPolicyViolation patches the policy violation with the provided JSON Patch
type ResourceManager ¶
type ResourceManager struct {
// contains filtered or unexported fields
}
ResourceManager stores the details on already processed resources for caching
func NewResourceManager ¶
func NewResourceManager(rebuildTime int64) *ResourceManager
NewResourceManager returns a new ResourceManager
func (*ResourceManager) Drop ¶
func (rm *ResourceManager) Drop()
Drop drop the cache after every rebuild interval mins TODO: or drop based on the size
func (*ResourceManager) ProcessResource ¶
func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool
ProcessResource returns true if the policy was not applied on the resource
func (*ResourceManager) RegisterResource ¶
func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)
RegisterResource stores if the policy is processed on this resource version