policy

package

v1.1.1 Latest Latest Go to latest Published: Jan 14, 2020 License: Apache-2.0 Imports: 36 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nirmata/kyverno

Documentation ¶

Index ¶

type Condition
type PVControlInterface
type PolicyController
- func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, ...) (*PolicyController, error)
- func (pc *PolicyController) GetPolicyStatusAggregator() PolicyStatusInterface
- func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})
type PolicyStat
type PolicyStatInfo
type PolicyStatusAggregator
- func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator
type PolicyStatusInterface
type RealPVControl
- func (r RealPVControl) DeleteClusterPolicyViolation(name string) error
- func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error
type ResourceManager
- func NewResourceManager(rebuildTime int64) *ResourceManager
type RuleStatinfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Condition ¶ added in v0.9.1

type Condition int

const (
	NotEvaluate Condition = 0
	Process     Condition = 1
	Skip        Condition = 2
)

type PVControlInterface ¶

type PVControlInterface interface {
	DeleteClusterPolicyViolation(name string) error
	DeleteNamespacedPolicyViolation(ns, name string) error
}

PVControlInterface provides interface to operate on policy violation resource

type PolicyController ¶

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController ¶

func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
	client *client.Client,
	pInformer kyvernoinformer.ClusterPolicyInformer,
	cpvInformer kyvernoinformer.ClusterPolicyViolationInformer,
	nspvInformer kyvernoinformer.PolicyViolationInformer,
	configHandler config.Interface,
	eventGen event.Interface,
	pvGenerator policyviolation.GeneratorInterface,
	pMetaStore policystore.UpdateInterface,
	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister) (*PolicyController, error)

NewPolicyController create a new PolicyController

func (*PolicyController) GetPolicyStatusAggregator ¶

func (pc *PolicyController) GetPolicyStatusAggregator() PolicyStatusInterface

GetPolicyStatusAggregator returns interface to send policy status stats

func (*PolicyController) Run ¶

func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})

Run begins watching and syncing.

type PolicyStat ¶

type PolicyStat struct {
	PolicyName string
	Stats      PolicyStatInfo
}

PolicyStat stored stats for policy

type PolicyStatInfo ¶

type PolicyStatInfo struct {
	MutationExecutionTime   time.Duration
	ValidationExecutionTime time.Duration
	GenerationExecutionTime time.Duration
	RulesAppliedCount       int
	ResourceBlocked         int
	Rules                   []RuleStatinfo
}

type PolicyStatusAggregator ¶

type PolicyStatusAggregator struct {
	// contains filtered or unexported fields
}

PolicyStatusAggregator stores information abt aggregation

func NewPolicyStatAggregator ¶

func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator

NewPolicyStatAggregator returns a new policy status

func (*PolicyStatusAggregator) GetPolicyStats ¶

func (psa *PolicyStatusAggregator) GetPolicyStats(policyName string) PolicyStatInfo

GetPolicyStats returns the policy stats

func (*PolicyStatusAggregator) RemovePolicyStats ¶

func (psa *PolicyStatusAggregator) RemovePolicyStats(policyName string)

RemovePolicyStats rmves policy stats records

func (*PolicyStatusAggregator) Run ¶

func (psa *PolicyStatusAggregator) Run(workers int, stopCh <-chan struct{})

Run begins aggregator

func (*PolicyStatusAggregator) SendStat ¶

func (psa *PolicyStatusAggregator) SendStat(stat PolicyStat)

SendStat sends the stat information for aggregation

type PolicyStatusInterface ¶

type PolicyStatusInterface interface {
	SendStat(stat PolicyStat)
}

PolicyStatusInterface provides methods to modify policyStatus

type RealPVControl ¶

type RealPVControl struct {
	Client   kyvernoclient.Interface
	Recorder record.EventRecorder
}

RealPVControl is the default implementation of PVControlInterface.

func (RealPVControl) DeleteClusterPolicyViolation ¶ added in v1.1.0

func (r RealPVControl) DeleteClusterPolicyViolation(name string) error

DeletePolicyViolation deletes the policy violation

func (RealPVControl) DeleteNamespacedPolicyViolation ¶ added in v1.0.0

func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error

DeleteNamespacedPolicyViolation deletes the namespaced policy violation

type ResourceManager ¶

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager ¶

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop ¶

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins TODO: or drop based on the size

func (*ResourceManager) ProcessResource ¶

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource ¶

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

type RuleStatinfo ¶ added in v0.9.1

type RuleStatinfo struct {
	RuleName         string
	ExecutionTime    time.Duration
	RuleAppliedCount int
	RulesFailedCount int
	MutationCount    int
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL