constraint

package
v3.16.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 26, 2024 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// VapGenerationLabel indicates opting in and out preference for generating VAP objects.
	VapGenerationLabel = "gatekeeper.sh/use-vap"
	// VapFlagNone: do not generate.
	VapFlagNone = "NONE"
	// VapFlagGatekeeperDefault: do not generate unless label gatekeeper.sh/use-vap: yes is added to policy explicitly.
	VapFlagGatekeeperDefault = "GATEKEEPER_DEFAULT"
	// VapFlagVapDefault: generate unless label gatekeeper.sh/use-vap: no is added to policy explicitly.
	VapFlagVapDefault = "VAP_DEFAULT"
	// no value.
	No = "no"
	// yes value.
	Yes = "yes"
)

Variables

View Source
var VapAPIEnabled *bool

Functions

func IsVapAPIEnabled added in v3.16.0

func IsVapAPIEnabled() bool

func ShouldGenerateVap added in v3.16.0

func ShouldGenerateVap(useVapLabel string) bool

Types

type Adder

type Adder struct {
	CFClient         *constraintclient.Client
	ConstraintsCache *ConstraintsCache
	WatchManager     *watch.Manager
	ControllerSwitch *watch.ControllerSwitch
	Events           <-chan event.GenericEvent
	Tracker          *readiness.Tracker
	GetPod           func(context.Context) (*corev1.Pod, error)
	ProcessExcluder  *process.Excluder
	// IfWatching allows the reconciler to only execute functions if a constraint
	// template is currently being watched. It is designed to be atomic to avoid
	// race conditions between the constraint controller and the constraint template
	// controller
	IfWatching func(schema.GroupVersionKind, func() error) (bool, error)
}

func (*Adder) Add

func (a *Adder) Add(mgr manager.Manager) error

Add creates a new Constraint Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

func (*Adder) InjectCFClient added in v3.14.0

func (a *Adder) InjectCFClient(c *constraintclient.Client)

func (*Adder) InjectControllerSwitch

func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch)

func (*Adder) InjectTracker

func (a *Adder) InjectTracker(t *readiness.Tracker)

func (*Adder) InjectWatchManager

func (a *Adder) InjectWatchManager(w *watch.Manager)

type ConstraintsCache

type ConstraintsCache struct {
	// contains filtered or unexported fields
}

func NewConstraintsCache

func NewConstraintsCache() *ConstraintsCache

type ReconcileConstraint

type ReconcileConstraint struct {
	// contains filtered or unexported fields
}

ReconcileConstraint reconciles an arbitrary constraint object described by Kind.

func (*ReconcileConstraint) Reconcile

func (r *ReconcileConstraint) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error)

Reconcile reads that state of the cluster for a constraint object and makes changes based on the state read and what is in the constraint.Spec.

type StatsReporter

type StatsReporter interface {
	// contains filtered or unexported methods
}

StatsReporter reports audit metrics.

type VapFlagType added in v3.16.0

type VapFlagType string

VapFlagType is the custom type for the vap-enforcement flag.

var VapEnforcement VapFlagType

func (*VapFlagType) Set added in v3.16.0

func (v *VapFlagType) Set(value string) error

Set validates and sets the value for the VapFlagType.

func (*VapFlagType) SetDefaultIfEmpty added in v3.16.0

func (v *VapFlagType) SetDefaultIfEmpty()

setting defaults when not set; required for unit test.

func (*VapFlagType) String added in v3.16.0

func (v *VapFlagType) String() string

String returns the string representation of the flag value.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL