Documentation ¶
Index ¶
Constants ¶
View Source
const ( // VapGenerationLabel indicates opting in and out preference for generating VAP objects. VapGenerationLabel = "gatekeeper.sh/use-vap" // VapFlagNone: do not generate. VapFlagNone = "NONE" // VapFlagGatekeeperDefault: do not generate unless label gatekeeper.sh/use-vap: yes is added to policy explicitly. VapFlagGatekeeperDefault = "GATEKEEPER_DEFAULT" // VapFlagVapDefault: generate unless label gatekeeper.sh/use-vap: no is added to policy explicitly. VapFlagVapDefault = "VAP_DEFAULT" // no value. No = "no" // yes value. Yes = "yes" )
Variables ¶
View Source
var VapAPIEnabled *bool
Functions ¶
func IsVapAPIEnabled ¶ added in v3.16.0
func IsVapAPIEnabled() bool
func ShouldGenerateVap ¶ added in v3.16.0
Types ¶
type Adder ¶
type Adder struct { CFClient *constraintclient.Client ConstraintsCache *ConstraintsCache WatchManager *watch.Manager ControllerSwitch *watch.ControllerSwitch Events <-chan event.GenericEvent Tracker *readiness.Tracker GetPod func(context.Context) (*corev1.Pod, error) ProcessExcluder *process.Excluder // IfWatching allows the reconciler to only execute functions if a constraint // template is currently being watched. It is designed to be atomic to avoid // race conditions between the constraint controller and the constraint template // controller IfWatching func(schema.GroupVersionKind, func() error) (bool, error) }
func (*Adder) Add ¶
Add creates a new Constraint Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.
func (*Adder) InjectCFClient ¶ added in v3.14.0
func (a *Adder) InjectCFClient(c *constraintclient.Client)
func (*Adder) InjectControllerSwitch ¶
func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch)
func (*Adder) InjectTracker ¶
func (*Adder) InjectWatchManager ¶
type ConstraintsCache ¶
type ConstraintsCache struct {
// contains filtered or unexported fields
}
func NewConstraintsCache ¶
func NewConstraintsCache() *ConstraintsCache
type ReconcileConstraint ¶
type ReconcileConstraint struct {
// contains filtered or unexported fields
}
ReconcileConstraint reconciles an arbitrary constraint object described by Kind.
type StatsReporter ¶
type StatsReporter interface {
// contains filtered or unexported methods
}
StatsReporter reports audit metrics.
type VapFlagType ¶ added in v3.16.0
type VapFlagType string
VapFlagType is the custom type for the vap-enforcement flag.
var VapEnforcement VapFlagType
func (*VapFlagType) Set ¶ added in v3.16.0
func (v *VapFlagType) Set(value string) error
Set validates and sets the value for the VapFlagType.
func (*VapFlagType) SetDefaultIfEmpty ¶ added in v3.16.0
func (v *VapFlagType) SetDefaultIfEmpty()
setting defaults when not set; required for unit test.
func (*VapFlagType) String ¶ added in v3.16.0
func (v *VapFlagType) String() string
String returns the string representation of the flag value.
Click to show internal directories.
Click to hide internal directories.