podsecuritypolicy

package
v2.2.13+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 2, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterBindings

func RegisterBindings(ctx context.Context, context *config.UserContext)

RegisterBindings updates the pod security policy for this binding if it has been changed. Also resync service accounts so they pick up the change. If no policy exists then exits without doing anything.

func RegisterCluster

func RegisterCluster(ctx context.Context, context *config.UserContext)

RegisterCluster updates the pod security policy if the pod security policy template default for this cluster has been updated, then resyncs all service accounts in this namespace.

func RegisterNamespace

func RegisterNamespace(ctx context.Context, context *config.UserContext)

RegisterNamespace resyncs the current namespace's service accounts. This is necessary because service accounts determine their parent project via an annotation on the namespace, and the namespace is not always present when the service account handler is triggered. So we have this handler to retrigger the serviceaccount handler once the annotation has been added.

func RegisterServiceAccount

func RegisterServiceAccount(ctx context.Context, context *config.UserContext)

RegisterServiceAccount ensures that:

  1. Each namespace has a pod security policy assigned to a role if: a. its project has a PSPT assigned to it OR b. its cluster has a default PSPT assigned to it
  2. PSPs are bound to their associated service accounts via a cluster role binding

func RegisterTemplate

func RegisterTemplate(ctx context.Context, context *config.UserContext)

RegisterTemplate propagates updates to pod security policy templates to their associated pod security policies. Ignores pod security policy templates not assigned to a cluster or project.

Types

type Lifecycle

type Lifecycle struct {
	// contains filtered or unexported fields
}

func (*Lifecycle) Create

func (*Lifecycle) Remove

func (*Lifecycle) Updated

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL