sidecarexec

package

v0.44.5 Latest Latest Go to latest Published: Jan 31, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation ¶

Overview ¶

Package sidecarexec provides an implementation of a sidecar container in kapp-controller which runs each bundled binary in this separate container. This was introduced for security purposes, to reduce the attack vector on kapp-controller container by moving the binary exec calls to it's own isolated container.

Index ¶

type Client
- func NewClient(local exec.CmdRunner) (Client, error)
- func (r Client) CmdExec() CmdExecClient
- func (r Client) OSConfig() OSConfigClient
type CmdExec
- func (r CmdExec) Run(input CmdInput, output *CmdOutput) error
type CmdExecClient
- func (r CmdExecClient) Run(cmd *goexec.Cmd) error
- func (r CmdExecClient) RunWithCancel(cmd *goexec.Cmd, cancelCh chan struct{}) error
type CmdInput
type CmdOutput
type OSConfig
- func NewOSConfig(log logr.Logger) OSConfig
- func (r OSConfig) ApplyCACerts(chain string, unusedResult *int) error
- func (r OSConfig) ApplyProxy(in ProxyInput, unusedResult *int) error
type OSConfigCACertsLoc
type OSConfigClient
- func (r OSConfigClient) ApplyCACerts(chain string) error
- func (r OSConfigClient) ApplyProxy(in config.ProxyOpts) error
type ProxyInput
type Server
- func NewServer(local exec.CmdRunner, opts ServerOpts, log logr.Logger) *Server
- func (r *Server) Serve() error
type ServerOpts

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client provides access to sidecarexec API.

func NewClient ¶

func NewClient(local exec.CmdRunner) (Client, error)

NewClient returns a new Client.

func (Client) CmdExec ¶

func (r Client) CmdExec() CmdExecClient

CmdExec returns command execution implementation.

func (Client) OSConfig ¶

func (r Client) OSConfig() OSConfigClient

OSConfig returns runtime environment configuration implementation.

type CmdExec ¶

type CmdExec struct {
	// contains filtered or unexported fields
}

CmdExec provides RPC interface for command execution.

func (CmdExec) Run ¶

func (r CmdExec) Run(input CmdInput, output *CmdOutput) error

Run executes a command (out of a set of allowed ones).

type CmdExecClient ¶

type CmdExecClient struct {
	// contains filtered or unexported fields
}

CmdExecClient executes commands remotely (in a sidecar container) except for kapp commands which continue to run locally.

func (CmdExecClient) Run ¶

func (r CmdExecClient) Run(cmd *goexec.Cmd) error

Run makes a CmdExec.Run RPC call. kapp command run locally though.

func (CmdExecClient) RunWithCancel ¶

func (r CmdExecClient) RunWithCancel(cmd *goexec.Cmd, cancelCh chan struct{}) error

RunWithCancel is not supported except for kapp which runs locally.

type CmdInput ¶

type CmdInput struct {
	Command string
	Args    []string
	Stdin   []byte
	Env     []string
	Dir     string
}

CmdInput describes a command to run.

type CmdOutput ¶

type CmdOutput struct {
	Stdout   []byte
	Stderr   []byte
	Error    string
	ExitCode int
}

CmdOutput describes an command execution result.

type OSConfig ¶

type OSConfig struct {

	// Mostly used for tests
	CACertsLoc   OSConfigCACertsLoc
	SetenvFunc   func(key, value string) error
	UnsetenvFunc func(string) error
	// contains filtered or unexported fields
}

OSConfig provides RPC interface system configuration.

func NewOSConfig ¶

func NewOSConfig(log logr.Logger) OSConfig

NewOSConfig returns new OSConfig.

func (OSConfig) ApplyCACerts ¶

func (r OSConfig) ApplyCACerts(chain string, unusedResult *int) error

ApplyCACerts atomically updates existing CA certs file with additional CA certs provided.

func (OSConfig) ApplyProxy ¶

func (r OSConfig) ApplyProxy(in ProxyInput, unusedResult *int) error

ApplyProxy sets proxy related environment variables.

type OSConfigCACertsLoc ¶

type OSConfigCACertsLoc struct {
	Path         string
	OrigCopyPath string
}

OSConfigCACertsLoc is a set of CA cert paths needed for cert management.

type OSConfigClient ¶

type OSConfigClient struct {
	// contains filtered or unexported fields
}

OSConfigClient communicates over RPC client to configure runtime environment.

func (OSConfigClient) ApplyCACerts ¶

func (r OSConfigClient) ApplyCACerts(chain string) error

ApplyCACerts makes OSConfig.ApplyCACerts RPC call.

func (OSConfigClient) ApplyProxy ¶

func (r OSConfigClient) ApplyProxy(in config.ProxyOpts) error

ApplyProxy makes OSConfig.ApplyProxy RPC call.

type ProxyInput ¶

type ProxyInput struct {
	HTTPProxy  string
	HTTPSProxy string
	NoProxy    string
}

ProxyInput describes proxy configuration.

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server accepts RPCs to execute commands or configure runtime environment.

func NewServer ¶

func NewServer(local exec.CmdRunner, opts ServerOpts, log logr.Logger) *Server

NewServer returns a new Server.

func (*Server) Serve ¶

func (r *Server) Serve() error

Serve starts an RPC server.

type ServerOpts ¶

type ServerOpts struct {
	AllowedCmdNames []string
}

ServerOpts accepts Server's configuration.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL