sidecarexec

package
v0.46.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package sidecarexec provides an implementation of a sidecar container in kapp-controller which runs each bundled binary in this separate container. This was introduced for security purposes, to reduce the attack vector on kapp-controller container by moving the binary exec calls to it's own isolated container.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client provides access to sidecarexec API.

func NewClient

func NewClient(local exec.CmdRunner) (Client, error)

NewClient returns a new Client.

func (Client) CmdExec

func (r Client) CmdExec() CmdExecClient

CmdExec returns command execution implementation.

func (Client) OSConfig

func (r Client) OSConfig() OSConfigClient

OSConfig returns runtime environment configuration implementation.

type CmdExec

type CmdExec struct {
	// contains filtered or unexported fields
}

CmdExec provides RPC interface for command execution.

func (CmdExec) Run

func (r CmdExec) Run(input CmdInput, output *CmdOutput) error

Run executes a command (out of a set of allowed ones).

type CmdExecClient

type CmdExecClient struct {
	// contains filtered or unexported fields
}

CmdExecClient executes commands remotely (in a sidecar container) except for kapp commands which continue to run locally.

func (CmdExecClient) Run

func (r CmdExecClient) Run(cmd *goexec.Cmd) error

Run makes a CmdExec.Run RPC call. kapp command run locally though.

func (CmdExecClient) RunWithCancel

func (r CmdExecClient) RunWithCancel(cmd *goexec.Cmd, cancelCh chan struct{}) error

RunWithCancel is not supported except for kapp which runs locally.

type CmdInput

type CmdInput struct {
	Command string
	Args    []string
	Stdin   []byte
	Env     []string
	Dir     string
}

CmdInput describes a command to run.

type CmdOutput

type CmdOutput struct {
	Stdout   []byte
	Stderr   []byte
	Error    string
	ExitCode int
}

CmdOutput describes an command execution result.

type OSConfig

type OSConfig struct {

	// Mostly used for tests
	CACertsLoc   OSConfigCACertsLoc
	SetenvFunc   func(key, value string) error
	UnsetenvFunc func(string) error
	// contains filtered or unexported fields
}

OSConfig provides RPC interface system configuration.

func NewOSConfig

func NewOSConfig(log logr.Logger) OSConfig

NewOSConfig returns new OSConfig.

func (OSConfig) ApplyCACerts

func (r OSConfig) ApplyCACerts(chain string, _ *int) error

ApplyCACerts atomically updates existing CA certs file with additional CA certs provided.

func (OSConfig) ApplyProxy

func (r OSConfig) ApplyProxy(in ProxyInput, _ *int) error

ApplyProxy sets proxy related environment variables.

type OSConfigCACertsLoc

type OSConfigCACertsLoc struct {
	Path         string
	OrigCopyPath string
}

OSConfigCACertsLoc is a set of CA cert paths needed for cert management.

type OSConfigClient

type OSConfigClient struct {
	// contains filtered or unexported fields
}

OSConfigClient communicates over RPC client to configure runtime environment.

func (OSConfigClient) ApplyCACerts

func (r OSConfigClient) ApplyCACerts(chain string) error

ApplyCACerts makes OSConfig.ApplyCACerts RPC call.

func (OSConfigClient) ApplyProxy

func (r OSConfigClient) ApplyProxy(in config.ProxyOpts) error

ApplyProxy makes OSConfig.ApplyProxy RPC call.

type ProxyInput

type ProxyInput struct {
	HTTPProxy  string
	HTTPSProxy string
	NoProxy    string
}

ProxyInput describes proxy configuration.

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server accepts RPCs to execute commands or configure runtime environment.

func NewServer

func NewServer(local exec.CmdRunner, opts ServerOpts, log logr.Logger) *Server

NewServer returns a new Server.

func (*Server) Serve

func (r *Server) Serve() error

Serve starts an RPC server.

type ServerOpts

type ServerOpts struct {
	AllowedCmdNames []string
}

ServerOpts accepts Server's configuration.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL