configurator

package
v1.0.57 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 20, 2017 License: GPL-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package configurator provides some helper functions to helpe you create default Trireme and Monitor configurations.

Index

Constants

View Source 
const (
	//DefaultProcMountPoint The default proc mountpoint
	DefaultProcMountPoint = "/proc"
	//AporetoProcMountPoint The aporeto proc mountpoint just in case we are launched with some specific docker config
	AporetoProcMountPoint = "/aporetoproc"
)

Variables

This section is empty.

Functions

func NewCompactPKIWithDocker 

func NewCompactPKIWithDocker(
	serverID string,
	networks []string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	keyPEM []byte,
	certPEM []byte,
	caCertPEM []byte,
	token []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor)

NewCompactPKIWithDocker is an example of configuring Trireme to use the compact PKI secrets method. The calling module must provide a policy engine implementation and private/public key pair and parent certificate and key. All certificates are passed in PEM format. If a certificate pool is provided certificates will not be transmitted on the wire. This is an example use - certificates must be properly protected

func NewDistributedTriremeDocker 

func NewDistributedTriremeDocker(serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets,
	impl constants.ImplementationType) trireme.Trireme

NewDistributedTriremeDocker instantiates Trireme using remote enforcers on the container namespaces

func NewHybridCompactPKIWithDocker 

func NewHybridCompactPKIWithDocker(
	serverID string,
	networks []string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	keyPEM []byte,
	certPEM []byte,
	caCertPEM []byte,
	token []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor, monitor.Monitor)

NewHybridCompactPKIWithDocker is an example of configuring Trireme to use the compact PKI secrets method. The calling module must provide a policy engine implementation and private/public key pair and parent certificate and key. All certificates are passed in PEM format. If a certificate pool is provided certificates will not be transmitted on the wire. This is an example use - certificates must be properly protected

func NewHybridTrireme 

func NewHybridTrireme(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets,
	networks []string,
) trireme.Trireme

NewHybridTrireme instantiates Trireme with both Linux and Docker enforcers. The Docker enforcers are remote

func NewLocalTriremeDocker 

func NewLocalTriremeDocker(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets,
	impl constants.ImplementationType) trireme.Trireme

NewLocalTriremeDocker instantiates Trireme for Docker using enforcement on the main namespace

func NewPKITriremeWithDockerMonitor 

func NewPKITriremeWithDockerMonitor(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	keyPEM []byte,
	certPEM []byte,
	caCertPEM []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor, enforcer.PublicKeyAdder)

NewPKITriremeWithDockerMonitor creates a new network isolator. The calling module must provide a policy engine implementation and private/public key pair and parent certificate. All certificates are passed in PEM format. If a certificate pool is provided certificates will not be transmitted on the wire

func NewPSKHybridTriremeWithMonitor 

func NewPSKHybridTriremeWithMonitor(
	serverID string,
	networks []string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	key []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor, monitor.Monitor)

NewPSKHybridTriremeWithMonitor creates a new network isolator. The calling module must provide a policy engine implementation and a pre-shared secret. This is for backward compatibility. Will be removed

func NewPSKTriremeWithCNIMonitor added in v1.0.46 

func NewPSKTriremeWithCNIMonitor(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	key []byte,
	cniMetadataExtractor rpcmonitor.RPCMetadataExtractor,
	remoteEnforcer bool,
) (trireme.Trireme, monitor.Monitor)

NewPSKTriremeWithCNIMonitor simple CNI monitor

func NewPSKTriremeWithDockerMonitor 

func NewPSKTriremeWithDockerMonitor(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	key []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor)

NewPSKTriremeWithDockerMonitor creates a new network isolator. The calling module must provide a policy engine implementation and a pre-shared secret. This is for backward compatibility. Will be removed

func NewSecretsFromPKI 

func NewSecretsFromPKI(keyPEM, certPEM, caCertPEM []byte) secrets.Secrets

NewSecretsFromPKI creates secrets from a PKI

func NewSecretsFromPSK 

func NewSecretsFromPSK(key []byte) secrets.Secrets

NewSecretsFromPSK creates secrets from a pre-shared key

func NewTriremeLinuxProcess 

func NewTriremeLinuxProcess(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets) trireme.Trireme

NewTriremeLinuxProcess instantiates Trireme for a Linux process implementation

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.