configurator

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 18, 2017 License: GPL-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package configurator provides some helper functions to helpe you create default Trireme and Monitor configurations.

Index

Constants

View Source
const (
	//DefaultProcMountPoint The default proc mountpoint
	DefaultProcMountPoint = "/proc"
	//AporetoProcMountPoint The aporeto proc mountpoint just in case we are launched with some specific docker config
	AporetoProcMountPoint = "/aporetoproc"
)

Variables

This section is empty.

Functions

func NewCompactPKIWithDocker

func NewCompactPKIWithDocker(
	serverID string,
	networks []string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	keyPEM []byte,
	certPEM []byte,
	caCertPEM []byte,
	token []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor)

NewCompactPKIWithDocker is an example of configuring Trireme to use the compact PKI secrets method. The calling module must provide a policy engine implementation and private/public key pair and parent certificate and key. All certificates are passed in PEM format. If a certificate pool is provided certificates will not be transmitted on the wire. This is an example use - certificates must be properly protected

func NewDistributedTriremeDocker

func NewDistributedTriremeDocker(serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets,
	impl constants.ImplementationType) trireme.Trireme

NewDistributedTriremeDocker instantiates Trireme using remote enforcers on the container namespaces

func NewHybridCompactPKIWithDocker

func NewHybridCompactPKIWithDocker(
	serverID string,
	networks []string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	keyPEM []byte,
	certPEM []byte,
	caCertPEM []byte,
	token []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor, monitor.Monitor)

NewHybridCompactPKIWithDocker is an example of configuring Trireme to use the compact PKI secrets method. The calling module must provide a policy engine implementation and private/public key pair and parent certificate and key. All certificates are passed in PEM format. If a certificate pool is provided certificates will not be transmitted on the wire. This is an example use - certificates must be properly protected

func NewHybridTrireme

func NewHybridTrireme(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets,
	networks []string,
) trireme.Trireme

NewHybridTrireme instantiates Trireme with both Linux and Docker enforcers. The Docker enforcers are remote

func NewLocalTriremeDocker

func NewLocalTriremeDocker(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets,
	impl constants.ImplementationType) trireme.Trireme

NewLocalTriremeDocker instantiates Trireme for Docker using enforcement on the main namespace

func NewPKITriremeWithDockerMonitor

func NewPKITriremeWithDockerMonitor(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	keyPEM []byte,
	certPEM []byte,
	caCertPEM []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor, enforcer.PublicKeyAdder)

NewPKITriremeWithDockerMonitor creates a new network isolator. The calling module must provide a policy engine implementation and private/public key pair and parent certificate. All certificates are passed in PEM format. If a certificate pool is provided certificates will not be transmitted on the wire

func NewPSKHybridTriremeWithMonitor

func NewPSKHybridTriremeWithMonitor(
	serverID string,
	networks []string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	key []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor, monitor.Monitor)

NewPSKHybridTriremeWithMonitor creates a new network isolator. The calling module must provide a policy engine implementation and a pre-shared secret. This is for backward compatibility. Will be removed

func NewPSKTriremeWithDockerMonitor

func NewPSKTriremeWithDockerMonitor(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	syncAtStart bool,
	key []byte,
	dockerMetadataExtractor dockermonitor.DockerMetadataExtractor,
	remoteEnforcer bool,
	killContainerError bool,
) (trireme.Trireme, monitor.Monitor)

NewPSKTriremeWithDockerMonitor creates a new network isolator. The calling module must provide a policy engine implementation and a pre-shared secret. This is for backward compatibility. Will be removed

func NewSecretsFromPKI

func NewSecretsFromPKI(keyPEM, certPEM, caCertPEM []byte) secrets.Secrets

NewSecretsFromPKI creates secrets from a PKI

func NewSecretsFromPSK

func NewSecretsFromPSK(key []byte) secrets.Secrets

NewSecretsFromPSK creates secrets from a pre-shared key

func NewTriremeLinuxProcess

func NewTriremeLinuxProcess(
	serverID string,
	resolver trireme.PolicyResolver,
	processor enforcer.PacketProcessor,
	eventCollector collector.EventCollector,
	secrets secrets.Secrets) trireme.Trireme

NewTriremeLinuxProcess instantiates Trireme for a Linux process implementation

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL