Documentation ¶
Overview ¶
Package trireme needs to be documented here for godoc.
Index ¶
- func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error
- func OptionCollector(c collector.EventCollector) func(*config)
- func OptionDatapathService(s packetprocessor.PacketProcessor) func(*config)
- func OptionEnforceFqConfig(f *fqconfig.FilterQueue) func(*config)
- func OptionEnforceLinuxProcess() func(*config)
- func OptionEnforceLocal() func(*config)
- func OptionMonitors(m *monitor.Config) func(*config)
- func OptionPolicyResolver(r PolicyResolver) func(*config)
- func OptionProcMountPoint(p string) func(*config)
- func OptionSecret(s secrets.Secrets) func(*config)
- func OptionTargetNetworks(n []string) func(*config)
- func SetupCommandArgs(logToConsole, logWithID bool, subProcessArgs []string)
- func Supervisors(t Trireme) []supervisor.Supervisor
- type Option
- type PolicyResolver
- type PolicyUpdater
- type SecretsUpdater
- type Trireme
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LaunchRemoteEnforcer ¶
func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error
LaunchRemoteEnforcer launches a remote enforcer instance.
func OptionCollector ¶
func OptionCollector(c collector.EventCollector) func(*config)
OptionCollector is an option to provide an external collector implementation.
func OptionDatapathService ¶
func OptionDatapathService(s packetprocessor.PacketProcessor) func(*config)
OptionDatapathService is an option to provide an external datapath service implementation.
func OptionEnforceFqConfig ¶
func OptionEnforceFqConfig(f *fqconfig.FilterQueue) func(*config)
OptionEnforceFqConfig is an option to override filter queues.
func OptionEnforceLinuxProcess ¶
func OptionEnforceLinuxProcess() func(*config)
OptionEnforceLinuxProcess is an option to request support for linux process support.
func OptionEnforceLocal ¶
func OptionEnforceLocal() func(*config)
OptionEnforceLocal is an option to request local enforcer. Absence of this options implies use remote enforcers.
func OptionMonitors ¶
OptionMonitors is an option to provide configurations for monitors.
func OptionPolicyResolver ¶
func OptionPolicyResolver(r PolicyResolver) func(*config)
OptionPolicyResolver is an option to provide an external policy resolver implementation.
func OptionProcMountPoint ¶
func OptionProcMountPoint(p string) func(*config)
OptionProcMountPoint is an option to provide proc mount point.
func OptionSecret ¶
OptionSecret is an option to provide an external datapath service implementation.
func OptionTargetNetworks ¶
func OptionTargetNetworks(n []string) func(*config)
OptionTargetNetworks is an option to provide target network configuration.
func SetupCommandArgs ¶
SetupCommandArgs sets up arguments to be passed to the remote trireme instances.
func Supervisors ¶
func Supervisors(t Trireme) []supervisor.Supervisor
Supervisors returns a slice of all initialized supervisors.
Types ¶
type PolicyResolver ¶
type PolicyResolver interface { // ResolvePolicy returns the policy.PUPolicy associated with the given contextID using the given policy.RuntimeReader. ResolvePolicy(contextID string, RuntimeReader policy.RuntimeReader) (*policy.PUPolicy, error) // HandleDeletePU is called when a PU is stopped/killed. HandlePUEvent(contextID string, eventType events.Event) }
A PolicyResolver is responsible of creating the Policies for a specific Processing Unit. The PolicyResolver also got the ability to update an already instantiated policy.
type PolicyUpdater ¶
type PolicyUpdater interface { // UpdatePolicy updates the policy of the isolator for a container. UpdatePolicy(contextID string, policy *policy.PUPolicy) error }
A PolicyUpdater has the ability to receive an update for a specific policy.
type SecretsUpdater ¶
type SecretsUpdater interface { // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push UpdateSecrets(secrets secrets.Secrets) error }
SecretsUpdater provides an interface to update the secrets of enforcers managed by trireme at runtime
type Trireme ¶
type Trireme interface { // PURuntime returns a getter for a specific contextID. PURuntime(contextID string) (policy.RuntimeReader, error) // Start starts the component. Start() error // Stop stops the component. Stop() error // Supervisor returns the supervisor for a given PU type Supervisor(kind constants.PUType) supervisor.Supervisor // processor.ProcessingUnitsHandler // CreatePURuntime is called when a monitor detects creation of a new ProcessingUnit. CreatePURuntime(contextID string, runtimeInfo *policy.PURuntime) error // HandlePUEvent is called by all monitors when a PU event is generated. The implementer // is responsible to update all components by explicitly adding a new PU. HandlePUEvent(contextID string, event events.Event) error // PolicyUpdater // UpdatePolicy updates the policy of the isolator for a container. UpdatePolicy(contextID string, policy *policy.PUPolicy) error // SecretsUpdater // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push UpdateSecrets(secrets secrets.Secrets) error }
Trireme is the main interface to the Trireme package.
func NewTrireme ¶
func NewTrireme(c *config) Trireme
NewTrireme returns a reference to the trireme object based on the parameter subelements.
Directories ¶
Path | Synopsis |
---|---|
Package cgnetcls implements functionality to manage classid for processes belonging to different cgroups
|
Package cgnetcls implements functionality to manage classid for processes belonging to different cgroups |
mock
Package mockcgnetcls is a generated GoMock package.
|
Package mockcgnetcls is a generated GoMock package. |
cmd
|
|
mock
Package mockcollector is a generated GoMock package.
|
Package mockcollector is a generated GoMock package. |
policyenforcer/mock
Package mockpolicyenforcer is a generated GoMock package.
|
Package mockpolicyenforcer is a generated GoMock package. |
proxy
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
|
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally |
utils/packet
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
|
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure. |
utils/packetgen
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
|
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon |
internal
|
|
contextstore/mock
Package mockcontextstore is a generated GoMock package.
|
Package mockcontextstore is a generated GoMock package. |
processmon
Package processmon is to manage and monitor remote enforcers.
|
Package processmon is to manage and monitor remote enforcers. |
processmon/mock
Package mockprocessmon is a generated GoMock package.
|
Package mockprocessmon is a generated GoMock package. |
remoteenforcer/internal/statsclient/mock
Package mockstatsclient is a generated GoMock package.
|
Package mockstatsclient is a generated GoMock package. |
remoteenforcer/internal/statscollector/mock
Package mockstatscollector is a generated GoMock package.
|
Package mockstatscollector is a generated GoMock package. |
remoteenforcer/mock
Package mockremoteenforcer is a generated GoMock package.
|
Package mockremoteenforcer is a generated GoMock package. |
Package mocktrireme is a generated GoMock package.
|
Package mocktrireme is a generated GoMock package. |
instance/mock
Package mockinstance is a generated GoMock package.
|
Package mockinstance is a generated GoMock package. |
mock
Package mockmonitor is a generated GoMock package.
|
Package mockmonitor is a generated GoMock package. |
rpc/processor/mock
Package mockprocessor is a generated GoMock package.
|
Package mockprocessor is a generated GoMock package. |
Package policy describes a generic interface for retrieving policies.
|
Package policy describes a generic interface for retrieving policies. |
mock
Package mocksupervisor is a generated GoMock package.
|
Package mocksupervisor is a generated GoMock package. |
provider/mock
nolint nolint
|
nolint nolint |
proxy
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
|
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call. |