Documentation ¶
Overview ¶
Package trireme needs to be documented here for godoc.
Index ¶
- func CleanOldState()
- func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error
- func NewMonitor(opts ...MonitorOption) *monitor.Config
- func OptionCollector(c collector.EventCollector) func(*config)
- func OptionDatapathService(s packetprocessor.PacketProcessor) func(*config)
- func OptionEnforceFqConfig(f *fqconfig.FilterQueue) func(*config)
- func OptionEnforceLinuxProcess() func(*config)
- func OptionEnforceLocal() func(*config)
- func OptionMergeTags(tags []string) func(*monitor.Config)
- func OptionMonitorCNI(opts ...func(*cnimonitor.Config)) func(*monitor.Config)
- func OptionMonitorDocker(opts ...func(*dockermonitor.Config)) func(*monitor.Config)
- func OptionMonitorLinuxHost(opts ...func(*linuxmonitor.Config)) func(*monitor.Config)
- func OptionMonitorLinuxProcess(opts ...func(*linuxmonitor.Config)) func(*monitor.Config)
- func OptionMonitorUID(opts ...func(*uidmonitor.Config)) func(*monitor.Config)
- func OptionMonitors(m *monitor.Config) func(*config)
- func OptionPacketLogs() func(*config)
- func OptionPolicyResolver(r PolicyResolver) func(*config)
- func OptionProcMountPoint(p string) func(*config)
- func OptionSecret(s secrets.Secrets) func(*config)
- func OptionSynchronizationHandler(s processor.SynchronizationHandler) func(*monitor.Config)
- func OptionTargetNetworks(n []string) func(*config)
- func SetupCommandArgs(logToConsole, logWithID bool, subProcessArgs []string)
- func SubOptionMonitorCNIExtractor(extractor events.EventMetadataExtractor) func(*cnimonitor.Config)
- func SubOptionMonitorDockerExtractor(extractor dockermonitor.MetadataExtractor) func(*dockermonitor.Config)
- func SubOptionMonitorDockerFlags(syncAtStart, killContainerOnPolicyError bool) func(*dockermonitor.Config)
- func SubOptionMonitorDockerSocket(socketType, socketAddress string) func(*dockermonitor.Config)
- func SubOptionMonitorLinuxExtractor(extractor events.EventMetadataExtractor) func(*linuxmonitor.Config)
- func SubOptionMonitorUIDExtractor(extractor events.EventMetadataExtractor) func(*uidmonitor.Config)
- func Supervisors(t Trireme) []supervisor.Supervisor
- type MonitorOption
- type Option
- type PolicyResolver
- type PolicyUpdater
- type SecretsUpdater
- type Trireme
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LaunchRemoteEnforcer ¶
func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error
LaunchRemoteEnforcer launches a remote enforcer instance.
func NewMonitor ¶
func NewMonitor(opts ...MonitorOption) *monitor.Config
NewMonitor provides a configuration for monitors.
func OptionCollector ¶
func OptionCollector(c collector.EventCollector) func(*config)
OptionCollector is an option to provide an external collector implementation.
func OptionDatapathService ¶
func OptionDatapathService(s packetprocessor.PacketProcessor) func(*config)
OptionDatapathService is an option to provide an external datapath service implementation.
func OptionEnforceFqConfig ¶
func OptionEnforceFqConfig(f *fqconfig.FilterQueue) func(*config)
OptionEnforceFqConfig is an option to override filter queues.
func OptionEnforceLinuxProcess ¶
func OptionEnforceLinuxProcess() func(*config)
OptionEnforceLinuxProcess is an option to request support for linux process support.
func OptionEnforceLocal ¶
func OptionEnforceLocal() func(*config)
OptionEnforceLocal is an option to request local enforcer. Absence of this options implies use remote enforcers.
func OptionMergeTags ¶
OptionMergeTags provides a way to add merge tags to be used with New().
func OptionMonitorCNI ¶
OptionMonitorCNI provides a way to add a cni monitor and related configuration to be used with New().
func OptionMonitorDocker ¶
OptionMonitorDocker provides a way to add a docker monitor and related configuration to be used with New().
func OptionMonitorLinuxHost ¶
OptionMonitorLinuxHost provides a way to add a linux host monitor and related configuration to be used with New().
func OptionMonitorLinuxProcess ¶
OptionMonitorLinuxProcess provides a way to add a linux process monitor and related configuration to be used with New().
func OptionMonitorUID ¶
OptionMonitorUID provides a way to add a UID monitor and related configuration to be used with New().
func OptionMonitors ¶
OptionMonitors is an option to provide configurations for monitors.
func OptionPacketLogs ¶
func OptionPacketLogs() func(*config)
OptionPacketLogs is an option to enable packet level logging.
func OptionPolicyResolver ¶
func OptionPolicyResolver(r PolicyResolver) func(*config)
OptionPolicyResolver is an option to provide an external policy resolver implementation.
func OptionProcMountPoint ¶
func OptionProcMountPoint(p string) func(*config)
OptionProcMountPoint is an option to provide proc mount point.
func OptionSecret ¶
OptionSecret is an option to provide an external datapath service implementation.
func OptionSynchronizationHandler ¶
func OptionSynchronizationHandler( s processor.SynchronizationHandler, ) func(*monitor.Config)
OptionSynchronizationHandler provides options related to processor configuration to be used with New().
func OptionTargetNetworks ¶
func OptionTargetNetworks(n []string) func(*config)
OptionTargetNetworks is an option to provide target network configuration.
func SetupCommandArgs ¶
SetupCommandArgs sets up arguments to be passed to the remote trireme instances.
func SubOptionMonitorCNIExtractor ¶
func SubOptionMonitorCNIExtractor(extractor events.EventMetadataExtractor) func(*cnimonitor.Config)
SubOptionMonitorCNIExtractor provides a way to specify metadata extractor for CNI monitors.
func SubOptionMonitorDockerExtractor ¶
func SubOptionMonitorDockerExtractor(extractor dockermonitor.MetadataExtractor) func(*dockermonitor.Config)
SubOptionMonitorDockerExtractor provides a way to specify metadata extractor for docker.
func SubOptionMonitorDockerFlags ¶
func SubOptionMonitorDockerFlags(syncAtStart, killContainerOnPolicyError bool) func(*dockermonitor.Config)
SubOptionMonitorDockerFlags provides a way to specify configuration flags info for docker.
func SubOptionMonitorDockerSocket ¶
func SubOptionMonitorDockerSocket(socketType, socketAddress string) func(*dockermonitor.Config)
SubOptionMonitorDockerSocket provides a way to specify socket info for docker.
func SubOptionMonitorLinuxExtractor ¶
func SubOptionMonitorLinuxExtractor(extractor events.EventMetadataExtractor) func(*linuxmonitor.Config)
SubOptionMonitorLinuxExtractor provides a way to specify metadata extractor for linux monitors.
func SubOptionMonitorUIDExtractor ¶
func SubOptionMonitorUIDExtractor(extractor events.EventMetadataExtractor) func(*uidmonitor.Config)
SubOptionMonitorUIDExtractor provides a way to specify metadata extractor for UID monitors.
func Supervisors ¶
func Supervisors(t Trireme) []supervisor.Supervisor
Supervisors returns a slice of all initialized supervisors.
Types ¶
type MonitorOption ¶
MonitorOption is provided using functional arguments.
type PolicyResolver ¶
type PolicyResolver interface { // ResolvePolicy returns the policy.PUPolicy associated with the given contextID using the given policy.RuntimeReader. ResolvePolicy(contextID string, RuntimeReader policy.RuntimeReader) (*policy.PUPolicy, error) // HandleDeletePU is called when a PU is stopped/killed. HandlePUEvent(contextID string, eventType events.Event) }
A PolicyResolver is responsible of creating the Policies for a specific Processing Unit. The PolicyResolver also got the ability to update an already instantiated policy.
type PolicyUpdater ¶
type PolicyUpdater interface { // UpdatePolicy updates the policy of the isolator for a container. UpdatePolicy(contextID string, policy *policy.PUPolicy) error }
A PolicyUpdater has the ability to receive an update for a specific policy.
type SecretsUpdater ¶
type SecretsUpdater interface { // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push UpdateSecrets(secrets secrets.Secrets) error }
SecretsUpdater provides an interface to update the secrets of enforcers managed by trireme at runtime
type Trireme ¶
type Trireme interface { // PURuntime returns a getter for a specific contextID. PURuntime(contextID string) (policy.RuntimeReader, error) // Start starts the component. Start() error // Stop stops the component. Stop() error // Supervisor returns the supervisor for a given PU type Supervisor(kind constants.PUType) supervisor.Supervisor // processor.ProcessingUnitsHandler // CreatePURuntime is called when a monitor detects creation of a new ProcessingUnit. CreatePURuntime(contextID string, runtimeInfo *policy.PURuntime) error // HandlePUEvent is called by all monitors when a PU event is generated. The implementer // is responsible to update all components by explicitly adding a new PU. HandlePUEvent(contextID string, event events.Event) error // PolicyUpdater // UpdatePolicy updates the policy of the isolator for a container. UpdatePolicy(contextID string, policy *policy.PUPolicy) error // SecretsUpdater // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push UpdateSecrets(secrets secrets.Secrets) error }
Trireme is the main interface to the Trireme package.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
mock
Package mockcollector is a generated GoMock package.
|
Package mockcollector is a generated GoMock package. |
policyenforcer/mock
Package mockpolicyenforcer is a generated GoMock package.
|
Package mockpolicyenforcer is a generated GoMock package. |
proxy
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
|
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally |
utils/packet
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
|
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure. |
utils/packetgen
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
|
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon |
internal
|
|
monitor/instance/mock
Package mockinstance is a generated GoMock package.
|
Package mockinstance is a generated GoMock package. |
monitor/mock
Package mockmonitor is a generated GoMock package.
|
Package mockmonitor is a generated GoMock package. |
processmon
Package processmon is to manage and monitor remote enforcers.
|
Package processmon is to manage and monitor remote enforcers. |
processmon/mock
Package mockprocessmon is a generated GoMock package.
|
Package mockprocessmon is a generated GoMock package. |
remoteenforcer/internal/statsclient/mock
Package mockstatsclient is a generated GoMock package.
|
Package mockstatsclient is a generated GoMock package. |
remoteenforcer/internal/statscollector/mock
Package mockstatscollector is a generated GoMock package.
|
Package mockstatscollector is a generated GoMock package. |
remoteenforcer/mock
Package mockremoteenforcer is a generated GoMock package.
|
Package mockremoteenforcer is a generated GoMock package. |
supervisor/mock
Package mocksupervisor is a generated GoMock package.
|
Package mocksupervisor is a generated GoMock package. |
supervisor/provider/mock
nolint nolint
|
nolint nolint |
supervisor/proxy
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
|
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call. |
Package mocktrireme is a generated GoMock package.
|
Package mocktrireme is a generated GoMock package. |
Package policy describes a generic interface for retrieving policies.
|
Package policy describes a generic interface for retrieving policies. |
rpc
|
|
processor/mock
Package mockprocessor is a generated GoMock package.
|
Package mockprocessor is a generated GoMock package. |
utils
|
|
cgnetcls
Package cgnetcls implements functionality to manage classid for processes belonging to different cgroups
|
Package cgnetcls implements functionality to manage classid for processes belonging to different cgroups |
cgnetcls/mock
Package mockcgnetcls is a generated GoMock package.
|
Package mockcgnetcls is a generated GoMock package. |
contextstore/mock
Package mockcontextstore is a generated GoMock package.
|
Package mockcontextstore is a generated GoMock package. |