Documentation ¶
Overview ¶
Package v1alpha2 contains API Schema definitions for the k8s v1alpha2 API group +kubebuilder:object:generate=true +groupName=k8s.mondoo.com
Index ¶
- Constants
- Variables
- type Admission
- type AdmissionMode
- type CertificateProvisioning
- type CertificateProvisioningMode
- type ConsoleIntegration
- type Image
- type KubernetesResources
- type Metrics
- type MondooAuditConfig
- type MondooAuditConfigCondition
- type MondooAuditConfigConditionType
- type MondooAuditConfigList
- type MondooAuditConfigSpec
- type MondooAuditConfigStatus
- type MondooOperatorConfig
- type MondooOperatorConfigCondition
- type MondooOperatorConfigConditionType
- type MondooOperatorConfigList
- type MondooOperatorConfigSpec
- type MondooOperatorConfigStatus
- type Nodes
- type Scanner
Constants ¶
const ( // MondooOperatorConfigName is the one allowed name for the // cluster-scoped MondooOperatorConfig resource MondooOperatorConfigName = "mondoo-operator-config" )
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "k8s.mondoo.com", Version: "v1alpha2"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type Admission ¶
type Admission struct { Enable bool `json:"enable,omitempty"` Image Image `json:"image,omitempty"` // Mode represents whether the webhook will behave in a "permissive" mode (the default) which // will only scan and report on k8s resources or "enforcing" mode where depending // on the scan results may reject the k8s resource creation/modification. // +kubebuilder:validation:Enum=permissive;enforcing // +kubebuilder:default=permissive Mode AdmissionMode `json:"mode,omitempty"` // Number of replicas for the admission webhook. // For enforcing mode, the minimum should be two to prevent problems during Pod failures, // e.g. node failure, node scaling, etc. // +kubebuilder:validation:Minimum=1 // +kubebuilder:default=1 Replicas *int32 `json:"replicas,omitempty"` CertificateProvisioning CertificateProvisioning `json:"certificateProvisioning,omitempty"` }
func (*Admission) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Admission.
func (*Admission) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AdmissionMode ¶
type AdmissionMode string
AdmissionMode specifies the allowed modes of operation for the webhook admission controller
const ( Permissive AdmissionMode = "permissive" Enforcing AdmissionMode = "enforcing" )
type CertificateProvisioning ¶
type CertificateProvisioning struct { // +kubebuilder:validation:Enum=cert-manager;openshift;manual // +kubebuilder:default=manual Mode CertificateProvisioningMode `json:"mode,omitempty"` }
CertificateProvisioning defines the certificate provisioning configuration within the cluster.
func (*CertificateProvisioning) DeepCopy ¶
func (in *CertificateProvisioning) DeepCopy() *CertificateProvisioning
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateProvisioning.
func (*CertificateProvisioning) DeepCopyInto ¶
func (in *CertificateProvisioning) DeepCopyInto(out *CertificateProvisioning)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateProvisioningMode ¶
type CertificateProvisioningMode string
CertificateProvisioningMode is the specified method the cluster uses for provisioning TLS certificates
const ( CertManagerProvisioning CertificateProvisioningMode = "cert-manager" OpenShiftProvisioning CertificateProvisioningMode = "openshift" ManualProvisioning CertificateProvisioningMode = "manual" )
type ConsoleIntegration ¶ added in v0.2.10
type ConsoleIntegration struct {
Enable bool `json:"enable,omitempty"`
}
func (*ConsoleIntegration) DeepCopy ¶ added in v0.2.10
func (in *ConsoleIntegration) DeepCopy() *ConsoleIntegration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleIntegration.
func (*ConsoleIntegration) DeepCopyInto ¶ added in v0.2.10
func (in *ConsoleIntegration) DeepCopyInto(out *ConsoleIntegration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Image ¶
func (*Image) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Image.
func (*Image) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesResources ¶
type KubernetesResources struct { Enable bool `json:"enable,omitempty"` // ContainerImageScanning determines whether container images are being scanned. The current implementation // runs a separate job once every 24h that scans the container images running in the cluster. ContainerImageScanning bool `json:"containerImageScanning,omitempty"` }
func (*KubernetesResources) DeepCopy ¶
func (in *KubernetesResources) DeepCopy() *KubernetesResources
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResources.
func (*KubernetesResources) DeepCopyInto ¶
func (in *KubernetesResources) DeepCopyInto(out *KubernetesResources)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Metrics ¶
type Metrics struct { Enable bool `json:"enable,omitempty"` // ResourceLabels allows providing a list of extra labels to apply to the metrics-related // resources (eg. ServiceMonitor) ResourceLabels map[string]string `json:"resourceLabels,omitempty"` }
func (*Metrics) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metrics.
func (*Metrics) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MondooAuditConfig ¶
type MondooAuditConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec MondooAuditConfigSpec `json:"spec,omitempty"` Status MondooAuditConfigStatus `json:"status,omitempty"` }
MondooAuditConfig is the Schema for the mondooauditconfigs API
func (*MondooAuditConfig) DeepCopy ¶
func (in *MondooAuditConfig) DeepCopy() *MondooAuditConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfig.
func (*MondooAuditConfig) DeepCopyInto ¶
func (in *MondooAuditConfig) DeepCopyInto(out *MondooAuditConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MondooAuditConfig) DeepCopyObject ¶
func (in *MondooAuditConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*MondooAuditConfig) Hub ¶
func (*MondooAuditConfig) Hub()
Hub marks this type as a conversion hub.
type MondooAuditConfigCondition ¶
type MondooAuditConfigCondition struct { // Type is the specific type of the condition // +kubebuilder:validation:Required // +required Type MondooAuditConfigConditionType `json:"type"` // Status is the status of the condition // +kubebuilder:validation:Required // +required Status corev1.ConditionStatus `json:"status"` // LastUpdateTime is the last time we probed the condition LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"` // LastTransitionTime is the last time the condition transitioned from one status to another. LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` // Reason is a unique, one-word, CamelCase reason for the condition's last transition Reason string `json:"reason,omitempty"` // Message is a human-readable message indicating details about the last transition Message string `json:"message,omitempty"` }
func (*MondooAuditConfigCondition) DeepCopy ¶
func (in *MondooAuditConfigCondition) DeepCopy() *MondooAuditConfigCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigCondition.
func (*MondooAuditConfigCondition) DeepCopyInto ¶
func (in *MondooAuditConfigCondition) DeepCopyInto(out *MondooAuditConfigCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MondooAuditConfigConditionType ¶
type MondooAuditConfigConditionType string
MondooOperatorConfigConditionType is a valid value for MondooOperatorConfig.Status.Condition[].Type
const ( // Indicates weather NodeScanning is Degraded NodeScanningDegraded MondooAuditConfigConditionType = "NodeScanningDegraded" // Indicates weather Kubernetes resources scanning is Degraded K8sResourcesScanningDegraded MondooAuditConfigConditionType = "K8sResourcesScanningDegraded" // Indicates weather Kubernetes container image scanning is Degraded K8sContainerImageScanningDegraded MondooAuditConfigConditionType = "K8sContainerImageScanningDegraded" // Indicates weather Admission controller is Degraded AdmissionDegraded MondooAuditConfigConditionType = "AdmissionDegraded" // Indicates weather Admission controller is Degraded because of the ScanAPI ScanAPIDegraded MondooAuditConfigConditionType = "ScanAPIDegraded" // MondooIntegrationDegraded will hold the status for any issues encountered while trying to CheckIn() // on behalf of the Mondoo integration MRN MondooIntegrationDegraded MondooAuditConfigConditionType = "IntegrationDegraded" )
type MondooAuditConfigList ¶
type MondooAuditConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []MondooAuditConfig `json:"items"` }
MondooAuditConfigList contains a list of MondooAuditConfig
func (*MondooAuditConfigList) DeepCopy ¶
func (in *MondooAuditConfigList) DeepCopy() *MondooAuditConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigList.
func (*MondooAuditConfigList) DeepCopyInto ¶
func (in *MondooAuditConfigList) DeepCopyInto(out *MondooAuditConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MondooAuditConfigList) DeepCopyObject ¶
func (in *MondooAuditConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MondooAuditConfigSpec ¶
type MondooAuditConfigSpec struct { // Config is an example field of MondooAuditConfig. Edit mondooauditconfig_types.go to remove/update // +kubebuilder:validation:Required // +required MondooCredsSecretRef corev1.LocalObjectReference `json:"mondooCredsSecretRef"` // MondooTokenSecretRef can optionally hold a time-limited token that the mondoo-operator will use // to create a Mondoo service account saved to the Secret specified in .spec.mondooCredsSecretRef // if that Secret does not exist. MondooTokenSecretRef corev1.LocalObjectReference ` json:"mondooTokenSecretRef,omitempty"` Scanner Scanner `json:"scanner,omitempty"` KubernetesResources KubernetesResources `json:"kubernetesResources,omitempty"` Nodes Nodes `json:"nodes,omitempty"` Admission Admission `json:"admission,omitempty"` ConsoleIntegration ConsoleIntegration `json:"consoleIntegration,omitempty"` }
MondooAuditConfigSpec defines the desired state of MondooAuditConfig
func (*MondooAuditConfigSpec) DeepCopy ¶
func (in *MondooAuditConfigSpec) DeepCopy() *MondooAuditConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigSpec.
func (*MondooAuditConfigSpec) DeepCopyInto ¶
func (in *MondooAuditConfigSpec) DeepCopyInto(out *MondooAuditConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MondooAuditConfigStatus ¶
type MondooAuditConfigStatus struct { // Pods store the name of the pods which are running mondoo instances Pods []string `json:"pods,omitempty"` // Conditions includes detailed status for the MondooAuditConfig Conditions []MondooAuditConfigCondition `json:"conditions,omitempty"` // ReconciledByOperatorVersion contains the version of the operator which reconciled this MondooAuditConfig ReconciledByOperatorVersion string `json:"reconciledByOperatorVersion,omitempty"` }
MondooAuditConfigStatus defines the observed state of MondooAuditConfig
func (*MondooAuditConfigStatus) DeepCopy ¶
func (in *MondooAuditConfigStatus) DeepCopy() *MondooAuditConfigStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigStatus.
func (*MondooAuditConfigStatus) DeepCopyInto ¶
func (in *MondooAuditConfigStatus) DeepCopyInto(out *MondooAuditConfigStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MondooOperatorConfig ¶
type MondooOperatorConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec MondooOperatorConfigSpec `json:"spec,omitempty"` Status MondooOperatorConfigStatus `json:"status,omitempty"` }
MondooOperatorConfig is the Schema for the mondoooperatorconfigs API
func (*MondooOperatorConfig) DeepCopy ¶
func (in *MondooOperatorConfig) DeepCopy() *MondooOperatorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfig.
func (*MondooOperatorConfig) DeepCopyInto ¶
func (in *MondooOperatorConfig) DeepCopyInto(out *MondooOperatorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MondooOperatorConfig) DeepCopyObject ¶
func (in *MondooOperatorConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*MondooOperatorConfig) Hub ¶
func (*MondooOperatorConfig) Hub()
Hub marks this type as a conversion hub.
type MondooOperatorConfigCondition ¶
type MondooOperatorConfigCondition struct { // Type is the type of the condition. Type MondooOperatorConfigConditionType `json:"type"` // Status is the status of the condition. Status corev1.ConditionStatus `json:"status"` // LastUpdateTime is the last time the condition was updated. // +optional LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"` // LastTransitionTime is the last time the condition transitioned from one status to another. // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` // Reason is a unique, one-word, CamelCase reason for the condition's last transition. // +optional Reason string `json:"reason,omitempty"` // Message is a human-readable message indicating details about last transition. // +optional Message string `json:"message,omitempty"` }
Condition contains details for the current condition of a MondooOperatorConfig
func (*MondooOperatorConfigCondition) DeepCopy ¶
func (in *MondooOperatorConfigCondition) DeepCopy() *MondooOperatorConfigCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigCondition.
func (*MondooOperatorConfigCondition) DeepCopyInto ¶
func (in *MondooOperatorConfigCondition) DeepCopyInto(out *MondooOperatorConfigCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MondooOperatorConfigConditionType ¶
type MondooOperatorConfigConditionType string
MondooOperatorConfigConditionType is a valid value for MondooOperatorConfig.Status.Condition[].Type
const ( // PrometheusMissingCondition is used to indicate whether Prometheus was found to be installed or not. PrometheusMissingCondition MondooOperatorConfigConditionType = "PrometheusMissing" )
type MondooOperatorConfigList ¶
type MondooOperatorConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []MondooOperatorConfig `json:"items"` }
MondooOperatorConfigList contains a list of MondooOperatorConfig
func (*MondooOperatorConfigList) DeepCopy ¶
func (in *MondooOperatorConfigList) DeepCopy() *MondooOperatorConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigList.
func (*MondooOperatorConfigList) DeepCopyInto ¶
func (in *MondooOperatorConfigList) DeepCopyInto(out *MondooOperatorConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MondooOperatorConfigList) DeepCopyObject ¶
func (in *MondooOperatorConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MondooOperatorConfigSpec ¶
type MondooOperatorConfigSpec struct { // Metrics controls the enabling/disabling of metrics report of mondoo-operator Metrics Metrics `json:"metrics,omitempty"` // Allows skipping Image resolution from upstream repository SkipContainerResolution bool `json:"skipContainerResolution,omitempty"` }
MondooOperatorConfigSpec defines the desired state of MondooOperatorConfig
func (*MondooOperatorConfigSpec) DeepCopy ¶
func (in *MondooOperatorConfigSpec) DeepCopy() *MondooOperatorConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigSpec.
func (*MondooOperatorConfigSpec) DeepCopyInto ¶
func (in *MondooOperatorConfigSpec) DeepCopyInto(out *MondooOperatorConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MondooOperatorConfigStatus ¶
type MondooOperatorConfigStatus struct { // Conditions includes more detailed status for the mondoo config // +optional Conditions []MondooOperatorConfigCondition `json:"conditions,omitempty"` }
MondooOperatorConfigStatus defines the observed state of MondooOperatorConfig
func (*MondooOperatorConfigStatus) DeepCopy ¶
func (in *MondooOperatorConfigStatus) DeepCopy() *MondooOperatorConfigStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigStatus.
func (*MondooOperatorConfigStatus) DeepCopyInto ¶
func (in *MondooOperatorConfigStatus) DeepCopyInto(out *MondooOperatorConfigStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Nodes ¶
type Nodes struct { Enable bool `json:"enable,omitempty"` Resources corev1.ResourceRequirements `json:"resources,omitempty"` }
func (*Nodes) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Nodes.
func (*Nodes) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Scanner ¶
type Scanner struct { // +kubebuilder:default=mondoo-operator-k8s-resources-scanning ServiceAccountName string `json:"serviceAccountName,omitempty"` Image Image `json:"image,omitempty"` Resources corev1.ResourceRequirements `json:"resources,omitempty"` // Number of replicas for the scanner. // For enforcing mode, the minimum should be two to prevent problems during Pod failures, // e.g. node failure, node scaling, etc. // +kubebuilder:validation:Minimum=1 // +kubebuilder:default=1 Replicas *int32 `json:"replicas,omitempty"` // PrivateRegistryScanning defines the name of a secret that contains the credentials for the private // registries we have to pull images from. PrivateRegistriesPullSecretRef corev1.LocalObjectReference `json:"privateRegistriesPullSecretRef,omitempty"` // Env allows setting extra environment variables for the scanner. If the operator sets already an env // variable with the same name, the value specified here will override it. Env []corev1.EnvVar `json:"env,omitempty"` }
Scanner defines the settings for the Mondoo scanner that will be running in the cluster. The same scanner is used for scanning the Kubernetes API, the nodes and for serving the admission controller.
func (*Scanner) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Scanner.
func (*Scanner) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.