Documentation
¶
Index ¶
- Constants
- Variables
- func AreCronJobsEqual(a, b batchv1.CronJob) bool
- func AreCronJobsSuccessful(cs []batchv1.CronJob) bool
- func AreDeploymentsEqual(a, b appsv1.Deployment) bool
- func AreEnvVarsEqual(a, b []corev1.EnvVar) bool
- func AreResouceRequirementsEqual(x corev1.ResourceRequirements, y corev1.ResourceRequirements) bool
- func AreSecurityContextsEqual(a, b *corev1.SecurityContext) bool
- func AreServicesEqual(a, b corev1.Service) bool
- func CheckIfExists(ctx context.Context, kubeClient client.Client, ...) (bool, error)
- func CreateIfNotExist(ctx context.Context, kubeClient client.Client, ...) (bool, error)
- func DeleteIfExists(ctx context.Context, kubeClient client.Client, obj client.Object) error
- func GetClusterUID(ctx context.Context, kubeClient client.Client, log logr.Logger) (string, error)
- func GetIntegrationMrnFromSecret(secret corev1.Secret) (string, error)
- func GetIntegrationSecretForAuditConfig(ctx context.Context, kubeClient client.Client, ...) (*corev1.Secret, error)
- func GetRunningNamespace() (string, error)
- func GetServerVersion(cfg *rest.Config) (*version.Info, error)
- func GetServiceAccountFromSecret(secret corev1.Secret) (*mondooclient.ServiceAccountCredentials, error)
- func IsOpenshift() (bool, error)
- func MergeEnv(a, b []corev1.EnvVar) []corev1.EnvVar
- func ResourcesRequirementsWithDefaults(m corev1.ResourceRequirements, defaults corev1.ResourceRequirements) corev1.ResourceRequirements
- func TaintToToleration(t corev1.Taint) corev1.Toleration
- func TaintsToTolerations(taints []corev1.Taint) []corev1.Toleration
- func TryGetIntegrationMrnForAuditConfig(ctx context.Context, kubeClient client.Client, ...) (string, error)
- func UpdateDeployment(current *appsv1.Deployment, desired appsv1.Deployment)
- func UpdateService(current *corev1.Service, desired corev1.Service)
- func VerifyAPI(group, version string) (bool, error)
- func VerifyResourceExists(group, version, resource string, log logr.Logger) (bool, error)
- type CreateUpdateEventsPredicate
- type IgnoreGenericEventsPredicate
Constants ¶
const (
ResourceNameMaxLength = 52
)
Variables ¶
var DefaultCnspecResources corev1.ResourceRequirements = corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("200M"), corev1.ResourceCPU: resource.MustParse("600m"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("150M"), corev1.ResourceCPU: resource.MustParse("300m"), }, }
DefaultCnspecResources for cnspec container
var DefaultContainerScanningResources corev1.ResourceRequirements = corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("300M"), corev1.ResourceCPU: resource.MustParse("1"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("150M"), corev1.ResourceCPU: resource.MustParse("400m"), }, }
DefaultContainerScanningResources for cnspec container
var DefaultNodeScanningResources corev1.ResourceRequirements = corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("160M"), corev1.ResourceCPU: resource.MustParse("200m"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("100M"), corev1.ResourceCPU: resource.MustParse("50m"), }, }
DefaultNodeScanningResources for cnspec container when scanning nodes
Functions ¶
func AreCronJobsEqual ¶ added in v0.2.8
AreCronJobsEqual returns a value indicating whether 2 cron jobs are equal. Note that it does not perform a full comparison but checks just some of the properties of a deployment (only the ones we are currently interested at).
func AreCronJobsSuccessful ¶ added in v0.2.8
AreCronJobsSuccessful returns true if the latest runs of all of the provided CronJobs has been successful.
func AreDeploymentsEqual ¶
func AreDeploymentsEqual(a, b appsv1.Deployment) bool
AreDeploymentsEqual returns a value indicating whether 2 deployments are equal. Note that it does not perform a full comparison but checks just some of the properties of a deployment (only the ones we are currently interested at).
func AreEnvVarsEqual ¶ added in v1.0.0
AreEnvVarsEqual returns a value indicating whether 2 slices of environment variables are equal. Ordering is ignored.
func AreResouceRequirementsEqual ¶
func AreResouceRequirementsEqual(x corev1.ResourceRequirements, y corev1.ResourceRequirements) bool
AreResouceRequirementsEqual returns a value indicating whether 2 resource requirements are equal.
func AreSecurityContextsEqual ¶ added in v0.7.2
func AreSecurityContextsEqual(a, b *corev1.SecurityContext) bool
AreSecurityContextsEqual checks whether the provided Pod SecurityContexts are equal for the fields we are interested in.
func AreServicesEqual ¶
AreServicesEqual return a value indicating whether 2 services are equal. Note that it does not perform a full comparison but checks just some of the properties of a deployment (only the ones we are currently interested at).
func CheckIfExists ¶ added in v0.2.8
func CheckIfExists(ctx context.Context, kubeClient client.Client, retrieveObj, checkObj client.Object) (bool, error)
CheckIfExists will attempt to Get() the object, and report whether or not the object was found to exist.
func CreateIfNotExist ¶
func CreateIfNotExist(ctx context.Context, kubeClient client.Client, retrieveObj, createObj client.Object) (bool, error)
CreateIfNotExist creates an object if it doesn't already exist. The returned boolean indicates whether the object has been created. If the object already existed or an error occurred, then "false" is returned. If the object exists, no AlreadyExists error is returned.
func DeleteIfExists ¶
DeleteIfExists deletes a Kubernetes object if it exists. Any errors that might pop up because the object does not exist are ignored.
func GetClusterUID ¶ added in v0.8.1
GetClusterUID will just attempt to get the 'kube-system' Namespace and return the UID of the resource
func GetIntegrationMrnFromSecret ¶ added in v0.6.0
func GetIntegrationSecretForAuditConfig ¶ added in v0.6.0
func GetIntegrationSecretForAuditConfig(ctx context.Context, kubeClient client.Client, auditConfig v1alpha2.MondooAuditConfig) (*corev1.Secret, error)
GetIntegrationSecretForAuditConfig retrieves the MondooCredsSecretRef for the give MondooAuditConfig.
func GetRunningNamespace ¶ added in v0.2.6
GetRunningNamespace will return the namespace the Pod is running under Can fake the returned value (useful for local testing) by setting MONDOO_NAMESPACE_OVERRIDE
func GetServerVersion ¶ added in v0.6.0
func GetServiceAccountFromSecret ¶ added in v0.6.0
func GetServiceAccountFromSecret(secret corev1.Secret) (*mondooclient.ServiceAccountCredentials, error)
func IsOpenshift ¶ added in v1.12.5
IsOpenshift returns a value indicating whether the current cluster is an OpenShift cluster.
func MergeEnv ¶ added in v1.0.0
MergeEnv merges 2 slices of env vars. If the same key is present in both slices, the value from the second slice will be used.
func ResourcesRequirementsWithDefaults ¶
func ResourcesRequirementsWithDefaults(m corev1.ResourceRequirements, defaults corev1.ResourceRequirements) corev1.ResourceRequirements
ResourcesRequirementsWithDefaults will return the resource requirements from the parameter if such are specified. If not requirements are specified, default values will be returned.
func TaintToToleration ¶ added in v0.2.8
func TaintToToleration(t corev1.Taint) corev1.Toleration
func TaintsToTolerations ¶ added in v0.2.8
func TaintsToTolerations(taints []corev1.Taint) []corev1.Toleration
func TryGetIntegrationMrnForAuditConfig ¶ added in v0.6.0
func TryGetIntegrationMrnForAuditConfig(ctx context.Context, kubeClient client.Client, auditConfig v1alpha2.MondooAuditConfig) (string, error)
TryGetIntegrationMrnForAuditConfig tries to get the integration-mrn for a MondooAuditConfig. If ConsoleIntegration is disabled, no integration-mrn is returned but also no error.
func UpdateDeployment ¶
func UpdateDeployment(current *appsv1.Deployment, desired appsv1.Deployment)
UpdateDeployment updates a deployment such that it matches a desired state. The function does not replace all fields but only a set of fields that we are interested at.
func UpdateService ¶
UpdateService updates a service such that it matches a desired state. The function does not replace all fields but only a set of fields that we are interested at.
Types ¶
type CreateUpdateEventsPredicate ¶ added in v1.5.0
type CreateUpdateEventsPredicate struct{}
CreateUpdateEventsPredicate will allow only create and update events. Update events caused by object deletion are also ignored.
func (CreateUpdateEventsPredicate) Create ¶ added in v1.5.0
func (p CreateUpdateEventsPredicate) Create(e event.CreateEvent) bool
func (CreateUpdateEventsPredicate) Delete ¶ added in v1.5.0
func (p CreateUpdateEventsPredicate) Delete(e event.DeleteEvent) bool
func (CreateUpdateEventsPredicate) Generic ¶ added in v1.5.0
func (p CreateUpdateEventsPredicate) Generic(e event.GenericEvent) bool
func (CreateUpdateEventsPredicate) Update ¶ added in v1.5.0
func (p CreateUpdateEventsPredicate) Update(e event.UpdateEvent) bool
type IgnoreGenericEventsPredicate ¶ added in v0.2.8
type IgnoreGenericEventsPredicate struct{}
CreateOrDeletePredicate will completely ignore generic events.
func (IgnoreGenericEventsPredicate) Create ¶ added in v0.2.8
func (p IgnoreGenericEventsPredicate) Create(e event.CreateEvent) bool
func (IgnoreGenericEventsPredicate) Delete ¶ added in v0.2.8
func (p IgnoreGenericEventsPredicate) Delete(e event.DeleteEvent) bool
func (IgnoreGenericEventsPredicate) Generic ¶ added in v0.2.8
func (p IgnoreGenericEventsPredicate) Generic(e event.GenericEvent) bool
func (IgnoreGenericEventsPredicate) Update ¶ added in v0.2.8
func (p IgnoreGenericEventsPredicate) Update(e event.UpdateEvent) bool
Source Files