v1alpha2

package
v1.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2022 License: MPL-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package v1alpha2 contains API Schema definitions for the k8s v1alpha2 API group +kubebuilder:object:generate=true +groupName=k8s.mondoo.com

Index

Constants

View Source
const (
	// MondooOperatorConfigName is the one allowed name for the
	// cluster-scoped MondooOperatorConfig resource
	MondooOperatorConfigName = "mondoo-operator-config"
)

Variables

View Source
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "k8s.mondoo.com", Version: "v1alpha2"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type Admission

type Admission struct {
	Enable bool  `json:"enable,omitempty"`
	Image  Image `json:"image,omitempty"`
	// Mode represents whether the webhook will behave in a "permissive" mode (the default) which
	// will only scan and report on k8s resources or "enforcing" mode where depending
	// on the scan results may reject the k8s resource creation/modification.
	// +kubebuilder:validation:Enum=permissive;enforcing
	// +kubebuilder:default=permissive
	Mode AdmissionMode `json:"mode,omitempty"`
	// Number of replicas for the admission webhook.
	// For enforcing mode, the minimum should be two to prevent problems during Pod failures,
	// e.g. node failure, node scaling, etc.
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	Replicas                *int32                  `json:"replicas,omitempty"`
	CertificateProvisioning CertificateProvisioning `json:"certificateProvisioning,omitempty"`
	// ServiceAccountName specifies the Kubernetes ServiceAccount the webhook should use
	// during its operation.
	// +kubebuilder:default=mondoo-operator-webhook
	ServiceAccountName string `json:"serviceAccountName,omitempty"`
}

func (*Admission) DeepCopy

func (in *Admission) DeepCopy() *Admission

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Admission.

func (*Admission) DeepCopyInto

func (in *Admission) DeepCopyInto(out *Admission)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AdmissionMode

type AdmissionMode string

AdmissionMode specifies the allowed modes of operation for the webhook admission controller

const (
	Permissive AdmissionMode = "permissive"
	Enforcing  AdmissionMode = "enforcing"
)

type CertificateProvisioning

type CertificateProvisioning struct {
	// +kubebuilder:validation:Enum=cert-manager;openshift;manual
	// +kubebuilder:default=manual
	Mode CertificateProvisioningMode `json:"mode,omitempty"`
}

CertificateProvisioning defines the certificate provisioning configuration within the cluster.

func (*CertificateProvisioning) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateProvisioning.

func (*CertificateProvisioning) DeepCopyInto

func (in *CertificateProvisioning) DeepCopyInto(out *CertificateProvisioning)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateProvisioningMode

type CertificateProvisioningMode string

CertificateProvisioningMode is the specified method the cluster uses for provisioning TLS certificates

const (
	CertManagerProvisioning CertificateProvisioningMode = "cert-manager"
	OpenShiftProvisioning   CertificateProvisioningMode = "openshift"
	ManualProvisioning      CertificateProvisioningMode = "manual"
)

type ConsoleIntegration added in v0.2.10

type ConsoleIntegration struct {
	Enable bool `json:"enable,omitempty"`
}

func (*ConsoleIntegration) DeepCopy added in v0.2.10

func (in *ConsoleIntegration) DeepCopy() *ConsoleIntegration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleIntegration.

func (*ConsoleIntegration) DeepCopyInto added in v0.2.10

func (in *ConsoleIntegration) DeepCopyInto(out *ConsoleIntegration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Filtering added in v1.7.0

type Filtering struct {
	Namespaces FilteringSpec `json:"namespaces,omitempty"`
}

func (*Filtering) DeepCopy added in v1.7.0

func (in *Filtering) DeepCopy() *Filtering

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Filtering.

func (*Filtering) DeepCopyInto added in v1.7.0

func (in *Filtering) DeepCopyInto(out *Filtering)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FilteringSpec added in v1.7.0

type FilteringSpec struct {
	// Include is the list of resources to watch/scan. Setting Include overrides anything in the
	// Exclude list as specifying an Include list is effectively excluding everying except for what
	// is on the Include list.
	Include []string `json:"include,omitempty"`

	// Exclude is the list of resources to ignore for any watching/scanning actions. Use this if
	// the goal is to watch/scan all resources except for this Exclude list.
	Exclude []string `json:"exclude,omitempty"`
}

func (*FilteringSpec) DeepCopy added in v1.7.0

func (in *FilteringSpec) DeepCopy() *FilteringSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilteringSpec.

func (*FilteringSpec) DeepCopyInto added in v1.7.0

func (in *FilteringSpec) DeepCopyInto(out *FilteringSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Image

type Image struct {
	Name string `json:"name,omitempty"`
	Tag  string `json:"tag,omitempty"`
}

func (*Image) DeepCopy

func (in *Image) DeepCopy() *Image

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Image.

func (*Image) DeepCopyInto

func (in *Image) DeepCopyInto(out *Image)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesResources

type KubernetesResources struct {
	Enable bool `json:"enable,omitempty"`

	// ContainerImageScanning determines whether container images are being scanned. The current implementation
	// runs a separate job once every 24h that scans the container images running in the cluster.
	ContainerImageScanning bool `json:"containerImageScanning,omitempty"`
}

func (*KubernetesResources) DeepCopy

func (in *KubernetesResources) DeepCopy() *KubernetesResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResources.

func (*KubernetesResources) DeepCopyInto

func (in *KubernetesResources) DeepCopyInto(out *KubernetesResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Metrics

type Metrics struct {
	Enable bool `json:"enable,omitempty"`
	// ResourceLabels allows providing a list of extra labels to apply to the metrics-related
	// resources (eg. ServiceMonitor)
	ResourceLabels map[string]string `json:"resourceLabels,omitempty"`
}

func (*Metrics) DeepCopy

func (in *Metrics) DeepCopy() *Metrics

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metrics.

func (*Metrics) DeepCopyInto

func (in *Metrics) DeepCopyInto(out *Metrics)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MondooAuditConfig

type MondooAuditConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   MondooAuditConfigSpec   `json:"spec,omitempty"`
	Status MondooAuditConfigStatus `json:"status,omitempty"`
}

MondooAuditConfig is the Schema for the mondooauditconfigs API

func (*MondooAuditConfig) DeepCopy

func (in *MondooAuditConfig) DeepCopy() *MondooAuditConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfig.

func (*MondooAuditConfig) DeepCopyInto

func (in *MondooAuditConfig) DeepCopyInto(out *MondooAuditConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MondooAuditConfig) DeepCopyObject

func (in *MondooAuditConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*MondooAuditConfig) Hub

func (*MondooAuditConfig) Hub()

Hub marks this type as a conversion hub.

type MondooAuditConfigCondition

type MondooAuditConfigCondition struct {
	// Type is the specific type of the condition
	// +kubebuilder:validation:Required
	// +required
	Type MondooAuditConfigConditionType `json:"type"`
	// Status is the status of the condition
	// +kubebuilder:validation:Required
	// +required
	Status corev1.ConditionStatus `json:"status"`
	// LastUpdateTime is the last time we probed the condition
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
	// LastTransitionTime is the last time the condition transitioned from one status to another.
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// Reason is a unique, one-word, CamelCase reason for the condition's last transition
	Reason string `json:"reason,omitempty"`
	// Message is a human-readable message indicating details about the last transition
	Message string `json:"message,omitempty"`
}

func (*MondooAuditConfigCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigCondition.

func (*MondooAuditConfigCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MondooAuditConfigConditionType

type MondooAuditConfigConditionType string

MondooOperatorConfigConditionType is a valid value for MondooOperatorConfig.Status.Condition[].Type

const (
	// Indicates weather NodeScanning is Degraded
	NodeScanningDegraded MondooAuditConfigConditionType = "NodeScanningDegraded"
	// Indicates weather Kubernetes resources scanning is Degraded
	K8sResourcesScanningDegraded MondooAuditConfigConditionType = "K8sResourcesScanningDegraded"
	// Indicates weather Kubernetes container image scanning is Degraded
	K8sContainerImageScanningDegraded MondooAuditConfigConditionType = "K8sContainerImageScanningDegraded"
	// Indicates weather Admission controller is Degraded
	AdmissionDegraded MondooAuditConfigConditionType = "AdmissionDegraded"
	// Indicates weather Admission controller is Degraded because of the ScanAPI
	ScanAPIDegraded MondooAuditConfigConditionType = "ScanAPIDegraded"
	// MondooIntegrationDegraded will hold the status for any issues encountered while trying to CheckIn()
	// on behalf of the Mondoo integration MRN
	MondooIntegrationDegraded MondooAuditConfigConditionType = "IntegrationDegraded"
)

type MondooAuditConfigList

type MondooAuditConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []MondooAuditConfig `json:"items"`
}

MondooAuditConfigList contains a list of MondooAuditConfig

func (*MondooAuditConfigList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigList.

func (*MondooAuditConfigList) DeepCopyInto

func (in *MondooAuditConfigList) DeepCopyInto(out *MondooAuditConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MondooAuditConfigList) DeepCopyObject

func (in *MondooAuditConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MondooAuditConfigSpec

type MondooAuditConfigSpec struct {

	// Config is an example field of MondooAuditConfig. Edit mondooauditconfig_types.go to remove/update
	// +kubebuilder:validation:Required
	// +required
	MondooCredsSecretRef corev1.LocalObjectReference `json:"mondooCredsSecretRef"`

	// MondooTokenSecretRef can optionally hold a time-limited token that the mondoo-operator will use
	// to create a Mondoo service account saved to the Secret specified in .spec.mondooCredsSecretRef
	// if that Secret does not exist.
	MondooTokenSecretRef corev1.LocalObjectReference ` json:"mondooTokenSecretRef,omitempty"`

	Scanner             Scanner             `json:"scanner,omitempty"`
	KubernetesResources KubernetesResources `json:"kubernetesResources,omitempty"`
	Nodes               Nodes               `json:"nodes,omitempty"`
	Admission           Admission           `json:"admission,omitempty"`
	ConsoleIntegration  ConsoleIntegration  `json:"consoleIntegration,omitempty"`
	Filtering           Filtering           `json:"filtering,omitempty"`
}

MondooAuditConfigSpec defines the desired state of MondooAuditConfig

func (*MondooAuditConfigSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigSpec.

func (*MondooAuditConfigSpec) DeepCopyInto

func (in *MondooAuditConfigSpec) DeepCopyInto(out *MondooAuditConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MondooAuditConfigStatus

type MondooAuditConfigStatus struct {

	// Pods store the name of the pods which are running mondoo instances
	Pods []string `json:"pods,omitempty"`

	// Conditions includes detailed status for the MondooAuditConfig
	Conditions []MondooAuditConfigCondition `json:"conditions,omitempty"`

	// ReconciledByOperatorVersion contains the version of the operator which reconciled this MondooAuditConfig
	ReconciledByOperatorVersion string `json:"reconciledByOperatorVersion,omitempty"`
}

MondooAuditConfigStatus defines the observed state of MondooAuditConfig

func (*MondooAuditConfigStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooAuditConfigStatus.

func (*MondooAuditConfigStatus) DeepCopyInto

func (in *MondooAuditConfigStatus) DeepCopyInto(out *MondooAuditConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MondooOperatorConfig

type MondooOperatorConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   MondooOperatorConfigSpec   `json:"spec,omitempty"`
	Status MondooOperatorConfigStatus `json:"status,omitempty"`
}

MondooOperatorConfig is the Schema for the mondoooperatorconfigs API

func (*MondooOperatorConfig) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfig.

func (*MondooOperatorConfig) DeepCopyInto

func (in *MondooOperatorConfig) DeepCopyInto(out *MondooOperatorConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MondooOperatorConfig) DeepCopyObject

func (in *MondooOperatorConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*MondooOperatorConfig) Hub

func (*MondooOperatorConfig) Hub()

Hub marks this type as a conversion hub.

type MondooOperatorConfigCondition

type MondooOperatorConfigCondition struct {
	// Type is the type of the condition.
	Type MondooOperatorConfigConditionType `json:"type"`
	// Status is the status of the condition.
	Status corev1.ConditionStatus `json:"status"`
	// LastUpdateTime is the last time the condition was updated.
	// +optional
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
	// LastTransitionTime is the last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// Reason is a unique, one-word, CamelCase reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`
	// Message is a human-readable message indicating details about last transition.
	// +optional
	Message string `json:"message,omitempty"`
}

Condition contains details for the current condition of a MondooOperatorConfig

func (*MondooOperatorConfigCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigCondition.

func (*MondooOperatorConfigCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MondooOperatorConfigConditionType

type MondooOperatorConfigConditionType string

MondooOperatorConfigConditionType is a valid value for MondooOperatorConfig.Status.Condition[].Type

const (
	// PrometheusMissingCondition is used to indicate whether Prometheus was found to be installed or not.
	PrometheusMissingCondition MondooOperatorConfigConditionType = "PrometheusMissing"
)

type MondooOperatorConfigList

type MondooOperatorConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []MondooOperatorConfig `json:"items"`
}

MondooOperatorConfigList contains a list of MondooOperatorConfig

func (*MondooOperatorConfigList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigList.

func (*MondooOperatorConfigList) DeepCopyInto

func (in *MondooOperatorConfigList) DeepCopyInto(out *MondooOperatorConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MondooOperatorConfigList) DeepCopyObject

func (in *MondooOperatorConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MondooOperatorConfigSpec

type MondooOperatorConfigSpec struct {

	// Metrics controls the enabling/disabling of metrics report of mondoo-operator
	Metrics Metrics `json:"metrics,omitempty"`
	// Allows skipping Image resolution from upstream repository
	SkipContainerResolution bool `json:"skipContainerResolution,omitempty"`
}

MondooOperatorConfigSpec defines the desired state of MondooOperatorConfig

func (*MondooOperatorConfigSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigSpec.

func (*MondooOperatorConfigSpec) DeepCopyInto

func (in *MondooOperatorConfigSpec) DeepCopyInto(out *MondooOperatorConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MondooOperatorConfigStatus

type MondooOperatorConfigStatus struct {

	// Conditions includes more detailed status for the mondoo config
	// +optional
	Conditions []MondooOperatorConfigCondition `json:"conditions,omitempty"`
}

MondooOperatorConfigStatus defines the observed state of MondooOperatorConfig

func (*MondooOperatorConfigStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MondooOperatorConfigStatus.

func (*MondooOperatorConfigStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Nodes

type Nodes struct {
	Enable    bool                        `json:"enable,omitempty"`
	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
}

func (*Nodes) DeepCopy

func (in *Nodes) DeepCopy() *Nodes

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Nodes.

func (*Nodes) DeepCopyInto

func (in *Nodes) DeepCopyInto(out *Nodes)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Scanner

type Scanner struct {
	// +kubebuilder:default=mondoo-operator-k8s-resources-scanning
	ServiceAccountName string                      `json:"serviceAccountName,omitempty"`
	Image              Image                       `json:"image,omitempty"`
	Resources          corev1.ResourceRequirements `json:"resources,omitempty"`
	// Number of replicas for the scanner.
	// For enforcing mode, the minimum should be two to prevent problems during Pod failures,
	// e.g. node failure, node scaling, etc.
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	Replicas *int32 `json:"replicas,omitempty"`

	// PrivateRegistryScanning defines the name of a secret that contains the credentials for the private
	// registries we have to pull images from.
	PrivateRegistriesPullSecretRef corev1.LocalObjectReference `json:"privateRegistriesPullSecretRef,omitempty"`

	// Env allows setting extra environment variables for the scanner. If the operator sets already an env
	// variable with the same name, the value specified here will override it.
	Env []corev1.EnvVar `json:"env,omitempty"`
}

Scanner defines the settings for the Mondoo scanner that will be running in the cluster. The same scanner is used for scanning the Kubernetes API, the nodes and for serving the admission controller.

func (*Scanner) DeepCopy

func (in *Scanner) DeepCopy() *Scanner

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Scanner.

func (*Scanner) DeepCopyInto

func (in *Scanner) DeepCopyInto(out *Scanner)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL