Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the security-profiles-operator v1alpha1 API group +kubebuilder:object:generate=true +groupName=security-profiles-operator.x-k8s.io
Index ¶
- Constants
- Variables
- type ProfileMergeStrategy
- type ProfileRecorder
- type ProfileRecording
- func (pr *ProfileRecording) CtrAnnotation(ctrName string) (key, value string, err error)
- func (in *ProfileRecording) DeepCopy() *ProfileRecording
- func (in *ProfileRecording) DeepCopyInto(out *ProfileRecording)
- func (in *ProfileRecording) DeepCopyObject() runtime.Object
- func (pr *ProfileRecording) IsKindSupported() bool
- type ProfileRecordingKind
- type ProfileRecordingList
- type ProfileRecordingSpec
- type ProfileRecordingStatus
Constants ¶
const ( // ProfileToRecordingLabel is the name of the ProfileRecording CR that produced this profile. ProfileToRecordingLabel = "spo.x-k8s.io/recording-id" // ProfileToContainerLabel is the name of the container that produced this profile. ProfileToContainerLabel = "spo.x-k8s.io/container-id" // RecordingHasUnmergedProfiles is a finalizer that indicates that the recording has partial policies. Its // main use is to hold off the deletion of the recording until all partial profiles are merged. RecordingHasUnmergedProfiles = "spo.x-k8s.io/has-unmerged-profiles" )
Variables ¶
var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "security-profiles-operator.x-k8s.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type ProfileMergeStrategy ¶ added in v0.5.0
type ProfileMergeStrategy string
const ( ProfileMergeNone ProfileMergeStrategy = "none" ProfileMergeContainers ProfileMergeStrategy = "containers" )
type ProfileRecorder ¶ added in v0.4.0
type ProfileRecorder string
const ( ProfileRecorderLogs ProfileRecorder = "logs" ProfileRecorderBpf ProfileRecorder = "bpf" )
type ProfileRecording ¶
type ProfileRecording struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ProfileRecordingSpec `json:"spec,omitempty"` Status ProfileRecordingStatus `json:"status,omitempty"` }
ProfileRecording is the Schema for the profilerecordings API. +kubebuilder:subresource:status +kubebuilder:printcolumn:name="PodSelector",type=string,priority=10,JSONPath=`.spec.podSelector`
func (*ProfileRecording) CtrAnnotation ¶ added in v0.4.0
func (pr *ProfileRecording) CtrAnnotation(ctrName string) (key, value string, err error)
func (*ProfileRecording) DeepCopy ¶
func (in *ProfileRecording) DeepCopy() *ProfileRecording
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecording.
func (*ProfileRecording) DeepCopyInto ¶
func (in *ProfileRecording) DeepCopyInto(out *ProfileRecording)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileRecording) DeepCopyObject ¶
func (in *ProfileRecording) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ProfileRecording) IsKindSupported ¶ added in v0.4.0
func (pr *ProfileRecording) IsKindSupported() bool
type ProfileRecordingKind ¶ added in v0.4.0
type ProfileRecordingKind string
const ( ProfileRecordingKindSeccompProfile ProfileRecordingKind = "SeccompProfile" ProfileRecordingKindSelinuxProfile ProfileRecordingKind = "SelinuxProfile" )
type ProfileRecordingList ¶
type ProfileRecordingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ProfileRecording `json:"items"` }
ProfileRecordingList contains a list of ProfileRecording.
func (*ProfileRecordingList) DeepCopy ¶
func (in *ProfileRecordingList) DeepCopy() *ProfileRecordingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecordingList.
func (*ProfileRecordingList) DeepCopyInto ¶
func (in *ProfileRecordingList) DeepCopyInto(out *ProfileRecordingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileRecordingList) DeepCopyObject ¶
func (in *ProfileRecordingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileRecordingSpec ¶
type ProfileRecordingSpec struct { // Kind of object to be recorded. // +kubebuilder:validation:Enum=SeccompProfile;SelinuxProfile Kind ProfileRecordingKind `json:"kind"` // Recorder to be used. // +kubebuilder:validation:Enum=bpf;logs Recorder ProfileRecorder `json:"recorder"` // Whether or how to merge recorded profiles. Can be one of "none" or "containers". // Default is "none". // +optional // +kubebuilder:default="none" // +kubebuilder:validation:Enum=none;containers MergeStrategy ProfileMergeStrategy `json:"mergeStrategy"` // PodSelector selects the pods to record. This field follows standard // label selector semantics. An empty podSelector matches all pods in this // namespace. PodSelector metav1.LabelSelector `json:"podSelector"` // Containers is a set of containers to record. This allows to select // only specific containers to record instead of all containers present // in the pod. // +optional Containers []string `json:"containers,omitempty"` // DisableProfileAfterRecording indicates whether the profile should be disabled // after recording and thus skipped during reconcile. In case of SELinux profiles, // reconcile can take a significant amount of time and for all profiles might not be needed. // This Defaults to false. // +optional // +kubebuilder:default=false DisableProfileAfterRecording bool `json:"disableProfileAfterRecording,omitempty"` }
ProfileRecordingSpec defines the desired state of ProfileRecording.
func (*ProfileRecordingSpec) DeepCopy ¶
func (in *ProfileRecordingSpec) DeepCopy() *ProfileRecordingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecordingSpec.
func (*ProfileRecordingSpec) DeepCopyInto ¶
func (in *ProfileRecordingSpec) DeepCopyInto(out *ProfileRecordingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProfileRecordingStatus ¶
type ProfileRecordingStatus struct {
ActiveWorkloads []string `json:"activeWorkloads,omitempty"`
}
ProfileRecordingStatus contains status of the ProfileRecording.
func (*ProfileRecordingStatus) DeepCopy ¶
func (in *ProfileRecordingStatus) DeepCopy() *ProfileRecordingStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecordingStatus.
func (*ProfileRecordingStatus) DeepCopyInto ¶
func (in *ProfileRecordingStatus) DeepCopyInto(out *ProfileRecordingStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.