config

package

v0.3.0 Latest Latest Go to latest Published: Apr 26, 2021 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/security-profiles-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetOperatorNamespace() string
func TryToGetOperatorNamespace() (string, error)

Constants ¶

View Source

const (
	// OperatorName is the name when referring to the operator.
	OperatorName = "security-profiles-operator"

	// Service Account for the security-profiles-operator daemon.
	SPOdServiceAccount = "spod"

	// OperatorRoot is the root directory of the operator.
	OperatorRoot = "/var/lib/security-profiles-operator"

	// UserRootless is the user which runs the operator.
	UserRootless = 65535

	// KubeletSeccompRootPath specifies the path where all kubelet seccomp
	// profiles are stored.
	KubeletSeccompRootPath = "/var/lib/kubelet/seccomp"

	// ProfilesRootPath specifies the path where the operator stores seccomp
	// profiles.
	ProfilesRootPath = KubeletSeccompRootPath + "/operator"

	// NodeNameEnvKey is the default environment variable key for retrieving
	// the name of the current node.
	NodeNameEnvKey = "NODE_NAME"

	// OperatorNamespaceEnvKey is the default environment variable key for retrieving
	// the operator's namespace.
	OperatorNamespaceEnvKey = "OPERATOR_NAMESPACE"

	// RestrictNamespaceEnvKey is the environment variable key for restricting
	// the operator to work on only a single Kubernetes namespace.
	RestrictNamespaceEnvKey = "RESTRICT_TO_NAMESPACE"

	// SeccompProfileRecordAnnotationKey is the annotation on a Pod that
	// triggers the oci-seccomp-bpf-hook to trace the syscalls of a Pod and
	// created a seccomp profile.
	SeccompProfileRecordAnnotationKey = "io.containers.trace-syscall"
)

Variables ¶

View Source

var ErrPodNamespaceEnvNotFound = errors.New("the env variable OPERATOR_NAMESPACE hasn't been set")

View Source

var ProfileRecordingOutputPath = filepath.Join(os.TempDir(), "security-profiles-operator-recordings")

ProfileRecordingOutputPath is the path where the recorded profiles will be stored. Those profiles are going to be reconciled into native CRDs and therefore have a limited lifetime.

Functions ¶

func GetOperatorNamespace ¶ added in v0.3.0

func GetOperatorNamespace() string

GetOperatorNamespace gets the namespace that the operator is currently running on. Failure to get the namespace results in a panic.

func TryToGetOperatorNamespace ¶ added in v0.3.0

func TryToGetOperatorNamespace() (string, error)

Types ¶

This section is empty.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL