v1alpha1

package
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the security-profiles-operator v1alpha1 API group +kubebuilder:object:generate=true +groupName=security-profiles-operator.x-k8s.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "security-profiles-operator.x-k8s.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type SPODSpec 

type SPODSpec struct {
	// Verbosity specifies the logging verbosity of the daemon.
	Verbosity uint `json:"verbosity,omitempty"`
	// EnableProfiling tells the operator whether or not to enable profiling
	// support for this SPOD instance.
	EnableProfiling bool `json:"enableProfiling,omitempty"`
	// tells the operator whether or not to enable SELinux support for this
	// SPOD instance.
	EnableSelinux *bool `json:"enableSelinux,omitempty"`
	// If specified, the SELinux type tag applied to the security context of SPOD.
	// +optional
	// +kubebuilder:default="spc_t"
	SelinuxTypeTag string `json:"selinuxTypeTag,omitempty"`
	// tells the operator whether or not to enable log enrichment support for this
	// SPOD instance.
	EnableLogEnricher bool `json:"enableLogEnricher,omitempty"`
	// tells the operator whether or not to enable bpf recorder support for this
	// SPOD instance.
	EnableBpfRecorder bool `json:"enableBpfRecorder,omitempty"`
	// tells the operator whether or not to enable AppArmor support for this
	// SPOD instance.
	EnableAppArmor bool `json:"enableAppArmor,omitempty"`
	// tells the operator whether or not to apply labels to pods that present
	// security policy-related denials. Note that this will be done cluster-wide.
	// Note that this currently requires the log enricher to be enabled.
	LabelPodDenials bool `json:"labelPodDenials,omitempty"`
	// If specified, the SPOD's tolerations.
	// +optional
	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
	// Defines options specific to the SELinux
	// functionality of the SecurityProfilesOperator
	SelinuxOpts SelinuxOptions `json:"selinuxOptions,omitempty"`
	// HostProcVolumePath is the path for specifying a custom host /proc
	// volume, which is required for the log-enricher as well as bpf-recorder
	// to retrieve the container ID for a process ID. This can be helpful for
	// nested environments, for example when using "kind".
	HostProcVolumePath string `json:"hostProcVolumePath,omitempty"`
	// WebhookOpts set custom namespace selectors and failure mode for
	// SPO's webhooks
	// +optional
	WebhookOpts []WebhookOptions `json:"webhookOptions,omitempty"`
	// AllowedSyscalls if specified, a list of system calls which are allowed
	// in seccomp profiles.
	// +optional
	AllowedSyscalls []string `json:"allowedSyscalls,omitempty"`
	// AllowedSeccompActions if specified, a list of allowed seccomp actions.
	// +optional
	AllowedSeccompActions []seccomp.Action `json:"allowedSeccompActions"`
}

SPODStatus defines the desired state of SPOD.

func (*SPODSpec) DeepCopy 

func (in *SPODSpec) DeepCopy() *SPODSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SPODSpec.

func (*SPODSpec) DeepCopyInto 

func (in *SPODSpec) DeepCopyInto(out *SPODSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SPODState 

type SPODState string

SPODState defines the state that the spod is in. 

const (
	// The SPOD instance is pending installation.
	SPODStatePending SPODState = "PENDING"
	// The SPOD instance is being created.
	SPODStateCreating SPODState = "CREATING"
	// The SPOD instance is being updated.
	SPODStateUpdating SPODState = "UPDATING"
	// The SPOD instance was installed successfully.
	SPODStateRunning SPODState = "RUNNING"
	// The SPOD instance couldn't be installed.
	SPODStateError SPODState = "ERROR"
)

type SPODStatus 

type SPODStatus struct {
	rcommonv1.ConditionedStatus `json:",inline"`
	// Represents the state that the policy is in. Can be:
	// PENDING, IN-PROGRESS, RUNNING or ERROR
	State SPODState `json:"state,omitempty"`
}

SPODStatus defines the observed state of SPOD.

func (*SPODStatus) DeepCopy 

func (in *SPODStatus) DeepCopy() *SPODStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SPODStatus.

func (*SPODStatus) DeepCopyInto 

func (in *SPODStatus) DeepCopyInto(out *SPODStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SPODStatus) StateCreating 

func (s *SPODStatus) StateCreating()

func (*SPODStatus) StatePending 

func (s *SPODStatus) StatePending()

func (*SPODStatus) StateRunning 

func (s *SPODStatus) StateRunning()

func (*SPODStatus) StateUpdating 

func (s *SPODStatus) StateUpdating()

type SecurityProfilesOperatorDaemon 

type SecurityProfilesOperatorDaemon struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SPODSpec   `json:"spec,omitempty"`
	Status SPODStatus `json:"status,omitempty"`
}

SecurityProfilesOperatorDaemon is the Schema to configure the spod deployment. +kubebuilder:subresource:status +kubebuilder:resource:path=securityprofilesoperatordaemons,shortName=spod +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.state`

func (*SecurityProfilesOperatorDaemon) DeepCopy 

func (in *SecurityProfilesOperatorDaemon) DeepCopy() *SecurityProfilesOperatorDaemon

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityProfilesOperatorDaemon.

func (*SecurityProfilesOperatorDaemon) DeepCopyInto 

func (in *SecurityProfilesOperatorDaemon) DeepCopyInto(out *SecurityProfilesOperatorDaemon)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityProfilesOperatorDaemon) DeepCopyObject 

func (in *SecurityProfilesOperatorDaemon) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecurityProfilesOperatorDaemonList 

type SecurityProfilesOperatorDaemonList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecurityProfilesOperatorDaemon `json:"items"`
}

SecurityProfilesOperatorDaemonList contains a list of SecurityProfilesOperatorDaemon.

func (*SecurityProfilesOperatorDaemonList) DeepCopy 

func (in *SecurityProfilesOperatorDaemonList) DeepCopy() *SecurityProfilesOperatorDaemonList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityProfilesOperatorDaemonList.

func (*SecurityProfilesOperatorDaemonList) DeepCopyInto 

func (in *SecurityProfilesOperatorDaemonList) DeepCopyInto(out *SecurityProfilesOperatorDaemonList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityProfilesOperatorDaemonList) DeepCopyObject 

func (in *SecurityProfilesOperatorDaemonList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SelinuxOptions added in v0.4.0 

type SelinuxOptions struct {
	// Lists the profiles coming from the system itself that are
	// allowed to be inherited by workloads. Use this with care,
	// as this might provide a lot of permissions depending on the
	// policy.
	// +kubebuilder:default={"container"}
	AllowedSystemProfiles []string `json:"allowedSystemProfiles,omitempty"`
}

SelinuxOptions defines options specific to the SELinux functionality of the SecurityProfilesOperator.

func (*SelinuxOptions) DeepCopy added in v0.4.0 

func (in *SelinuxOptions) DeepCopy() *SelinuxOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelinuxOptions.

func (*SelinuxOptions) DeepCopyInto added in v0.4.0 

func (in *SelinuxOptions) DeepCopyInto(out *SelinuxOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookOptions added in v0.4.3 

type WebhookOptions struct {
	// Name specifies which webhook do we configure
	Name string `json:"name,omitempty"`
	// FailurePolicy sets the webhook failure policy
	// +optional
	FailurePolicy *admissionregv1.FailurePolicyType `json:"failurePolicy,omitempty"`
	// NamespaceSelector sets webhook's namespace selector
	// +optional
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
}

func (*WebhookOptions) DeepCopy added in v0.4.3 

func (in *WebhookOptions) DeepCopy() *WebhookOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookOptions.

func (*WebhookOptions) DeepCopyInto added in v0.4.3 

func (in *WebhookOptions) DeepCopyInto(out *WebhookOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.