Documentation
¶
Index ¶
- Constants
- Variables
- func KiveDataContainerCmp(kiveData kivev2alpha1.KiveData, pod corev1.Pod, ...) bool
- func KiveDataTrapCmp(kiveData kivev2alpha1.KiveData, kiveTrap kivev2alpha1.KiveTrap) (bool, error)
- func KiveTrapHashID(kiveTrap kivev2alpha1.KiveTrap, alertVersion string) (string, error)
- func NewKiveDataName(inode uint64, dev uint32, pod corev1.Pod, ...) string
- func Output(client client.Reader)
- func RegexMatch(regex string, containerName string) (bool, error)
- type KiveDataReconciler
- type KivePodReconciler
- type KivePolicyReconciler
Constants ¶
View Source
const ( // The name used by our controller to claim ownership of fields when doing server-side apply in Kubernetes. FieldOwnerKiveController = "kive-controller" // Where to find the identifier of this running kernel KernelIDPath = "/proc/sys/kernel/random/boot_id" // Label used to store the trap identifier TrapIDLabel = "trap-id" )
View Source
const (
KiveDataFinalizerName = "kivedata.kivebpf.san7o.github.io/finalizer"
)
View Source
const (
KivePolicyFinalizerName = "kivepolicy.kivebpf.san7o.github.io/finalizer"
)
Variables ¶
View Source
var (
KernelID string = ""
)
Functions ¶
func KiveDataContainerCmp ¶
func KiveDataContainerCmp(kiveData kivev2alpha1.KiveData, pod corev1.Pod, containerStatus corev1.ContainerStatus) bool
func KiveDataTrapCmp ¶
func KiveDataTrapCmp(kiveData kivev2alpha1.KiveData, kiveTrap kivev2alpha1.KiveTrap) (bool, error)
func KiveTrapHashID ¶
func KiveTrapHashID(kiveTrap kivev2alpha1.KiveTrap, alertVersion string) (string, error)
func NewKiveDataName ¶
Types ¶
type KiveDataReconciler ¶
type KiveDataReconciler struct {
client.Client
UncachedClient client.Reader
Scheme *runtime.Scheme
}
func (*KiveDataReconciler) SetupWithManager ¶
func (r *KiveDataReconciler) SetupWithManager(mgr ctrl.Manager) error
type KivePodReconciler ¶
func (*KivePodReconciler) Reconcile ¶
func (r *KivePodReconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error)
There are two main operations we are concearned about with pods: pod creation and pod termination.
- creation: upon creation, the controller should send a reconcile request for KivePolicy so that new KiveData will be generated for the new pod.
- termination: upon termination, the controller should check if each KiveData refers to an existing pod. If it doesn't, then that resource should be eliminated.
Failures are treated as terminations.
func (*KivePodReconciler) SetupWithManager ¶
func (r *KivePodReconciler) SetupWithManager(mgr ctrl.Manager) error
type KivePolicyReconciler ¶
type KivePolicyReconciler struct {
client.Client
UncachedClient client.Reader
Scheme *runtime.Scheme
}
func (*KivePolicyReconciler) Reconcile ¶
func (r *KivePolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
The KivePolicy reconciliation is responsible for the following:
- For each KivePolicy, fetch files' information such as the inode number from the matched container.
- create KiveData resources with the previously fetched information if not already present.
func (*KivePolicyReconciler) SetupWithManager ¶
func (r *KivePolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.