kubebench

package

v0.15.20 Latest Latest Go to latest Published: Feb 1, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/starboard

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kubebench provides primitives for working with CIS Kubernetes benchmarks.

Index ¶

type Builder
- func NewBuilder(scheme *runtime.Scheme) *Builder
type Config
type Plugin
- func NewKubeBenchPlugin(clock ext.Clock, config Config) Plugin
type ReadWriter
- func NewReadWriter(client client.Client) ReadWriter
type Reader
type Scanner
- func NewScanner(scheme *runtime.Scheme, clientset kubernetes.Interface, plugin Plugin, ...) *Scanner
- func (s *Scanner) Scan(ctx context.Context, node corev1.Node) (v1alpha1.CISKubeBenchReport, error)
type Writer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Builder ¶ added in v0.10.1

type Builder struct {
	// contains filtered or unexported fields
}

func NewBuilder ¶ added in v0.10.1

func NewBuilder(scheme *runtime.Scheme) *Builder

func (*Builder) Controller ¶ added in v0.10.1

func (b *Builder) Controller(controller metav1.Object) *Builder

func (*Builder) Data ¶ added in v0.10.1

func (b *Builder) Data(data v1alpha1.CISKubeBenchReportData) *Builder

func (*Builder) Get ¶ added in v0.10.1

func (b *Builder) Get() (v1alpha1.CISKubeBenchReport, error)

type Config ¶ added in v0.6.0

type Config interface {
	GetKubeBenchImageRef() (string, error)
}

type Plugin ¶ added in v0.10.0

type Plugin interface {

	// GetScanJobSpec describes the pod that will be created by Starboard when
	// it schedules a Kubernetes job to audit the configuration of the specified
	// node.
	GetScanJobSpec(node corev1.Node) (corev1.PodSpec, error)

	// ParseCISKubeBenchReportData is a callback to parse and convert logs of
	// the pod controlled by the scan job to v1alpha1.CISKubeBenchReportData.
	ParseCISKubeBenchReportData(logsStream io.ReadCloser) (v1alpha1.CISKubeBenchReportData, error)

	GetContainerName() string
}

Plugin defines the interface between Starboard and Kubernetes configuration checker with CIS Kubernetes Benchmarks.

func NewKubeBenchPlugin ¶ added in v0.10.0

func NewKubeBenchPlugin(clock ext.Clock, config Config) Plugin

NewKubeBenchPlugin constructs a new Plugin, which is using an official Kube-Bench container image, with the specified Config.

type ReadWriter ¶ added in v0.3.0

type ReadWriter interface {
	Writer
	Reader
}

func NewReadWriter ¶ added in v0.9.0

func NewReadWriter(client client.Client) ReadWriter

type Reader ¶ added in v0.3.0

type Reader interface {
	FindByOwner(ctx context.Context, node kube.ObjectRef) (*v1alpha1.CISKubeBenchReport, error)
}

type Scanner ¶

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner ¶

func NewScanner(
	scheme *runtime.Scheme,
	clientset kubernetes.Interface,
	plugin Plugin,
	config starboard.ConfigData,
	opts kube.ScannerOpts,
) *Scanner

func (*Scanner) Scan ¶

func (s *Scanner) Scan(ctx context.Context, node corev1.Node) (v1alpha1.CISKubeBenchReport, error)

type Writer ¶

type Writer interface {
	Write(ctx context.Context, report v1alpha1.CISKubeBenchReport) error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL