Documentation ¶
Index ¶
- Variables
- func GetOSSigChannel() chan os.Signal
- func KubeArmor(clusterName, gRPCPort, logPath string, ...)
- type ContainerdHandler
- func (ch *ContainerdHandler) Close()
- func (ch *ContainerdHandler) GetContainerInfo(ctx context.Context, containerID string) (tp.Container, error)
- func (ch *ContainerdHandler) GetContainerdContainers() map[string]context.Context
- func (ch *ContainerdHandler) GetDeletedContainerdContainers(containers map[string]context.Context) map[string]context.Context
- func (ch *ContainerdHandler) GetNewContainerdContainers(containers map[string]context.Context) map[string]context.Context
- type DockerHandler
- type DockerVersion
- type K8sHandler
- func (kh *K8sHandler) CheckCustomResourceDefinition(resourceName string) bool
- func (kh *K8sHandler) DoRequest(cmd string, data interface{}, path string) ([]byte, error)
- func (kh *K8sHandler) GetDeploymentNameControllingReplicaSet(namespaceName, replicaSetName string) string
- func (kh *K8sHandler) InitInclusterAPIClient() bool
- func (kh *K8sHandler) InitK8sClient() bool
- func (kh *K8sHandler) InitLocalAPIClient() bool
- func (kh *K8sHandler) PatchDeploymentWithAppArmorAnnotations(namespaceName, deploymentName string, appArmorAnnotations map[string]string) error
- func (kh *K8sHandler) PatchDeploymentWithSELinuxOptions(namespace, deploymentName string, seLinuxContexts map[string]string) error
- func (kh *K8sHandler) WatchK8sAuditPolicies() *http.Response
- func (kh *K8sHandler) WatchK8sHostSecurityPolicies() *http.Response
- func (kh *K8sHandler) WatchK8sKubearmorMacro() *http.Response
- func (kh *K8sHandler) WatchK8sNodes() *http.Response
- func (kh *K8sHandler) WatchK8sPods() *http.Response
- func (kh *K8sHandler) WatchK8sSecurityPolicies() *http.Response
- type KubeArmorDaemon
- func (dm *KubeArmorDaemon) CloseEventAuditor() bool
- func (dm *KubeArmorDaemon) CloseLogger() bool
- func (dm *KubeArmorDaemon) CloseRuntimeEnforcer() bool
- func (dm *KubeArmorDaemon) CloseSystemMonitor() bool
- func (dm *KubeArmorDaemon) DestroyKubeArmorDaemon()
- func (dm *KubeArmorDaemon) GetAlreadyDeployedDockerContainers()
- func (dm *KubeArmorDaemon) GetAuditPolicies(identities []string) []tp.AuditPolicy
- func (dm *KubeArmorDaemon) GetSecurityPolicies(identities []string) []tp.SecurityPolicy
- func (dm *KubeArmorDaemon) InitEventAuditor() bool
- func (dm *KubeArmorDaemon) InitLogger() bool
- func (dm *KubeArmorDaemon) InitRuntimeEnforcer() bool
- func (dm *KubeArmorDaemon) InitSystemMonitor() bool
- func (dm *KubeArmorDaemon) MonitorContainerdEvents()
- func (dm *KubeArmorDaemon) MonitorDockerEvents()
- func (dm *KubeArmorDaemon) MonitorSystemEvents()
- func (dm *KubeArmorDaemon) ServeLogFeeds()
- func (dm *KubeArmorDaemon) UpdateAuditPolicies()
- func (dm *KubeArmorDaemon) UpdateContainerdContainer(ctx context.Context, containerID, action string) bool
- func (dm *KubeArmorDaemon) UpdateDockerContainer(containerID, action string)
- func (dm *KubeArmorDaemon) UpdateEndPointWithPod(action string, pod tp.K8sPod)
- func (dm *KubeArmorDaemon) UpdateHostSecurityPolicies()
- func (dm *KubeArmorDaemon) UpdateSecurityPolicy(action string, secPolicy tp.SecurityPolicy)
- func (dm *KubeArmorDaemon) WatchAuditPolicies()
- func (dm *KubeArmorDaemon) WatchHostSecurityPolicies()
- func (dm *KubeArmorDaemon) WatchK8sNodes()
- func (dm *KubeArmorDaemon) WatchK8sPods()
- func (dm *KubeArmorDaemon) WatchKubeArmorMacro()
- func (dm *KubeArmorDaemon) WatchSecurityPolicies()
Constants ¶
This section is empty.
Variables ¶
var StopChan chan struct{}
StopChan Channel
Functions ¶
Types ¶
type ContainerdHandler ¶
type ContainerdHandler struct {
// contains filtered or unexported fields
}
ContainerdHandler Structure
var Containerd *ContainerdHandler
Containerd Handler
func NewContainerdHandler ¶
func NewContainerdHandler() *ContainerdHandler
NewContainerdHandler Function
func (*ContainerdHandler) GetContainerInfo ¶
func (ch *ContainerdHandler) GetContainerInfo(ctx context.Context, containerID string) (tp.Container, error)
GetContainerInfo Function
func (*ContainerdHandler) GetContainerdContainers ¶
func (ch *ContainerdHandler) GetContainerdContainers() map[string]context.Context
GetContainerdContainers Function
func (*ContainerdHandler) GetDeletedContainerdContainers ¶
func (ch *ContainerdHandler) GetDeletedContainerdContainers(containers map[string]context.Context) map[string]context.Context
GetDeletedContainerdContainers Function
func (*ContainerdHandler) GetNewContainerdContainers ¶
func (ch *ContainerdHandler) GetNewContainerdContainers(containers map[string]context.Context) map[string]context.Context
GetNewContainerdContainers Function
type DockerHandler ¶
type DockerHandler struct { DockerClient *client.Client Version DockerVersion }
DockerHandler Structure
var Docker *DockerHandler
Docker Handler
func (*DockerHandler) GetContainerInfo ¶
func (dh *DockerHandler) GetContainerInfo(containerID string) (tp.Container, error)
GetContainerInfo Function
func (*DockerHandler) GetEventChannel ¶
func (dh *DockerHandler) GetEventChannel() <-chan events.Message
GetEventChannel Function
type DockerVersion ¶
type DockerVersion struct {
APIVersion string `json:"ApiVersion"`
}
DockerVersion Structure
type K8sHandler ¶
type K8sHandler struct { K8sClient *kubernetes.Clientset HTTPClient *http.Client WatchClient *http.Client K8sToken string K8sHost string K8sPort string }
K8sHandler Structure
var K8s *K8sHandler
K8s Handler
func (*K8sHandler) CheckCustomResourceDefinition ¶
func (kh *K8sHandler) CheckCustomResourceDefinition(resourceName string) bool
CheckCustomResourceDefinition Function
func (*K8sHandler) DoRequest ¶
func (kh *K8sHandler) DoRequest(cmd string, data interface{}, path string) ([]byte, error)
DoRequest Function
func (*K8sHandler) GetDeploymentNameControllingReplicaSet ¶
func (kh *K8sHandler) GetDeploymentNameControllingReplicaSet(namespaceName, replicaSetName string) string
GetDeploymentNameControllingReplicaSet Function
func (*K8sHandler) InitInclusterAPIClient ¶
func (kh *K8sHandler) InitInclusterAPIClient() bool
InitInclusterAPIClient Function
func (*K8sHandler) InitK8sClient ¶
func (kh *K8sHandler) InitK8sClient() bool
InitK8sClient Function
func (*K8sHandler) InitLocalAPIClient ¶
func (kh *K8sHandler) InitLocalAPIClient() bool
InitLocalAPIClient Function
func (*K8sHandler) PatchDeploymentWithAppArmorAnnotations ¶
func (kh *K8sHandler) PatchDeploymentWithAppArmorAnnotations(namespaceName, deploymentName string, appArmorAnnotations map[string]string) error
PatchDeploymentWithAppArmorAnnotations Function
func (*K8sHandler) PatchDeploymentWithSELinuxOptions ¶
func (kh *K8sHandler) PatchDeploymentWithSELinuxOptions(namespace, deploymentName string, seLinuxContexts map[string]string) error
PatchDeploymentWithSELinuxOptions Function
func (*K8sHandler) WatchK8sAuditPolicies ¶
func (kh *K8sHandler) WatchK8sAuditPolicies() *http.Response
WatchK8sAuditPolicies Function
func (*K8sHandler) WatchK8sHostSecurityPolicies ¶
func (kh *K8sHandler) WatchK8sHostSecurityPolicies() *http.Response
WatchK8sHostSecurityPolicies Function
func (*K8sHandler) WatchK8sKubearmorMacro ¶
func (kh *K8sHandler) WatchK8sKubearmorMacro() *http.Response
WatchK8sKubearmorMacro Function
func (*K8sHandler) WatchK8sNodes ¶
func (kh *K8sHandler) WatchK8sNodes() *http.Response
WatchK8sNodes Function
func (*K8sHandler) WatchK8sPods ¶
func (kh *K8sHandler) WatchK8sPods() *http.Response
WatchK8sPods Function
func (*K8sHandler) WatchK8sSecurityPolicies ¶
func (kh *K8sHandler) WatchK8sSecurityPolicies() *http.Response
WatchK8sSecurityPolicies Function
type KubeArmorDaemon ¶
type KubeArmorDaemon struct { // cluster ClusterName string // node Node tp.Node LogPath string LogFilter string // options EnableKubeArmorPolicy bool EnableKubeArmorHostPolicy bool EnableKubeArmorAuditPolicy bool // flag K8sEnabled bool // containers (from docker) Containers map[string]tp.Container ContainersLock *sync.RWMutex // K8s pods (from kubernetes) K8sPods []tp.K8sPod K8sPodsLock *sync.RWMutex // endpoints EndPoints []tp.EndPoint EndPointsLock *sync.RWMutex // Security policies SecurityPolicies []tp.SecurityPolicy SecurityPoliciesLock *sync.RWMutex // Host Security policies HostSecurityPolicies []tp.HostSecurityPolicy HostSecurityPoliciesLock *sync.RWMutex // K8s Audit policies K8sAuditPolicies []tp.K8sKubeArmorAuditPolicy K8sAuditPoliciesLock *sync.RWMutex // Audit policies AuditPolicies map[string]tp.AuditPolicy AuditPoliciesLock *sync.RWMutex // Macros K8sMacros []tp.K8sKubeArmorMacro K8sMacrosLock *sync.RWMutex // container id -> (host) pid ActivePidMap map[string]tp.PidMap ActiveHostPidMap map[string]tp.PidMap ActivePidMapLock *sync.RWMutex // host pid ActiveHostMap map[uint32]tp.PidMap ActiveHostMapLock *sync.RWMutex // logger Logger *fd.Feeder // system monitor SystemMonitor *mon.SystemMonitor // runtime enforcer RuntimeEnforcer *efc.RuntimeEnforcer // event auditor EventAuditor *edt.EventAuditor // WgDaemon Handler WgDaemon sync.WaitGroup // contains filtered or unexported fields }
KubeArmorDaemon Structure
func NewKubeArmorDaemon ¶
func NewKubeArmorDaemon(clusterName, gRPCPort, logPath string, enableKubeArmorPolicy, enableKubeArmorHostPolicy, enableKubeArmorAuditPolicy bool) *KubeArmorDaemon
NewKubeArmorDaemon Function
func (*KubeArmorDaemon) CloseEventAuditor ¶
func (dm *KubeArmorDaemon) CloseEventAuditor() bool
CloseEventAuditor Function
func (*KubeArmorDaemon) CloseLogger ¶
func (dm *KubeArmorDaemon) CloseLogger() bool
CloseLogger Function
func (*KubeArmorDaemon) CloseRuntimeEnforcer ¶
func (dm *KubeArmorDaemon) CloseRuntimeEnforcer() bool
CloseRuntimeEnforcer Function
func (*KubeArmorDaemon) CloseSystemMonitor ¶
func (dm *KubeArmorDaemon) CloseSystemMonitor() bool
CloseSystemMonitor Function
func (*KubeArmorDaemon) DestroyKubeArmorDaemon ¶
func (dm *KubeArmorDaemon) DestroyKubeArmorDaemon()
DestroyKubeArmorDaemon Function
func (*KubeArmorDaemon) GetAlreadyDeployedDockerContainers ¶
func (dm *KubeArmorDaemon) GetAlreadyDeployedDockerContainers()
GetAlreadyDeployedDockerContainers Function
func (*KubeArmorDaemon) GetAuditPolicies ¶
func (dm *KubeArmorDaemon) GetAuditPolicies(identities []string) []tp.AuditPolicy
GetAuditPolicies Function
func (*KubeArmorDaemon) GetSecurityPolicies ¶
func (dm *KubeArmorDaemon) GetSecurityPolicies(identities []string) []tp.SecurityPolicy
GetSecurityPolicies Function
func (*KubeArmorDaemon) InitEventAuditor ¶
func (dm *KubeArmorDaemon) InitEventAuditor() bool
InitEventAuditor Function
func (*KubeArmorDaemon) InitLogger ¶
func (dm *KubeArmorDaemon) InitLogger() bool
InitLogger Function
func (*KubeArmorDaemon) InitRuntimeEnforcer ¶
func (dm *KubeArmorDaemon) InitRuntimeEnforcer() bool
InitRuntimeEnforcer Function
func (*KubeArmorDaemon) InitSystemMonitor ¶
func (dm *KubeArmorDaemon) InitSystemMonitor() bool
InitSystemMonitor Function
func (*KubeArmorDaemon) MonitorContainerdEvents ¶
func (dm *KubeArmorDaemon) MonitorContainerdEvents()
MonitorContainerdEvents Function
func (*KubeArmorDaemon) MonitorDockerEvents ¶
func (dm *KubeArmorDaemon) MonitorDockerEvents()
MonitorDockerEvents Function
func (*KubeArmorDaemon) MonitorSystemEvents ¶
func (dm *KubeArmorDaemon) MonitorSystemEvents()
MonitorSystemEvents Function
func (*KubeArmorDaemon) ServeLogFeeds ¶
func (dm *KubeArmorDaemon) ServeLogFeeds()
ServeLogFeeds Function
func (*KubeArmorDaemon) UpdateAuditPolicies ¶
func (dm *KubeArmorDaemon) UpdateAuditPolicies()
UpdateAuditPolicies Function
func (*KubeArmorDaemon) UpdateContainerdContainer ¶
func (dm *KubeArmorDaemon) UpdateContainerdContainer(ctx context.Context, containerID, action string) bool
UpdateContainerdContainer Function
func (*KubeArmorDaemon) UpdateDockerContainer ¶
func (dm *KubeArmorDaemon) UpdateDockerContainer(containerID, action string)
UpdateDockerContainer Function
func (*KubeArmorDaemon) UpdateEndPointWithPod ¶
func (dm *KubeArmorDaemon) UpdateEndPointWithPod(action string, pod tp.K8sPod)
UpdateEndPointWithPod Function
func (*KubeArmorDaemon) UpdateHostSecurityPolicies ¶
func (dm *KubeArmorDaemon) UpdateHostSecurityPolicies()
UpdateHostSecurityPolicies Function
func (*KubeArmorDaemon) UpdateSecurityPolicy ¶
func (dm *KubeArmorDaemon) UpdateSecurityPolicy(action string, secPolicy tp.SecurityPolicy)
UpdateSecurityPolicy Function
func (*KubeArmorDaemon) WatchAuditPolicies ¶
func (dm *KubeArmorDaemon) WatchAuditPolicies()
WatchAuditPolicies Function
func (*KubeArmorDaemon) WatchHostSecurityPolicies ¶
func (dm *KubeArmorDaemon) WatchHostSecurityPolicies()
WatchHostSecurityPolicies Function
func (*KubeArmorDaemon) WatchK8sNodes ¶
func (dm *KubeArmorDaemon) WatchK8sNodes()
WatchK8sNodes Function
func (*KubeArmorDaemon) WatchK8sPods ¶
func (dm *KubeArmorDaemon) WatchK8sPods()
WatchK8sPods Function
func (*KubeArmorDaemon) WatchKubeArmorMacro ¶
func (dm *KubeArmorDaemon) WatchKubeArmorMacro()
WatchKubeArmorMacro Function
func (*KubeArmorDaemon) WatchSecurityPolicies ¶
func (dm *KubeArmorDaemon) WatchSecurityPolicies()
WatchSecurityPolicies Function