core

package

v0.0.0-...-c365bfc Latest Latest Go to latest Published: Oct 26, 2021 License: Apache-2.0 Imports: 41 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chae-yc/KubeArmor

Documentation ¶

Index ¶

Variables
func GetOSSigChannel() chan os.Signal
func KubeArmor(clusterName, gRPCPort, logPath string, ...)
type ContainerdHandler
- func NewContainerdHandler() *ContainerdHandler
type DockerHandler
- func NewDockerHandler() *DockerHandler
type DockerVersion
type K8sHandler
- func NewK8sHandler() *K8sHandler
type KubeArmorDaemon
- func NewKubeArmorDaemon(clusterName, gRPCPort, logPath string, ...) *KubeArmorDaemon

Constants ¶

This section is empty.

Variables ¶

View Source

var StopChan chan struct{}

StopChan Channel

Functions ¶

func GetOSSigChannel ¶

func GetOSSigChannel() chan os.Signal

GetOSSigChannel Function

func KubeArmor ¶

func KubeArmor(clusterName, gRPCPort, logPath string, enableKubeArmorPolicy, enableKubeArmorHostPolicy, enableKubeArmorAuditPolicy bool)

KubeArmor Function

Types ¶

type ContainerdHandler ¶

type ContainerdHandler struct {
	// contains filtered or unexported fields
}

ContainerdHandler Structure

var Containerd *ContainerdHandler

Containerd Handler

func NewContainerdHandler ¶

func NewContainerdHandler() *ContainerdHandler

NewContainerdHandler Function

func (*ContainerdHandler) Close ¶

func (ch *ContainerdHandler) Close()

Close Function

func (*ContainerdHandler) GetContainerInfo ¶

func (ch *ContainerdHandler) GetContainerInfo(ctx context.Context, containerID string) (tp.Container, error)

GetContainerInfo Function

func (*ContainerdHandler) GetContainerdContainers ¶

func (ch *ContainerdHandler) GetContainerdContainers() map[string]context.Context

GetContainerdContainers Function

func (*ContainerdHandler) GetDeletedContainerdContainers ¶

func (ch *ContainerdHandler) GetDeletedContainerdContainers(containers map[string]context.Context) map[string]context.Context

GetDeletedContainerdContainers Function

func (*ContainerdHandler) GetNewContainerdContainers ¶

func (ch *ContainerdHandler) GetNewContainerdContainers(containers map[string]context.Context) map[string]context.Context

GetNewContainerdContainers Function

type DockerHandler ¶

type DockerHandler struct {
	DockerClient *client.Client
	Version      DockerVersion
}

DockerHandler Structure

var Docker *DockerHandler

Docker Handler

func NewDockerHandler ¶

func NewDockerHandler() *DockerHandler

NewDockerHandler Function

func (*DockerHandler) Close ¶

func (dh *DockerHandler) Close()

Close Function

func (*DockerHandler) GetContainerInfo ¶

func (dh *DockerHandler) GetContainerInfo(containerID string) (tp.Container, error)

GetContainerInfo Function

func (*DockerHandler) GetEventChannel ¶

func (dh *DockerHandler) GetEventChannel() <-chan events.Message

GetEventChannel Function

type DockerVersion ¶

type DockerVersion struct {
	APIVersion string `json:"ApiVersion"`
}

DockerVersion Structure

type K8sHandler ¶

type K8sHandler struct {
	K8sClient   *kubernetes.Clientset
	HTTPClient  *http.Client
	WatchClient *http.Client

	K8sToken string
	K8sHost  string
	K8sPort  string
}

K8sHandler Structure

var K8s *K8sHandler

K8s Handler

func NewK8sHandler ¶

func NewK8sHandler() *K8sHandler

NewK8sHandler Function

func (*K8sHandler) CheckCustomResourceDefinition ¶

func (kh *K8sHandler) CheckCustomResourceDefinition(resourceName string) bool

CheckCustomResourceDefinition Function

func (*K8sHandler) DoRequest ¶

func (kh *K8sHandler) DoRequest(cmd string, data interface{}, path string) ([]byte, error)

DoRequest Function

func (*K8sHandler) GetDeploymentNameControllingReplicaSet ¶

func (kh *K8sHandler) GetDeploymentNameControllingReplicaSet(namespaceName, replicaSetName string) string

GetDeploymentNameControllingReplicaSet Function

func (*K8sHandler) InitInclusterAPIClient ¶

func (kh *K8sHandler) InitInclusterAPIClient() bool

InitInclusterAPIClient Function

func (*K8sHandler) InitK8sClient ¶

func (kh *K8sHandler) InitK8sClient() bool

InitK8sClient Function

func (*K8sHandler) InitLocalAPIClient ¶

func (kh *K8sHandler) InitLocalAPIClient() bool

InitLocalAPIClient Function

func (*K8sHandler) PatchDeploymentWithAppArmorAnnotations ¶

func (kh *K8sHandler) PatchDeploymentWithAppArmorAnnotations(namespaceName, deploymentName string, appArmorAnnotations map[string]string) error

PatchDeploymentWithAppArmorAnnotations Function

func (*K8sHandler) PatchDeploymentWithSELinuxOptions ¶

func (kh *K8sHandler) PatchDeploymentWithSELinuxOptions(namespace, deploymentName string, seLinuxContexts map[string]string) error

PatchDeploymentWithSELinuxOptions Function

func (*K8sHandler) WatchK8sAuditPolicies ¶

func (kh *K8sHandler) WatchK8sAuditPolicies() *http.Response

WatchK8sAuditPolicies Function

func (*K8sHandler) WatchK8sHostSecurityPolicies ¶

func (kh *K8sHandler) WatchK8sHostSecurityPolicies() *http.Response

WatchK8sHostSecurityPolicies Function

func (*K8sHandler) WatchK8sKubearmorMacro ¶

func (kh *K8sHandler) WatchK8sKubearmorMacro() *http.Response

WatchK8sKubearmorMacro Function

func (*K8sHandler) WatchK8sNodes ¶

func (kh *K8sHandler) WatchK8sNodes() *http.Response

WatchK8sNodes Function

func (*K8sHandler) WatchK8sPods ¶

func (kh *K8sHandler) WatchK8sPods() *http.Response

WatchK8sPods Function

func (*K8sHandler) WatchK8sSecurityPolicies ¶

func (kh *K8sHandler) WatchK8sSecurityPolicies() *http.Response

WatchK8sSecurityPolicies Function

type KubeArmorDaemon ¶

type KubeArmorDaemon struct {
	// cluster
	ClusterName string

	// node
	Node tp.Node

	LogPath   string
	LogFilter string

	// options
	EnableKubeArmorPolicy      bool
	EnableKubeArmorHostPolicy  bool
	EnableKubeArmorAuditPolicy bool

	// flag
	K8sEnabled bool

	// containers (from docker)
	Containers     map[string]tp.Container
	ContainersLock *sync.RWMutex

	// K8s pods (from kubernetes)
	K8sPods     []tp.K8sPod
	K8sPodsLock *sync.RWMutex

	// endpoints
	EndPoints     []tp.EndPoint
	EndPointsLock *sync.RWMutex

	// Security policies
	SecurityPolicies     []tp.SecurityPolicy
	SecurityPoliciesLock *sync.RWMutex

	// Host Security policies
	HostSecurityPolicies     []tp.HostSecurityPolicy
	HostSecurityPoliciesLock *sync.RWMutex

	// K8s Audit policies
	K8sAuditPolicies     []tp.K8sKubeArmorAuditPolicy
	K8sAuditPoliciesLock *sync.RWMutex

	// Audit policies
	AuditPolicies     map[string]tp.AuditPolicy
	AuditPoliciesLock *sync.RWMutex

	// Macros
	K8sMacros     []tp.K8sKubeArmorMacro
	K8sMacrosLock *sync.RWMutex

	// container id -> (host) pid
	ActivePidMap     map[string]tp.PidMap
	ActiveHostPidMap map[string]tp.PidMap
	ActivePidMapLock *sync.RWMutex

	// host pid
	ActiveHostMap     map[uint32]tp.PidMap
	ActiveHostMapLock *sync.RWMutex

	// logger
	Logger *fd.Feeder

	// system monitor
	SystemMonitor *mon.SystemMonitor

	// runtime enforcer
	RuntimeEnforcer *efc.RuntimeEnforcer

	// event auditor
	EventAuditor *edt.EventAuditor

	// WgDaemon Handler
	WgDaemon sync.WaitGroup
	// contains filtered or unexported fields
}

KubeArmorDaemon Structure

func NewKubeArmorDaemon ¶

func NewKubeArmorDaemon(clusterName, gRPCPort, logPath string, enableKubeArmorPolicy, enableKubeArmorHostPolicy, enableKubeArmorAuditPolicy bool) *KubeArmorDaemon

NewKubeArmorDaemon Function

func (*KubeArmorDaemon) CloseEventAuditor ¶

func (dm *KubeArmorDaemon) CloseEventAuditor() bool

CloseEventAuditor Function

func (*KubeArmorDaemon) CloseLogger ¶

func (dm *KubeArmorDaemon) CloseLogger() bool

CloseLogger Function

func (*KubeArmorDaemon) CloseRuntimeEnforcer ¶

func (dm *KubeArmorDaemon) CloseRuntimeEnforcer() bool

CloseRuntimeEnforcer Function

func (*KubeArmorDaemon) CloseSystemMonitor ¶

func (dm *KubeArmorDaemon) CloseSystemMonitor() bool

CloseSystemMonitor Function

func (*KubeArmorDaemon) DestroyKubeArmorDaemon ¶

func (dm *KubeArmorDaemon) DestroyKubeArmorDaemon()

DestroyKubeArmorDaemon Function

func (*KubeArmorDaemon) GetAlreadyDeployedDockerContainers ¶

func (dm *KubeArmorDaemon) GetAlreadyDeployedDockerContainers()

GetAlreadyDeployedDockerContainers Function

func (*KubeArmorDaemon) GetAuditPolicies ¶

func (dm *KubeArmorDaemon) GetAuditPolicies(identities []string) []tp.AuditPolicy

GetAuditPolicies Function

func (*KubeArmorDaemon) GetSecurityPolicies ¶

func (dm *KubeArmorDaemon) GetSecurityPolicies(identities []string) []tp.SecurityPolicy

GetSecurityPolicies Function

func (*KubeArmorDaemon) InitEventAuditor ¶

func (dm *KubeArmorDaemon) InitEventAuditor() bool

InitEventAuditor Function

func (*KubeArmorDaemon) InitLogger ¶

func (dm *KubeArmorDaemon) InitLogger() bool

InitLogger Function

func (*KubeArmorDaemon) InitRuntimeEnforcer ¶

func (dm *KubeArmorDaemon) InitRuntimeEnforcer() bool

InitRuntimeEnforcer Function

func (*KubeArmorDaemon) InitSystemMonitor ¶

func (dm *KubeArmorDaemon) InitSystemMonitor() bool

InitSystemMonitor Function

func (*KubeArmorDaemon) MonitorContainerdEvents ¶

func (dm *KubeArmorDaemon) MonitorContainerdEvents()

MonitorContainerdEvents Function

func (*KubeArmorDaemon) MonitorDockerEvents ¶

func (dm *KubeArmorDaemon) MonitorDockerEvents()

MonitorDockerEvents Function

func (*KubeArmorDaemon) MonitorSystemEvents ¶

func (dm *KubeArmorDaemon) MonitorSystemEvents()

MonitorSystemEvents Function

func (*KubeArmorDaemon) ServeLogFeeds ¶

func (dm *KubeArmorDaemon) ServeLogFeeds()

ServeLogFeeds Function

func (*KubeArmorDaemon) UpdateAuditPolicies ¶

func (dm *KubeArmorDaemon) UpdateAuditPolicies()

UpdateAuditPolicies Function

func (*KubeArmorDaemon) UpdateContainerdContainer ¶

func (dm *KubeArmorDaemon) UpdateContainerdContainer(ctx context.Context, containerID, action string) bool

UpdateContainerdContainer Function

func (*KubeArmorDaemon) UpdateDockerContainer ¶

func (dm *KubeArmorDaemon) UpdateDockerContainer(containerID, action string)

UpdateDockerContainer Function

func (*KubeArmorDaemon) UpdateEndPointWithPod ¶

func (dm *KubeArmorDaemon) UpdateEndPointWithPod(action string, pod tp.K8sPod)

UpdateEndPointWithPod Function

func (*KubeArmorDaemon) UpdateHostSecurityPolicies ¶

func (dm *KubeArmorDaemon) UpdateHostSecurityPolicies()

UpdateHostSecurityPolicies Function

func (*KubeArmorDaemon) UpdateSecurityPolicy ¶

func (dm *KubeArmorDaemon) UpdateSecurityPolicy(action string, secPolicy tp.SecurityPolicy)

UpdateSecurityPolicy Function

func (*KubeArmorDaemon) WatchAuditPolicies ¶

func (dm *KubeArmorDaemon) WatchAuditPolicies()

WatchAuditPolicies Function

func (*KubeArmorDaemon) WatchHostSecurityPolicies ¶

func (dm *KubeArmorDaemon) WatchHostSecurityPolicies()

WatchHostSecurityPolicies Function

func (*KubeArmorDaemon) WatchK8sNodes ¶

func (dm *KubeArmorDaemon) WatchK8sNodes()

WatchK8sNodes Function

func (*KubeArmorDaemon) WatchK8sPods ¶

func (dm *KubeArmorDaemon) WatchK8sPods()

WatchK8sPods Function

func (*KubeArmorDaemon) WatchKubeArmorMacro ¶

func (dm *KubeArmorDaemon) WatchKubeArmorMacro()

WatchKubeArmorMacro Function

func (*KubeArmorDaemon) WatchSecurityPolicies ¶

func (dm *KubeArmorDaemon) WatchSecurityPolicies()

WatchSecurityPolicies Function

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL