deployments

package

v0.0.0-...-d0f8a80 Latest Latest Go to latest Published: Apr 27, 2024 License: Apache-2.0 Imports: 9 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubearmor/KubeArmor

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GenerateDaemonSet(env, namespace string) *appsv1.DaemonSet
func GetClusterRole() *rbacv1.ClusterRole
func GetClusterRoleBinding(namespace string) *rbacv1.ClusterRoleBinding
func GetKubeArmorControllerClusterRole() *rbacv1.ClusterRole
func GetKubeArmorControllerClusterRoleBinding(namespace string) *rbacv1.ClusterRoleBinding
func GetKubeArmorControllerDeployment(namespace string) *appsv1.Deployment
func GetKubeArmorControllerLeaderElectionRole(namespace string) *rbacv1.Role
func GetKubeArmorControllerLeaderElectionRoleBinding(namespace string) *rbacv1.RoleBinding
func GetKubeArmorControllerMetricsReaderRole() *rbacv1.ClusterRole
func GetKubeArmorControllerMetricsReaderRoleBinding(namespace string) *rbacv1.ClusterRoleBinding
func GetKubeArmorControllerMetricsService(namespace string) *corev1.Service
func GetKubeArmorControllerMutationAdmissionConfiguration(namespace string, caCert []byte) *admissionregistrationv1.MutatingWebhookConfiguration
func GetKubeArmorControllerProxyRole() *rbacv1.ClusterRole
func GetKubeArmorControllerProxyRoleBinding(namespace string) *rbacv1.ClusterRoleBinding
func GetKubeArmorControllerServiceAccount(namespace string) *corev1.ServiceAccount
func GetKubeArmorControllerTLSSecret(namespace string, caCert string, tlsCrt string, tlsKey string) *corev1.Secret
func GetKubeArmorControllerWebhookService(namespace string) *corev1.Service
func GetKubearmorConfigMap(namespace, name string) *corev1.ConfigMap
func GetRelayClusterRole() *rbacv1.ClusterRole
func GetRelayClusterRoleBinding(namespace string) *rbacv1.ClusterRoleBinding
func GetRelayDeployment(namespace string) *appsv1.Deployment
func GetRelayService(namespace string) *corev1.Service
func GetRelayServiceAccount(namespace string) *corev1.ServiceAccount
func GetServiceAccount(namespace string) *corev1.ServiceAccount
type DaemonSetConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	KubeArmorServiceAccountName                      = kubearmor
	KubeArmorClusterRoleBindingName                  = "kubearmor-clusterrolebinding"
	KubeArmorClusterRoleName                         = "kubearmor-clusterrole"
	RelayServiceName                                 = kubearmor
	RelayServiceAccountName                          = "kubearmor-relay"
	RelayClusterRoleName                             = "kubearmor-relay-clusterrole"
	RelayClusterRoleBindingName                      = "kubearmor-relay-clusterrolebinding"
	RelayDeploymentName                              = "kubearmor-relay"
	KubeArmorConfigMapName                           = "kubearmor-config"
	KubeArmorControllerDeploymentName                = "kubearmor-controller"
	KubeArmorControllerServiceAccountName            = KubeArmorControllerDeploymentName
	KubeArmorControllerClusterRoleName               = "kubearmor-controller-clusterrole"
	KubeArmorControllerClusterRoleBindingName        = "kubearmor-controller-clusterrolebinding"
	KubeArmorControllerLeaderElectionRoleName        = "kubearmor-controller-leader-election-role"
	KubeArmorControllerLeaderElectionRoleBindingName = "kubearmor-controller-leader-election-rolebinding"
	KubeArmorControllerProxyRoleName                 = "kubearmor-controller-proxy-role"
	KubeArmorControllerProxyRoleBindingName          = "kubearmor-controller-proxy-rolebinding"
	KubeArmorControllerMetricsReaderRoleName         = "kubearmor-controller-metrics-reader-role"
	KubeArmorControllerMetricsReaderRoleBindingName  = "kubearmor-controller-metrics-reader-rolebinding"
	KubeArmorControllerMetricsServiceName            = "kubearmor-controller-metrics-service"
	KubeArmorControllerWebhookServiceName            = "kubearmor-controller-webhook-service"
	KubeArmorControllerSecretName                    = "kubearmor-controller-webhook-server-cert"
	KubeArmorControllerMutatingWebhookConfiguration  = "kubearmor-controller-mutating-webhook-configuration"
)

K8s Object Name Defaults

View Source

var KubeArmorControllerAllowPrivilegeEscalation = false

View Source

var KubeArmorControllerCertVolume = corev1.Volume{
	Name: "cert",
	VolumeSource: corev1.VolumeSource{
		Secret: &corev1.SecretVolumeSource{
			SecretName:  KubeArmorControllerSecretName,
			DefaultMode: &KubeArmorControllerCertVolumeDefaultMode,
		},
	},
}

View Source

var KubeArmorControllerCertVolumeDefaultMode = int32(420)

View Source

var KubeArmorControllerHostPathVolume = corev1.Volume{
	Name: "sys-path",
	VolumeSource: corev1.VolumeSource{
		HostPath: &corev1.HostPathVolumeSource{
			Path: "/sys/kernel/security",
			Type: &hostPathDirectory,
		},
	},
}

View Source

var KubeArmorControllerLabels = map[string]string{
	"kubearmor-app": "kubearmor-controller",
}

View Source

var KubeArmorControllerMutationFullName = "annotation.kubearmor.com"

View Source

var KubeArmorControllerMutationSideEffect = admissionregistrationv1.SideEffectClassNoneOnDryRun

View Source

var KubeArmorControllerPodMutationFailurePolicy = admissionregistrationv1.Ignore

View Source

var KubeArmorControllerPodMutationPath = "/mutate-pods"

Functions ¶

func GenerateDaemonSet ¶

func GenerateDaemonSet(env, namespace string) *appsv1.DaemonSet

GenerateDaemonSet Function

func GetClusterRole ¶

func GetClusterRole() *rbacv1.ClusterRole

GetClusterRole Function

func GetClusterRoleBinding ¶

func GetClusterRoleBinding(namespace string) *rbacv1.ClusterRoleBinding

GetClusterRoleBinding Function

func GetKubeArmorControllerClusterRole ¶

func GetKubeArmorControllerClusterRole() *rbacv1.ClusterRole

GetKubeArmorControllerClusterRole Function

func GetKubeArmorControllerClusterRoleBinding ¶

func GetKubeArmorControllerClusterRoleBinding(namespace string) *rbacv1.ClusterRoleBinding

GetKubeArmorControllerClusterRoleBinding Function

func GetKubeArmorControllerDeployment ¶

func GetKubeArmorControllerDeployment(namespace string) *appsv1.Deployment

GetKubeArmorControllerDeployment Function

func GetKubeArmorControllerLeaderElectionRole ¶

func GetKubeArmorControllerLeaderElectionRole(namespace string) *rbacv1.Role

GetKubeArmorControllerLeaderElectionRole Function

func GetKubeArmorControllerLeaderElectionRoleBinding ¶

func GetKubeArmorControllerLeaderElectionRoleBinding(namespace string) *rbacv1.RoleBinding

GetKubeArmorControllerLeaderElectionRoleBinding Function

func GetKubeArmorControllerMetricsReaderRole ¶

func GetKubeArmorControllerMetricsReaderRole() *rbacv1.ClusterRole

GetKubeArmorControllerMetricsReaderRole Function

func GetKubeArmorControllerMetricsReaderRoleBinding ¶

func GetKubeArmorControllerMetricsReaderRoleBinding(namespace string) *rbacv1.ClusterRoleBinding

GetKubeArmorControllerMetricsReaderRoleBinding Function

func GetKubeArmorControllerMetricsService ¶

func GetKubeArmorControllerMetricsService(namespace string) *corev1.Service

GetKubeArmorControllerService Function

func GetKubeArmorControllerMutationAdmissionConfiguration ¶

func GetKubeArmorControllerMutationAdmissionConfiguration(namespace string, caCert []byte) *admissionregistrationv1.MutatingWebhookConfiguration

GetKubeArmorControllerMutationAdmissionConfiguration Function

func GetKubeArmorControllerProxyRole ¶

func GetKubeArmorControllerProxyRole() *rbacv1.ClusterRole

GetKubeArmorControllerProxyRole Function

func GetKubeArmorControllerProxyRoleBinding ¶

func GetKubeArmorControllerProxyRoleBinding(namespace string) *rbacv1.ClusterRoleBinding

GetKubeArmorControllerProxyRoleBinding Function

func GetKubeArmorControllerServiceAccount ¶

func GetKubeArmorControllerServiceAccount(namespace string) *corev1.ServiceAccount

GetKubeArmorControllerServiceAccount Function

func GetKubeArmorControllerTLSSecret ¶

func GetKubeArmorControllerTLSSecret(namespace string, caCert string, tlsCrt string, tlsKey string) *corev1.Secret

GetKubeArmorControllerTLSSecret Functionn

func GetKubeArmorControllerWebhookService ¶

func GetKubeArmorControllerWebhookService(namespace string) *corev1.Service

GetKubeArmorControllerWebhookService Function

func GetKubearmorConfigMap ¶

func GetKubearmorConfigMap(namespace, name string) *corev1.ConfigMap

func GetRelayClusterRole ¶

func GetRelayClusterRole() *rbacv1.ClusterRole

GetRelayClusterRole Function

func GetRelayClusterRoleBinding ¶

func GetRelayClusterRoleBinding(namespace string) *rbacv1.ClusterRoleBinding

GetRelayClusterRoleBinding Function

func GetRelayDeployment ¶

func GetRelayDeployment(namespace string) *appsv1.Deployment

GetRelayDeployment Function

func GetRelayService ¶

func GetRelayService(namespace string) *corev1.Service

GetRelayService Function

func GetRelayServiceAccount ¶

func GetRelayServiceAccount(namespace string) *corev1.ServiceAccount

GetRelayServiceAccount Function

func GetServiceAccount ¶

func GetServiceAccount(namespace string) *corev1.ServiceAccount

GetServiceAccount Function

Types ¶

type DaemonSetConfig ¶

type DaemonSetConfig struct {
	Args         []string
	Envs         []corev1.EnvVar
	VolumeMounts []corev1.VolumeMount
	Volumes      []corev1.Volume
}

DaemonSetConfig Structure

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL