continuousscanning

package
v0.2.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

package continuousscanning provides utilities that help the Operator watch for changes in the cluster it operates in

Resource Kinds that the Operator is interested in

The non-namespaced kinds the Operator is interested in are:

  • */*/ClusterRole
  • */*/ClusterRoleBinding
  • rbac.authorization.k8s.io/v1/ClusterRole
  • rbac.authorization.k8s.io/v1/ClusterRoleBinding
  • /v1/Namespace
  • */*/Namespace
  • /v1/Node
  • admissionregistration.k8s.io/*/MutatingWebhookConfiguration
  • admissionregistration.k8s.io/*/ValidatingWebhookConfiguration
  • apiregistration.k8s.io/v1/APIService
  • policy/*/PodSecurityPolicy

The Namespaced kinds the Operator is interested in are:

  • */*/ConfigMap
  • */*/CronJob
  • */*/DaemonSet
  • */*/Deployment
  • */*/Job
  • */*/Pod
  • */*/ReplicaSet
  • */*/Role
  • */*/RoleBinding
  • */*/ServiceAccount
  • */*/StatefulSet
  • /v1/Pod
  • /v1/Service
  • /v1/ServiceAccount
  • apps/v1/DaemonSet
  • apps/v1/Deployment
  • apps/v1/ReplicaSet
  • apps/v1/StatefulSet
  • batch/*/CronJob
  • batch/*/Job
  • networking.k8s.io/v1/Ingress
  • networking.k8s.io/v1/NetworkPolicy
  • rbac.authorization.k8s.io/v1/Role
  • rbac.authorization.k8s.io/v1/RoleBinding

Index

Constants

View Source 
const (
	// Default size for the cooldown queue
	DefaultQueueSize = 512
	// Default TTL for events put in the queue
	DefaultTTL = 5 * time.Second
)

Variables

View Source 
var (
	ErrUnexpectedGVRString = errors.New("unexpected Group Version Resource string")
)

Functions

func NewCooldownQueue 

func NewCooldownQueue(size int, cooldown time.Duration) *cooldownQueue

NewCooldownQueue returns a new Cooldown Queue

func NewDynamicWatch 

func NewDynamicWatch(ctx context.Context, client dynamic.Interface, gvr schema.GroupVersionResource, opts metav1.ListOptions) (watch.Interface, error)

func NewFileFetcher 

func NewFileFetcher(r io.Reader) *fileFetcher

NewFileFetcher returns a new file-based rule matches fetcher

func NewTargetLoader 

func NewTargetLoader(f MatchingRuleFetcher) *targetLoader

NewTargetLoader returns a new Target Loader

Types

type APIResourceMatch 

type APIResourceMatch struct {
	Groups    []string `json:"apiGroups"`
	Versions  []string `json:"apiVersions"`
	Resources []string `json:"resources"`
}

APIResourceMatch is a definition of a matching rule for API Resources

It defines a rule on how to generate GVRs from it. The rule definition captures ANY of the mentioned Groups, Versions and Resources

type ContinuousScanningService 

type ContinuousScanningService struct {
	// contains filtered or unexported fields
}

func NewContinuousScanningService 

func NewContinuousScanningService(client dynamic.Interface, tl TargetLoader, queueSize int, sameEventCooldown time.Duration, h ...EventHandler) *ContinuousScanningService

func (*ContinuousScanningService) AddEventHandler 

func (s *ContinuousScanningService) AddEventHandler(fn EventHandler)

func (*ContinuousScanningService) Launch 

func (s *ContinuousScanningService) Launch(ctx context.Context) <-chan armoapi.Command

Launch launches the service.

It sets up the provided watches, listens for events they deliver in the background and dispatches them to registered event handlers. Launch blocks until all the underlying watches are ready to accept events.

func (*ContinuousScanningService) Stop 

func (s *ContinuousScanningService) Stop()

type EventHandler 

type EventHandler interface {
	Handle(ctx context.Context, e watch.Event) error
}

func NewDeletedCleanerHandler 

func NewDeletedCleanerHandler(wp *ants.PoolWithFunc, clusterConfig config.IConfig, storageClient kssc.Interface) EventHandler

func NewTriggeringHandler 

func NewTriggeringHandler(wp *ants.PoolWithFunc, clusterConfig config.IConfig) EventHandler

type MatchingRuleFetcher 

type MatchingRuleFetcher interface {
	Fetch(ctx context.Context) (*MatchingRules, error)
}

MatchingRuleFetcher fetches Matching Rules from somewhere

type MatchingRules 

type MatchingRules struct {
	APIResources []APIResourceMatch `json:"match"`
	Namespaces   []string           `json:"namespaces"`
}

MatchingRules is a definition of resource matching rules

type SelfHealingWatch 

type SelfHealingWatch struct {
	// contains filtered or unexported fields
}

func NewSelfHealingWatch 

func NewSelfHealingWatch(client dynamic.Interface, gvr schema.GroupVersionResource, opts metav1.ListOptions) *SelfHealingWatch

func (*SelfHealingWatch) Run 

func (w *SelfHealingWatch) Run(ctx context.Context, readyWg *sync.WaitGroup, out chan<- watch.Event) error

func (*SelfHealingWatch) RunUntilWatchCloses 

func (w *SelfHealingWatch) RunUntilWatchCloses(ctx context.Context, out chan<- watch.Event) error

type TargetLoader 

type TargetLoader interface {
	LoadGVRs(ctx context.Context) []schema.GroupVersionResource
}

type WatchPool 

type WatchPool struct {
	// contains filtered or unexported fields
}

func NewWatchPool 

func NewWatchPool(ctx context.Context, client dynamic.Interface, gvrs []schema.GroupVersionResource, opts metav1.ListOptions) (*WatchPool, error)

func (*WatchPool) Run 

func (wp *WatchPool) Run(ctx context.Context, out chan<- watch.Event)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.