Documentation ¶
Index ¶
- func ContainsVariablesOtherThanObject(policy kyverno.ClusterPolicy) error
- func ConvertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy
- func ExcludePod(resourceMap map[string]unstructured.Unstructured, log logr.Logger) map[string]unstructured.Unstructured
- func ExcludeResources(included map[string]unstructured.Unstructured, ...)
- func GetAllNamespaces(nslister listerv1.NamespaceLister, log logr.Logger) []string
- func GetMatchingNamespaces(wildcards []string, nslister listerv1.NamespaceLister, log logr.Logger) []string
- func GetNamespacesForRule(rule *kyverno.Rule, nslister listerv1.NamespaceLister, log logr.Logger) []string
- func GetResourcesPerNamespace(kind string, client *client.Client, namespace string, rule kyverno.Rule, ...) map[string]unstructured.Unstructured
- func HasWildcard(s string) bool
- func MergeResources(a, b map[string]unstructured.Unstructured)
- func Validate(policyRaw []byte, client *dclient.Client, mock bool, ...) error
- type Condition
- type PolicyController
- type ResourceManager
- type Validation
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ContainsVariablesOtherThanObject ¶ added in v1.2.0
func ContainsVariablesOtherThanObject(policy kyverno.ClusterPolicy) error
ContainsVariablesOtherThanObject returns error if variable that does not start from request.object
func ConvertPolicyToClusterPolicy ¶ added in v1.3.0
func ConvertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy
ConvertPolicyToClusterPolicy - convert Policy to ClusterPolicy
func ExcludePod ¶ added in v1.3.0
func ExcludePod(resourceMap map[string]unstructured.Unstructured, log logr.Logger) map[string]unstructured.Unstructured
ExcludePod filters out the pods with ownerReference
func ExcludeResources ¶
func ExcludeResources(included map[string]unstructured.Unstructured, exclude kyverno.ResourceDescription, configHandler config.Interface, log logr.Logger)
ExcludeResources ...
func GetAllNamespaces ¶ added in v1.3.0
func GetAllNamespaces(nslister listerv1.NamespaceLister, log logr.Logger) []string
GetAllNamespaces gets all namespaces in the cluster
func GetMatchingNamespaces ¶ added in v1.3.0
func GetMatchingNamespaces(wildcards []string, nslister listerv1.NamespaceLister, log logr.Logger) []string
GetMatchingNamespaces ...
func GetNamespacesForRule ¶ added in v1.3.0
func GetNamespacesForRule(rule *kyverno.Rule, nslister listerv1.NamespaceLister, log logr.Logger) []string
GetNamespacesForRule gets the matched namespacse list for the given rule
func GetResourcesPerNamespace ¶
func GetResourcesPerNamespace(kind string, client *client.Client, namespace string, rule kyverno.Rule, configHandler config.Interface, log logr.Logger) map[string]unstructured.Unstructured
GetResourcesPerNamespace ...
func MergeResources ¶ added in v1.3.0
func MergeResources(a, b map[string]unstructured.Unstructured)
MergeResources merges b into a map
Types ¶
type PolicyController ¶
type PolicyController struct {
// contains filtered or unexported fields
}
PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations
func NewPolicyController ¶
func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.ClusterPolicyInformer, npInformer kyvernoinformer.PolicyInformer, grInformer kyvernoinformer.GenerateRequestInformer, configHandler config.Interface, eventGen event.Interface, prGenerator policyreport.GeneratorInterface, namespaces informers.NamespaceInformer, log logr.Logger, resCache resourcecache.ResourceCacheIface) (*PolicyController, error)
NewPolicyController create a new PolicyController
func (*PolicyController) Run ¶
func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})
Run begins watching and syncing.
type ResourceManager ¶
type ResourceManager struct {
// contains filtered or unexported fields
}
ResourceManager stores the details on already processed resources for caching
func NewResourceManager ¶
func NewResourceManager(rebuildTime int64) *ResourceManager
NewResourceManager returns a new ResourceManager
func (*ResourceManager) Drop ¶
func (rm *ResourceManager) Drop()
Drop drop the cache after every rebuild interval mins TODO: or drop based on the size
func (*ResourceManager) ProcessResource ¶
func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool
ProcessResource returns true if the policy was not applied on the resource
func (*ResourceManager) RegisterResource ¶
func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)
RegisterResource stores if the policy is processed on this resource version
type Validation ¶ added in v1.2.0
Validation provides methods to validate a rule