config

package
v1.14.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2025 License: Apache-2.0 Imports: 27 Imported by: 7

Documentation

Index

Constants

View Source 
const (
	// PolicyValidatingWebhookConfigurationName default policy validating webhook configuration name
	PolicyValidatingWebhookConfigurationName = "kyverno-policy-validating-webhook-cfg"
	// ValidatingWebhookConfigurationName ...
	ValidatingWebhookConfigurationName = "kyverno-resource-validating-webhook-cfg"
	// ExceptionValidatingWebhookConfigurationName ...
	ExceptionValidatingWebhookConfigurationName = "kyverno-exception-validating-webhook-cfg"
	// CELExceptionValidatingWebhookConfigurationName ...
	CELExceptionValidatingWebhookConfigurationName = "kyverno-cel-exception-validating-webhook-cfg"
	// GlobalContextValidatingWebhookConfigurationName ...
	GlobalContextValidatingWebhookConfigurationName = "kyverno-global-context-validating-webhook-cfg"
	// CleanupValidatingWebhookConfigurationName ...
	CleanupValidatingWebhookConfigurationName = "kyverno-cleanup-validating-webhook-cfg"
	// PolicyMutatingWebhookConfigurationName default policy mutating webhook configuration name
	PolicyMutatingWebhookConfigurationName = "kyverno-policy-mutating-webhook-cfg"
	// MutatingWebhookConfigurationName default resource mutating webhook configuration name
	MutatingWebhookConfigurationName = "kyverno-resource-mutating-webhook-cfg"
	// VerifyMutatingWebhookConfigurationName default verify mutating webhook configuration name
	VerifyMutatingWebhookConfigurationName = "kyverno-verify-mutating-webhook-cfg"
	// TtlValidatingWebhookConfigurationName ttl label validating webhook configuration name
	TtlValidatingWebhookConfigurationName = "kyverno-ttl-validating-webhook-cfg"
)

webhook configuration names

View Source 
const (
	// PolicyValidatingWebhookName default policy validating webhook name
	PolicyValidatingWebhookName = "validate-policy.kyverno.svc"
	// ValidatingWebhookName ...
	ValidatingWebhookName = "validate.kyverno.svc"
	// PolicyMutatingWebhookName default policy mutating webhook name
	PolicyMutatingWebhookName = "mutate-policy.kyverno.svc"
	// MutatingWebhookName default resource mutating webhook name
	MutatingWebhookName = "mutate.kyverno.svc"
	// VerifyMutatingWebhookName default verify mutating webhook name
	VerifyMutatingWebhookName = "monitor-webhooks.kyverno.svc"
	// ValidatingPolicyWebhookName defines default webhook name for validatingpolicies
	ValidatingPolicyWebhookName = "vpol.validate.kyverno.svc"
	// ImageValidatingPolicyWebhookName defines default validating webhook name for imagevalidatingpolicies
	ImageValidatingPolicyValidateWebhookName = "ivpol.validate.kyverno.svc"
	// ImageValidatingPolicyWebhookName defines default mutating webhook name for imagevalidatingpolicies
	ImageValidatingPolicyMutateWebhookName = "ivpol.mutate.kyverno.svc"
)

webhook names

View Source 
const (
	// PolicyValidatingWebhookServicePath is the path for policy validation webhook(used to validate policy resource)
	PolicyValidatingWebhookServicePath = "/policyvalidate"
	// ValidatingWebhookServicePath is the path for validation webhook
	ValidatingWebhookServicePath = "/validate"
	// PolicyServicePath is the prefix path for policies execution
	PolicyServicePath = "/policies"
	// ValidatingPolicyServicePath is the sub path for validatingpolicies execution
	ValidatingPolicyServicePath = "/vpol"
	// ImageValidatingPolicyServicePath is the sub path for imageverificationpolicies execution
	ImageValidatingPolicyServicePath = "/ivpol"
	// ExceptionValidatingWebhookServicePath is the path for policy exception validation webhook(used to validate policy exception resource)
	ExceptionValidatingWebhookServicePath = "/exceptionvalidate"
	// CELExceptionValidatingWebhookServicePath is the path for CEL PolicyException validation webhook(used to validate CEL PolicyException resource)
	CELExceptionValidatingWebhookServicePath = "/celexception/validate"
	// GlobalContextValidatingWebhookServicePath is the path for global context validation webhook(used to validate global context entries)
	GlobalContextValidatingWebhookServicePath = "/globalcontextvalidate"
	// CleanupValidatingWebhookServicePath is the path for cleanup policy validation webhook(used to validate cleanup policy resource)
	CleanupValidatingWebhookServicePath = "/validate"
	// TtlValidatingWebhookServicePath is the path for validation of cleanup.kyverno.io/ttl label value
	TtlValidatingWebhookServicePath = "/verifyttl"
	// PolicyMutatingWebhookServicePath is the path for policy mutation webhook(used to default)
	PolicyMutatingWebhookServicePath = "/policymutate"
	// MutatingWebhookServicePath is the path for mutation webhook
	MutatingWebhookServicePath = "/mutate"
	// VerifyMutatingWebhookServicePath is the path for verify webhook(used to veryfing if admission control is enabled and active)
	VerifyMutatingWebhookServicePath = "/verifymutate"
	// LivenessServicePath is the path for check liveness health
	LivenessServicePath = "/health/liveness"
	// ReadinessServicePath is the path for check readness health
	ReadinessServicePath = "/health/readiness"
	// MetricsPath is the path for exposing metrics
	MetricsPath = "/metrics"
	// FineGrainedWebhookPath is the sub-path for fine-grained webhook configurationss
	FineGrainedWebhookPath = "/finegrained"
)

paths

View Source 
const UpdateRequestThreshold = 1000

Variables

This section is empty.

Functions

func CreateClientConfig added in v1.1.0 

func CreateClientConfig(kubeconfig string, qps float64, burst int) (*rest.Config, error)

CreateClientConfig creates client config and applies rate limit QPS and burst

func CreateClientConfigWithContext added in v1.8.1 

func CreateClientConfigWithContext(kubeconfig string, context string) (*rest.Config, error)

CreateClientConfigWithContext creates client config from custom kubeconfig file and context Used for cli commands

func DnsNames added in v1.10.5 

func DnsNames(commonName string, namespace string) []string

func InClusterServiceName added in v1.10.5 

func InClusterServiceName(commonName string, namespace string) string

func KyvernoConfigMapName added in v1.7.0 

func KyvernoConfigMapName() string

func KyvernoDeploymentName added in v1.3.0 

func KyvernoDeploymentName() string

func KyvernoDryRunNamespace added in v1.8.2 

func KyvernoDryRunNamespace() string

func KyvernoMetricsConfigMapName added in v1.10.0 

func KyvernoMetricsConfigMapName() string

func KyvernoNamespace added in v1.3.0 

func KyvernoNamespace() string

func KyvernoPodName added in v1.7.0 

func KyvernoPodName() string

func KyvernoRoleName added in v1.13.0 

func KyvernoRoleName() string

func KyvernoServiceAccountName added in v1.8.0 

func KyvernoServiceAccountName() string

func KyvernoServiceName added in v1.3.0 

func KyvernoServiceName() string

func KyvernoUserName added in v1.10.0 

func KyvernoUserName(serviceaccount string) string

func NewDefaultConfiguration added in v1.8.1 

func NewDefaultConfiguration(skipResourceFilters bool) *configuration

NewDefaultConfiguration ...

func NewDefaultMetricsConfiguration added in v1.9.0 

func NewDefaultMetricsConfiguration() *metricsConfig

NewDefaultMetricsConfiguration ...

Types

type Configuration added in v1.7.0 

type Configuration interface {
	// GetDefaultRegistry return default image registry
	GetDefaultRegistry() string
	// GetEnableDefaultRegistryMutation returns true if image references should be mutated
	GetEnableDefaultRegistryMutation() bool
	// IsExcluded checks exlusions/inclusions to determine if the admission request should be excluded or not
	IsExcluded(username string, groups []string, roles []string, clusterroles []string) bool
	// ToFilter checks if the given resource is set to be filtered in the configuration
	ToFilter(kind schema.GroupVersionKind, subresource, namespace, name string) bool
	// GetGenerateSuccessEvents return if should generate success events
	GetGenerateSuccessEvents() bool
	// GetWebhook returns the webhook config
	GetWebhook() WebhookConfig
	// GetWebhookAnnotations returns annotations to set on webhook configs
	GetWebhookAnnotations() map[string]string
	// GetWebhookLabels returns labels to set on webhook configs
	GetWebhookLabels() map[string]string
	// GetMatchConditions returns match conditions to set on webhook configs
	GetMatchConditions() []admissionregistrationv1.MatchCondition
	// Load loads configuration from a configmap
	Load(*corev1.ConfigMap)
	// OnChanged adds a callback to be invoked when the configuration is reloaded
	OnChanged(func())
	// GetUpdateRequestThreshold gets the threshold limit for the total number of updaterequests
	GetUpdateRequestThreshold() int64
}

Configuration to be used by consumer to check filters

type MetricsConfiguration added in v1.9.0 

type MetricsConfiguration interface {
	// GetExcludeNamespaces returns the namespaces to ignore for metrics exposure
	GetExcludeNamespaces() []string
	// GetIncludeNamespaces returns the namespaces to specifically consider for metrics exposure
	GetIncludeNamespaces() []string
	// GetMetricsRefreshInterval returns the refresh interval for the metrics
	GetMetricsRefreshInterval() time.Duration
	// CheckNamespace returns `true` if the namespace has to be considered
	CheckNamespace(string) bool
	// GetBucketBoundaries returns the bucket boundaries for Histogram metrics
	GetBucketBoundaries() []float64
	// BuildMeterProviderViews returns OTL view removing attributes which were disabled in the config
	BuildMeterProviderViews() []sdkmetric.View
	// Load loads configuration from a configmap
	Load(*corev1.ConfigMap)
	// OnChanged adds a callback to be invoked when the configuration is reloaded
	OnChanged(func())
}

MetricsConfig stores the config for metrics

type WebhookConfig added in v1.4.0 

type WebhookConfig struct {
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
	ObjectSelector    *metav1.LabelSelector `json:"objectSelector,omitempty"`
}

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.