Documentation

Index

Constants

View Source
const (
	//MutatingWebhookConfigurationName default resource mutating webhook configuration name
	MutatingWebhookConfigurationName = "kyverno-resource-mutating-webhook-cfg"
	//MutatingWebhookConfigurationDebugName default resource mutating webhook configuration name for debug mode
	MutatingWebhookConfigurationDebugName = "kyverno-resource-mutating-webhook-cfg-debug"
	//MutatingWebhookName default resource mutating webhook name
	MutatingWebhookName = "nirmata.kyverno.resource.mutating-webhook"

	ValidatingWebhookConfigurationName      = "kyverno-resource-validating-webhook-cfg"
	ValidatingWebhookConfigurationDebugName = "kyverno-resource-validating-webhook-cfg-debug"
	ValidatingWebhookName                   = "nirmata.kyverno.resource.validating-webhook"

	//VerifyMutatingWebhookConfigurationName default verify mutating webhook configuration name
	VerifyMutatingWebhookConfigurationName = "kyverno-verify-mutating-webhook-cfg"
	//VerifyMutatingWebhookConfigurationDebugName default verify mutating webhook configuration name for debug mode
	VerifyMutatingWebhookConfigurationDebugName = "kyverno-verify-mutating-webhook-cfg-debug"
	//VerifyMutatingWebhookName default verify mutating webhook name
	VerifyMutatingWebhookName = "nirmata.kyverno.verify-mutating-webhook"

	//PolicyValidatingWebhookConfigurationName default policy validating webhook configuration name
	PolicyValidatingWebhookConfigurationName = "kyverno-policy-validating-webhook-cfg"
	//PolicyValidatingWebhookConfigurationDebugName default policy validating webhook configuration name for debug mode
	PolicyValidatingWebhookConfigurationDebugName = "kyverno-policy-validating-webhook-cfg-debug"
	//PolicyValidatingWebhookName default policy validating webhook name
	PolicyValidatingWebhookName = "nirmata.kyverno.policy-validating-webhook"

	//PolicyMutatingWebhookConfigurationName default policy mutating webhook configuration name
	PolicyMutatingWebhookConfigurationName = "kyverno-policy-mutating-webhook-cfg"
	//PolicyMutatingWebhookConfigurationDebugName default policy mutating webhook configuration name for debug mode
	PolicyMutatingWebhookConfigurationDebugName = "kyverno-policy-mutating-webhook-cfg-debug"
	//PolicyMutatingWebhookName default policy mutating webhook name
	PolicyMutatingWebhookName = "nirmata.kyverno.policy-mutating-webhook"

	// DeploymentKind define the default deployment resource kind
	DeploymentKind = "Deployment"

	// DeploymentAPIVersion define the default deployment resource apiVersion
	DeploymentAPIVersion = "extensions/v1beta1"
)

    These constants MUST be equal to the corresponding names in service definition in definitions/install.yaml

    Variables

    View Source
    var (
    	//KubePolicyNamespace is the kyverno policy namespace
    	KubePolicyNamespace = getKyvernoNameSpace()
    	// KubePolicyDeploymentName define the default deployment namespace
    	KubePolicyDeploymentName = "kyverno"
    	//WebhookServiceName default kyverno webhook service name
    	WebhookServiceName = getWebhookServiceName()
    
    	//MutatingWebhookServicePath is the path for mutation webhook
    	MutatingWebhookServicePath = "/mutate"
    	//ValidatingWebhookServicePath is the path for validation webhook
    	ValidatingWebhookServicePath = "/validate"
    	//PolicyValidatingWebhookServicePath is the path for policy validation webhook(used to validate policy resource)
    	PolicyValidatingWebhookServicePath = "/policyvalidate"
    	//PolicyMutatingWebhookServicePath is the path for policy mutation webhook(used to default)
    	PolicyMutatingWebhookServicePath = "/policymutate"
    	//VerifyMutatingWebhookServicePath is the path for verify webhook(used to veryfing if admission control is enabled and active)
    	VerifyMutatingWebhookServicePath = "/verifymutate"
    	// LivenessServicePath is the path for check liveness health
    	LivenessServicePath = "/health/liveness"
    	// ReadinessServicePath is the path for check readness health
    	ReadinessServicePath = "/health/readiness"
    )

    Functions

    func CreateClientConfig

    func CreateClientConfig(kubeconfig string, log logr.Logger) (*rest.Config, error)

      CreateClientConfig creates client config

      Types

      type ConfigData

      type ConfigData struct {
      	// contains filtered or unexported fields
      }

        ConfigData stores the configuration

        func NewConfigData

        func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8Resources, excludeGroupRole, excludeUsername string, log logr.Logger) *ConfigData

          NewConfigData ...

          func (*ConfigData) GetExcludeGroupRole

          func (cd *ConfigData) GetExcludeGroupRole() []string

            GetExcludeGroupRole return exclude roles

            func (*ConfigData) GetExcludeUsername

            func (cd *ConfigData) GetExcludeUsername() []string

              GetExcludeUsername return exclude username

              func (*ConfigData) RestrictDevelopmentUsername

              func (cd *ConfigData) RestrictDevelopmentUsername() []string

                RestrictDevelopmentUsername return exclude development username

                func (*ConfigData) Run

                func (cd *ConfigData) Run(stopCh <-chan struct{})

                  Run checks syncing

                  func (*ConfigData) ToFilter

                  func (cd *ConfigData) ToFilter(kind, namespace, name string) bool

                    ToFilter checks if the given resource is set to be filtered in the configuration

                    type Interface

                    type Interface interface {
                    	ToFilter(kind, namespace, name string) bool
                    	GetExcludeGroupRole() []string
                    	GetExcludeUsername() []string
                    	RestrictDevelopmentUsername() []string
                    }

                      Interface to be used by consumer to check filters