Back to

Package controller

Latest Go to latest

The latest major version is .

Published: Jul 8, 2020 | License: Apache-2.0 | Module:


func LaunchRemoteEnforcer

func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor, zapConfig zap.Config, agentVersion semver.Version) error

LaunchRemoteEnforcer launches a remote enforcer instance.

type DebugInfo

type DebugInfo interface {
	// EnableReceivedPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID
	EnableDatapathPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, direction packettracing.TracingDirection, interval time.Duration) error
	// EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.
	EnableIPTablesPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, interval time.Duration) error
	// Ping runs ping based on the given config.
	Ping(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, pingConfig *policy.PingConfig) error

DebugInfo is the interface implemented by controllers to support configuring debug options

type Option

type Option func(*config)

Option is provided using functional arguments.

func OptionAgentVersion

func OptionAgentVersion(v semver.Version) Option

OptionAgentVersion is an option to set agent version.

func OptionBPFEnabled

func OptionBPFEnabled(bpfEnabled bool) Option

OptionBPFEnabled is an option

func OptionBinaryTokens

func OptionBinaryTokens(b bool) Option

OptionBinaryTokens enables the binary token datapath

func OptionCollector

func OptionCollector(c collector.EventCollector) Option

OptionCollector is an option to provide an external collector implementation.

func OptionDatapathService

func OptionDatapathService(s packetprocessor.PacketProcessor) Option

OptionDatapathService is an option to provide an external datapath service implementation.

func OptionDisableMutualAuth

func OptionDisableMutualAuth() Option

OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)

func OptionEnforceFqConfig

func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option

OptionEnforceFqConfig is an option to override filter queues.

func OptionEnforceLinuxProcess

func OptionEnforceLinuxProcess() Option

OptionEnforceLinuxProcess is an option to request support for linux process support.

func OptionIPSetManager

func OptionIPSetManager(manager ipsetmanager.ACLManager) Option

OptionIPSetManager is an option to provide ipsetmanager

func OptionIPv6Enable

func OptionIPv6Enable(ipv6Enabled bool) Option

OptionIPv6Enable is an option to enable ipv6

func OptionPacketLogs

func OptionPacketLogs() Option

OptionPacketLogs is an option to enable packet level logging.

func OptionProcMountPoint

func OptionProcMountPoint(p string) Option

OptionProcMountPoint is an option to provide proc mount point.

func OptionRemoteParameters

func OptionRemoteParameters(p *env.RemoteParameters) Option

OptionRemoteParameters is an option to set the parameters for the remote

func OptionRuntimeConfiguration

func OptionRuntimeConfiguration(c *runtime.Configuration) Option

OptionRuntimeConfiguration is an option to provide target network configuration.

func OptionRuntimeErrorChannel

func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option

OptionRuntimeErrorChannel configures the error channel for the policy engine.

func OptionSecret

func OptionSecret(s secrets.Secrets) Option

OptionSecret is an option to provide an external datapath service implementation.

func OptionTokenIssuer

func OptionTokenIssuer(t common.ServiceTokenIssuer) Option

OptionTokenIssuer provides the token issuer.

type TriremeController

type TriremeController interface {
	// Run initializes and runs the controller.
	Run(ctx context.Context) error

	// CleanUp cleans all the supervisors and ACLs for a clean exit
	CleanUp() error

	// Enforce asks the controller to enforce policy on a processing unit
	Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UnEnforce asks the controller to ub-enforce policy on a processing unit
	UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UpdatePolicy updates the policy of the isolator for a container.
	UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error

	// UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
	UpdateSecrets(secrets secrets.Secrets) error

	// UpdateConfiguration updates the configuration of the controller. Only specific configuration
	// parameters can be updated during run time.
	UpdateConfiguration(cfg *runtime.Configuration) error

TriremeController is the main API of the Trireme controller

func New

func New(serverID string, mode constants.ModeType, opts ...Option) TriremeController

New returns a trireme interface implementation based on configuration provided.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier