Documentation

Index

Constants

View Source
const (

	// PuType is the type of host svc (network only or otherwise)
	PuType = "$PuType"
	// LinuxPU represents the PU type
	LinuxPU = "LinuxPU"

	// HostModeNetworkPU represents host pu in network only mode.
	HostModeNetworkPU = "HostNetworkPU"

	// HostPU represent host pu in true sense (both incoming and outgoing)
	HostPU = "HostPU"
)
View Source
const KubernetesContainerNameIdentifier = "@usr:io.kubernetes.container.name"

    KubernetesContainerNameIdentifier is the label used by Docker for the K8S container name.

    View Source
    const KubernetesInfraContainerName = "POD"

      KubernetesInfraContainerName is the name of the infra POD.

      View Source
      const KubernetesPodNameIdentifier = "@usr:io.kubernetes.pod.name"

        KubernetesPodNameIdentifier is the label used by Docker for the K8S pod name.

        View Source
        const KubernetesPodNamespaceIdentifier = "@usr:io.kubernetes.pod.namespace"

          KubernetesPodNamespaceIdentifier is the label used by Docker for the K8S namespace.

          View Source
          const UpstreamNameIdentifier = "@app:k8s:name"

            UpstreamNameIdentifier is the identifier used to identify the nane on the resulting PU

            View Source
            const UpstreamNamespaceIdentifier = "@app:k8s:namespace"

              UpstreamNamespaceIdentifier is the identifier used to identify the nanespace on the resulting PU

              View Source
              const UpstreamOldNameIdentifier = "@k8s:name"

                UpstreamOldNameIdentifier is the identifier used to identify the nane on the resulting PU TODO: Remove OLDTAGS

                View Source
                const UpstreamOldNamespaceIdentifier = "@k8s:namespace"

                  UpstreamOldNamespaceIdentifier is the identifier used to identify the nanespace on the resulting PU

                  View Source
                  const UserLabelPrefix = "@usr:"

                    UserLabelPrefix is the label prefix for all user defined labels

                    Variables

                    This section is empty.

                    Functions

                    func DefaultHostMetadataExtractor

                    func DefaultHostMetadataExtractor(event *common.EventInfo) (*policy.PURuntime, error)

                      DefaultHostMetadataExtractor is a host specific metadata extractor

                      func DefaultKubernetesMetadataExtractor

                      func DefaultKubernetesMetadataExtractor(runtime policy.RuntimeReader, pod *api.Pod) (*policy.PURuntime, bool, error)

                        DefaultKubernetesMetadataExtractor is a default implementation for the medatadata extractor for Kubernetes It only activates the POD//INFRA containers and strips all the labels from docker to only keep the ones from Kubernetes

                        func DefaultMetadataExtractor

                        func DefaultMetadataExtractor(info *types.ContainerJSON) (*policy.PURuntime, error)

                          DefaultMetadataExtractor is the default metadata extractor for Docker

                          func GetPuType

                          func GetPuType(runtime policy.RuntimeReader) string

                            GetPuType returns puType stored by policy extensions.

                            func IsHostPU

                            func IsHostPU(runtime policy.RuntimeReader, mode constants.ModeType) bool

                              IsHostPU returns true if puType stored by policy extensions is host PU

                              func IsHostmodePU

                              func IsHostmodePU(runtime policy.RuntimeReader, mode constants.ModeType) bool

                                IsHostmodePU returns true if puType stored by policy extensions is hostmode PU

                                func ProcessInfo

                                func ProcessInfo(pid int32) []string

                                  ProcessInfo returns all metadata captured by a process

                                  func SystemdEventMetadataExtractor

                                  func SystemdEventMetadataExtractor(event *common.EventInfo) (*policy.PURuntime, error)

                                    SystemdEventMetadataExtractor is a systemd based metadata extractor TODO: Remove OLDTAGS

                                    func UIDMetadataExtractor

                                    func UIDMetadataExtractor(event *common.EventInfo) (*policy.PURuntime, error)

                                      UIDMetadataExtractor is a metadata extractor for uid/gid.

                                      Types

                                      type DockerMetadataExtractor

                                      type DockerMetadataExtractor func(*types.ContainerJSON) (*policy.PURuntime, error)

                                        A DockerMetadataExtractor is a function used to extract a *policy.PURuntime from a given docker ContainerJSON.

                                        func NewExternalExtractor

                                        func NewExternalExtractor(filePath string) (DockerMetadataExtractor, error)

                                          NewExternalExtractor returns a new bash metadata extractor for Docker that will call the executable given in parameter and will generate a Policy Runtime as standard output The format of Input/Output of the executable are in standard JSON.

                                          type EventMetadataExtractor

                                          type EventMetadataExtractor func(*common.EventInfo) (*policy.PURuntime, error)

                                            EventMetadataExtractor is a function used to extract a *policy.PURuntime from a given EventInfo. The EventInfo is generic and is provided over the RPC interface

                                            type KubernetesMetadataExtractorType

                                            type KubernetesMetadataExtractorType func(runtime policy.RuntimeReader, pod *api.Pod) (*policy.PURuntime, bool, error)

                                              KubernetesMetadataExtractorType is an extractor function for Kubernetes. It takes as parameter a standard Docker runtime and a Pod Kubernetes definition and return a PolicyRuntime This extractor also provides an extra boolean parameter that is used as a token to decide if activation is required.

                                              type LinuxMetadataExtractorType

                                              type LinuxMetadataExtractorType func(event *common.EventInfo) (*policy.PURuntime, error)

                                                LinuxMetadataExtractorType is a type of Linux metadata extractors