The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var KubeletProcessRegex = BuildProcessRegex("(hyperkube )?kubelet")
KubeletProcessRegex is the kubelet process regex used to find the kubelet process Sometimes it is not the kubelet binary that is used in the system (e.g. Openshift4) but k8s' all-in-one binary: https://github.com/kubernetes/kubernetes/tree/master/cluster/images/hyperkube The following is an example of a kubelet cmdline in Openshift4: /usr/bin/hyperkube kubelet --config=/etc/kubernetes/kubelet.conf --bootstrap-kubeconfig=/etc/kubernete s/kubeconfig --rotate-certificates --kubeconfig=/var/lib/kubelet/kubeconfig --container-runtime=remote --container-runtime-endpoint=/var/run/crio/crio.s ock --allow-privileged --node-labels=node-role.kubernetes.io/master --minimum-container-ttl-duration=6m0s --client-ca-file=/etc/kubernetes/ca.crt --clou d-provider=aws --anonymous-auth=false --register-with-taints=node-role.kubernetes.io/master=:NoSchedule
Functions ¶
func BuildProcessRegex ¶
BuildProcessRegex returns a regex that should match processes with a name matching the given process regular expression Remark: procExpression can be a regular expression
func ParseStringFlag ¶
ParseStringFlag parses a flag from a given command
func ParseStringFlags ¶
ParseStringFlags parses a list of flags from a given command
Types ¶
type ExtendedRuntimeService ¶
type ExtendedRuntimeService interface {
criapi.RuntimeService
ContainerStatusVerbose(containerID string) (*criruntimev1alpha2.ContainerStatus, map[string]string, error)
PodSandboxStatusVerbose(podSandboxID string) (*criruntimev1alpha2.PodSandboxStatus, map[string]string, error)
StatusVerbose() (*criruntimev1alpha2.RuntimeStatus, map[string]string, error)
}
ExtendedRuntimeService extends the CRI RuntimeService by some verbose functions that are otherwise inaccessible
func NewCRIExtendedRuntimeServiceWrapper ¶
func NewCRIExtendedRuntimeServiceWrapper(ctx context.Context, timeout time.Duration, client criruntimev1alpha2.RuntimeServiceClient) (ExtendedRuntimeService, error)
NewCRIExtendedRuntimeServiceWrapper creates an ExtendedRuntimeService from a v1alpha2 runtime service client NOTE: the passed context is used for every subsequent call on the interface as the parent context with a timeout as passed through the argument. If the parent context gets canceled, this client becomes useless.
func NewCRIRuntimeServiceClient ¶
func NewCRIRuntimeServiceClient(ctx context.Context, criRuntimeEndpoint string) (ExtendedRuntimeService, error)
NewCRIRuntimeServiceClient takes a CRI socket path and tries to establish a grpc connection to the CRI runtime service. On success it is returning an ExtendedRuntimeService interface which is an extended CRI runtime service interface.
type Type ¶
type Type string
Type is the type to be given at startup
const ( TypeNone Type = "none" // TypeNone is the default enforcer type TypeDocker Type = "docker" // TypeDocker is enforcerd which uses CRI docker TypeCRIO Type = "crio" // TypeDaemonset is enforcerd which uses CRIO CRI TypeContainerD Type = "containerd" // TypeContainerD is a enforcerd which uses containerD CRI )
Different enforcer types
func DetectCRIRuntimeEndpoint ¶
DetectCRIRuntimeEndpoint checks if the unix socket path are present for CRI
func (Type) ContainerD ¶
ContainerD returns true if enforcerd is using ContainerD CRI
func (Type) SupportRuncProxy ¶
SupportRuncProxy returns true iff the enforcer supports runc proxy
Source Files
Directories