v1alpha1

package

v0.8.3 Latest Latest Go to latest Published: Apr 8, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/security-profiles-operator

Links

Open Source Insights

Documentation ¶

Overview ¶

Package v1alpha1 contains API Schema definitions for the security-profiles-operator v1alpha1 API group +kubebuilder:object:generate=true +groupName=security-profiles-operator.x-k8s.io

Index ¶

Constants
Variables
type ProfileMergeStrategy
type ProfileRecorder
type ProfileRecording
type ProfileRecordingKind
type ProfileRecordingList
type ProfileRecordingSpec
- func (in *ProfileRecordingSpec) DeepCopy() *ProfileRecordingSpec
- func (in *ProfileRecordingSpec) DeepCopyInto(out *ProfileRecordingSpec)
type ProfileRecordingStatus
- func (in *ProfileRecordingStatus) DeepCopy() *ProfileRecordingStatus
- func (in *ProfileRecordingStatus) DeepCopyInto(out *ProfileRecordingStatus)

Constants ¶

View Source

const (
	// ProfileToRecordingLabel is the name of the ProfileRecording CR that produced this profile.
	ProfileToRecordingLabel = "spo.x-k8s.io/recording-id"
	// ProfileToContainerLabel is the name of the container that produced this profile.
	ProfileToContainerLabel = "spo.x-k8s.io/container-id"
	// RecordingHasUnmergedProfiles is a finalizer that indicates that the recording has partial policies. Its
	// main use is to hold off the deletion of the recording until all partial profiles are merged.
	RecordingHasUnmergedProfiles = "spo.x-k8s.io/has-unmerged-profiles"
)

Variables ¶

View Source

var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "security-profiles-operator.x-k8s.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions ¶

This section is empty.

Types ¶

type ProfileMergeStrategy ¶ added in v0.5.0

type ProfileMergeStrategy string

const (
	ProfileMergeNone       ProfileMergeStrategy = "none"
	ProfileMergeContainers ProfileMergeStrategy = "containers"
)

type ProfileRecorder ¶ added in v0.4.0

type ProfileRecorder string

const (
	ProfileRecorderLogs ProfileRecorder = "logs"
	ProfileRecorderBpf  ProfileRecorder = "bpf"
)

type ProfileRecording ¶

type ProfileRecording struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ProfileRecordingSpec   `json:"spec,omitempty"`
	Status ProfileRecordingStatus `json:"status,omitempty"`
}

ProfileRecording is the Schema for the profilerecordings API. +kubebuilder:subresource:status +kubebuilder:printcolumn:name="PodSelector",type=string,priority=10,JSONPath=`.spec.podSelector`

func (*ProfileRecording) CtrAnnotation ¶ added in v0.4.0

func (pr *ProfileRecording) CtrAnnotation(ctrName string) (key, value string, err error)

func (*ProfileRecording) DeepCopy ¶

func (in *ProfileRecording) DeepCopy() *ProfileRecording

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecording.

func (*ProfileRecording) DeepCopyInto ¶

func (in *ProfileRecording) DeepCopyInto(out *ProfileRecording)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileRecording) DeepCopyObject ¶

func (in *ProfileRecording) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ProfileRecording) IsKindSupported ¶ added in v0.4.0

func (pr *ProfileRecording) IsKindSupported() bool

type ProfileRecordingKind ¶ added in v0.4.0

type ProfileRecordingKind string

const (
	ProfileRecordingKindSeccompProfile ProfileRecordingKind = "SeccompProfile"
	ProfileRecordingKindSelinuxProfile ProfileRecordingKind = "SelinuxProfile"
)

type ProfileRecordingList ¶

type ProfileRecordingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ProfileRecording `json:"items"`
}

ProfileRecordingList contains a list of ProfileRecording.

func (*ProfileRecordingList) DeepCopy ¶

func (in *ProfileRecordingList) DeepCopy() *ProfileRecordingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecordingList.

func (*ProfileRecordingList) DeepCopyInto ¶

func (in *ProfileRecordingList) DeepCopyInto(out *ProfileRecordingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileRecordingList) DeepCopyObject ¶

func (in *ProfileRecordingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileRecordingSpec ¶

type ProfileRecordingSpec struct {
	// Kind of object to be recorded.
	// +kubebuilder:validation:Enum=SeccompProfile;SelinuxProfile
	Kind ProfileRecordingKind `json:"kind"`

	// Recorder to be used.
	// +kubebuilder:validation:Enum=bpf;logs
	Recorder ProfileRecorder `json:"recorder"`

	// Whether or how to merge recorded profiles. Can be one of "none" or "containers".
	// Default is "none".
	// +optional
	// +kubebuilder:default="none"
	// +kubebuilder:validation:Enum=none;containers
	MergeStrategy ProfileMergeStrategy `json:"mergeStrategy"`

	// PodSelector selects the pods to record. This field follows standard
	// label selector semantics. An empty podSelector matches all pods in this
	// namespace.
	PodSelector metav1.LabelSelector `json:"podSelector"`

	// Containers is a set of containers to record. This allows to select
	// only specific containers to record instead of all containers present
	// in the pod.
	// +optional
	Containers []string `json:"containers,omitempty"`

	// DisableProfileAfterRecording indicates whether the profile should be disabled
	// after recording and thus skipped during reconcile. In case of SELinux profiles,
	// reconcile can take a significant amount of time and for all profiles might not be needed.
	// This Defaults to false.
	// +optional
	// +kubebuilder:default=false
	DisableProfileAfterRecording bool `json:"disableProfileAfterRecording,omitempty"`
}

ProfileRecordingSpec defines the desired state of ProfileRecording.

func (*ProfileRecordingSpec) DeepCopy ¶

func (in *ProfileRecordingSpec) DeepCopy() *ProfileRecordingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecordingSpec.

func (*ProfileRecordingSpec) DeepCopyInto ¶

func (in *ProfileRecordingSpec) DeepCopyInto(out *ProfileRecordingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProfileRecordingStatus ¶

type ProfileRecordingStatus struct {
	ActiveWorkloads []string `json:"activeWorkloads,omitempty"`
}

ProfileRecordingStatus contains status of the ProfileRecording.

func (*ProfileRecordingStatus) DeepCopy ¶

func (in *ProfileRecordingStatus) DeepCopy() *ProfileRecordingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileRecordingStatus.

func (*ProfileRecordingStatus) DeepCopyInto ¶

func (in *ProfileRecordingStatus) DeepCopyInto(out *ProfileRecordingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL