sanitize

package
v0.11.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// SecNonRootUndefined denotes no root user set
	SecNonRootUndefined NonRootUser = iota - 1
	// SecNonRootUnset denotes root user
	SecNonRootUnset = 0
	// SecNonRootSet denotes non root user
	SecNonRootSet = 1
)

Variables

This section is empty.

Functions

func ToPerc 

func ToPerc(v1, v2 int64) int64

ToPerc computes the percentage from one number over another.

Types

type CRBLister added in v0.6.0 

type CRBLister interface {
	ClusterRoleBindingLister
	ClusterRoleLister
	RoleLister
}

CRBLister represents a cluster role lister.

type CRLister added in v0.6.0 

type CRLister interface {
	ClusterRoleLister
	ClusterRoleBindingLister
	RoleBindingLister
}

CRLister lists roles and rolebindings.

type Cluster added in v0.4.0 

type Cluster struct {
	*issues.Collector
	ClusterLister
}

Cluster tracks cluster sanitization.

func NewCluster added in v0.4.0 

func NewCluster(co *issues.Collector, lister ClusterLister) *Cluster

NewCluster returns a new sanitizer.

func (*Cluster) Sanitize added in v0.4.0 

func (c *Cluster) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type ClusterLister added in v0.4.0 

type ClusterLister interface {
	ListVersion() (string, string)
	HasMetrics() bool
}

ClusterLister list available Clusters on a cluster.

type ClusterMetricsLister 

type ClusterMetricsLister interface {
	ListAvailableMetrics(map[string]*v1.Node) v1.ResourceList
}

ClusterMetricsLister handles cluster metrics.

type ClusterRole added in v0.6.0 

type ClusterRole struct {
	*issues.Collector
	CRLister
}

ClusterRole tracks ClusterRole sanitization.

func NewClusterRole added in v0.6.0 

func NewClusterRole(c *issues.Collector, lister CRLister) *ClusterRole

NewClusterRole returns a new ClusterRole sanitizer.

func (*ClusterRole) Sanitize added in v0.6.0 

func (c *ClusterRole) Sanitize(ctx context.Context) error

Sanitize a configmap.

type ClusterRoleBinding added in v0.6.0 

type ClusterRoleBinding struct {
	*issues.Collector
	CRBLister
}

ClusterRoleBinding tracks ClusterRoleBinding sanitization.

func NewClusterRoleBinding added in v0.6.0 

func NewClusterRoleBinding(c *issues.Collector, lister CRBLister) *ClusterRoleBinding

NewClusterRoleBinding returns a new ClusterRoleBinding sanitizer.

func (*ClusterRoleBinding) Sanitize added in v0.6.0 

func (c *ClusterRoleBinding) Sanitize(ctx context.Context) error

Sanitize a configmap.

type ClusterRoleBindingLister 

type ClusterRoleBindingLister interface {
	ClusterRoleBindingRefs
	ListClusterRoleBindings() map[string]*rbacv1.ClusterRoleBinding
}

ClusterRoleBindingLister list all available ClusterRoleBindings.

type ClusterRoleBindingRefs added in v0.6.0 

type ClusterRoleBindingRefs interface {
	ClusterRoleRefs(*sync.Map)
}

ClusterRoleBindingRefs tracks crb references.

type ClusterRoleLister added in v0.6.0 

type ClusterRoleLister interface {
	ListClusterRoles() map[string]*rbacv1.ClusterRole
}

ClusterRoleLister list out CRs.

type Collector 

type Collector interface {
	// Outcome collects issues.
	Outcome() issues.Outcome

	// AddSubCode records a sub issue.
	AddSubCode(ctx context.Context, id config.ID, args ...interface{})

	// AddCode records a new issue.
	AddCode(ctx context.Context, id config.ID, args ...interface{})
}

Collector collects sub issues.

type CollectorLimiter added in v0.5.0 

type CollectorLimiter interface {
	// Collector an issue collector.
	Collector

	// ConfigLister track config options.
	ConfigLister
}

CollectorLimiter represents a collector with resource allocation limits.

type ConfigLister 

type ConfigLister interface {
	// CPUResourceLimits returns the CPU utilization threshold.
	CPUResourceLimits() config.Allocations

	// MEMResourceLimits returns the MEM utilization threshold.
	MEMResourceLimits() config.Allocations
}

ConfigLister tracks configuration parameters.

type ConfigMap 

type ConfigMap struct {
	*issues.Collector
	ConfigMapLister
}

ConfigMap tracks ConfigMap sanitization.

func NewConfigMap 

func NewConfigMap(c *issues.Collector, lister ConfigMapLister) *ConfigMap

NewConfigMap returns a new sanitizer.

func (*ConfigMap) Sanitize 

func (c *ConfigMap) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type ConfigMapLister 

type ConfigMapLister interface {
	PodRefs
	ListConfigMaps() map[string]*v1.ConfigMap
}

ConfigMapLister list available ConfigMaps on a cluster.

type ConsumptionMetrics 

type ConsumptionMetrics struct {
	QOS                    v1.PodQOSClass
	CurrentCPU, CurrentMEM resource.Quantity
	RequestCPU, RequestMEM resource.Quantity
	LimitCPU, LimitMEM     resource.Quantity
	RequestedStorage       resource.Quantity
}

ConsumptionMetrics tracks managed pods resource utilization.

func (*ConsumptionMetrics) LimitCPURatio added in v0.3.10 

func (d *ConsumptionMetrics) LimitCPURatio() float64

LimitCPURatio returns current cpu usage over requested percentage.

func (*ConsumptionMetrics) LimitMEMRatio added in v0.3.10 

func (d *ConsumptionMetrics) LimitMEMRatio() float64

LimitMEMRatio returns current memory usage over requested percentage.

func (*ConsumptionMetrics) ReqAbsCPURatio added in v0.3.10 

func (d *ConsumptionMetrics) ReqAbsCPURatio() float64

ReqAbsCPURatio returns abasolute cpu ratio.

func (*ConsumptionMetrics) ReqAbsMEMRatio added in v0.3.10 

func (d *ConsumptionMetrics) ReqAbsMEMRatio() float64

ReqAbsMEMRatio returns absolute mem ratio.

func (*ConsumptionMetrics) ReqCPURatio 

func (d *ConsumptionMetrics) ReqCPURatio() float64

ReqCPURatio returns current cpu usage over requested percentage.

func (*ConsumptionMetrics) ReqMEMRatio 

func (d *ConsumptionMetrics) ReqMEMRatio() float64

ReqMEMRatio returns current memory usage over requested percentage.

type Container 

type Container struct {
	LimitCollector
	// contains filtered or unexported fields
}

Container represents a Container linter.

func NewContainer 

func NewContainer(fqn string, c LimitCollector) *Container

NewContainer returns a new sanitizer.

type ContainerRestrictor added in v0.10.0 

type ContainerRestrictor interface {
	AllowedRegistries() []string
}

type DPLister added in v0.6.0 

type DPLister interface {
	PodLimiter
	PodsMetricsLister
	PodSelectorLister
	ConfigLister
	DeploymentLister
	ListServiceAccounts() map[string]*v1.ServiceAccount
}

DPLister represents deployments and deps listers.

type DaemonLister added in v0.4.0 

type DaemonLister interface {
	ListDaemonSets() map[string]*appsv1.DaemonSet
	ListServiceAccounts() map[string]*v1.ServiceAccount
}

DaemonLister list DaemonSets.

type DaemonSet added in v0.4.0 

type DaemonSet struct {
	*issues.Collector
	DaemonSetLister
}

DaemonSet tracks DaemonSet sanitization.

func NewDaemonSet added in v0.4.0 

func NewDaemonSet(co *issues.Collector, lister DaemonSetLister) *DaemonSet

NewDaemonSet returns a new sanitizer.

func (*DaemonSet) Sanitize added in v0.4.0 

func (d *DaemonSet) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type DaemonSetLister added in v0.4.0 

type DaemonSetLister interface {
	PodLimiter
	PodsMetricsLister
	PodSelectorLister
	ConfigLister
	DaemonLister
}

DaemonSetLister list available DaemonSets on a cluster.

type Deployment 

type Deployment struct {
	*issues.Collector
	DPLister
}

Deployment tracks Deployment sanitization.

func NewDeployment 

func NewDeployment(co *issues.Collector, lister DPLister) *Deployment

NewDeployment returns a new sanitizer.

func (*Deployment) Sanitize 

func (d *Deployment) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type DeploymentLister 

type DeploymentLister interface {
	ListDeployments() map[string]*appsv1.Deployment
}

DeploymentLister list available Deployments on a cluster.

type EndPointLister 

type EndPointLister interface {
	GetEndpoints(string) *v1.Endpoints
}

EndPointLister find all service endpoints.

type HorizontalPodAutoscaler 

type HorizontalPodAutoscaler struct {
	*issues.Collector
	HpaLister
}

HorizontalPodAutoscaler represents a HorizontalPodAutoscaler linter.

func NewHorizontalPodAutoscaler 

func NewHorizontalPodAutoscaler(co *issues.Collector, lister HpaLister) *HorizontalPodAutoscaler

NewHorizontalPodAutoscaler returns a new ServiceAccount linter.

func (*HorizontalPodAutoscaler) Sanitize 

func (h *HorizontalPodAutoscaler) Sanitize(ctx context.Context) error

Sanitize an horizontalpodautoscaler.

type HpaLister 

type HpaLister interface {
	NodeLister
	DeploymentLister
	StatefulSetLister
	ClusterMetricsLister
	ListHorizontalPodAutoscalers() map[string]*autoscalingv1.HorizontalPodAutoscaler
}

HpaLister list available hpas on a cluster.

type IngLister added in v0.4.0 

type IngLister interface {
	ListIngresses() map[string]*netv1.Ingress
}

IngLister list ingresses.

type Ingress added in v0.4.0 

type Ingress struct {
	*issues.Collector
	IngressLister
}

Ingress tracks Ingress sanitization.

func NewIngress added in v0.4.0 

func NewIngress(co *issues.Collector, lister IngressLister) *Ingress

NewIngress returns a new sanitizer.

func (*Ingress) Sanitize added in v0.4.0 

func (i *Ingress) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type IngressLister added in v0.4.0 

type IngressLister interface {
	IngLister
}

IngressLister list available Ingresss on a cluster.

type IngressRefs added in v0.5.0 

type IngressRefs interface {
	IngressRefs(*sync.Map)
}

IngressRefs tracks Ingress object references.

type LimitCollector 

type LimitCollector interface {
	Collector
	PodLimiter
	ContainerRestrictor
}

LimitCollector represents a collector with resource limits.

type Namespace 

type Namespace struct {
	*issues.Collector
	NamespaceLister
}

Namespace represents a Namespace sanitizer.

func NewNamespace 

func NewNamespace(co *issues.Collector, lister NamespaceLister) *Namespace

NewNamespace returns a new sanitizer.

func (*Namespace) Sanitize 

func (n *Namespace) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type NamespaceLister 

type NamespaceLister interface {
	NamespaceRefs
	ListNamespaces() map[string]*v1.Namespace
}

NamespaceLister lists all namespaces.

type NamespaceRefs 

type NamespaceRefs interface {
	ReferencedNamespaces(map[string]struct{})
}

NamespaceRefs tracks namespace references in the cluster.

type NamespaceSelectorLister added in v0.4.0 

type NamespaceSelectorLister interface {
	ListNamespacesBySelector(sel *metav1.LabelSelector) map[string]*v1.Namespace
}

NamespaceSelectorLister list a collection of namespaces matching a selector.

type NetworkPolicy added in v0.4.0 

type NetworkPolicy struct {
	*issues.Collector
	NetworkPolicyLister
}

NetworkPolicy tracks NetworkPolicy sanitization.

func NewNetworkPolicy added in v0.4.0 

func NewNetworkPolicy(co *issues.Collector, lister NetworkPolicyLister) *NetworkPolicy

NewNetworkPolicy returns a new sanitizer.

func (*NetworkPolicy) Sanitize added in v0.4.0 

func (n *NetworkPolicy) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type NetworkPolicyLister added in v0.4.0 

type NetworkPolicyLister interface {
	PodSelectorLister
	NamespaceSelectorLister
	ListNetworkPolicies() map[string]*nv1.NetworkPolicy
}

NetworkPolicyLister list available NetworkPolicys on a cluster.

type Node 

type Node struct {
	*issues.Collector
	NodeLister
}

Node represents a Node sanitizer.

func NewNode 

func NewNode(co *issues.Collector, lister NodeLister) *Node

NewNode returns a new sanitizer.

func (*Node) Sanitize 

func (n *Node) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type NodeLimiter 

type NodeLimiter interface {
	NodeCPULimit() float64
	NodeMEMLimit() float64
}

NodeLimiter tracks metrics limit range.

type NodeLister 

type NodeLister interface {
	NodeMetricsLister
	PodLister
	NodeLimiter
	ListNodes() map[string]*v1.Node
}

NodeLister lists available nodes.

type NodeMetricsLister 

type NodeMetricsLister interface {
	ListNodesMetrics() map[string]*mv1beta1.NodeMetrics
}

NodeMetricsLister handle

type NonRootUser added in v0.6.1 

type NonRootUser int

NonRootUser identifies if a security context for nonRootUser is set/unset or undefined.

type PdbLister added in v0.3.10 

type PdbLister interface {
	ListPodDisruptionBudgets() map[string]*policyv1.PodDisruptionBudget
	ForLabels(labels map[string]string) *policyv1.PodDisruptionBudget
}

PdbLister list pdb matching a given selector

type PersistentVolume 

type PersistentVolume struct {
	*issues.Collector
	PersistentVolumeLister
}

PersistentVolume represents a PersistentVolume sanitizer.

func NewPersistentVolume 

func NewPersistentVolume(co *issues.Collector, lister PersistentVolumeLister) *PersistentVolume

NewPersistentVolume returns a new sanitizer.

func (*PersistentVolume) Sanitize 

func (p *PersistentVolume) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type PersistentVolumeClaim 

type PersistentVolumeClaim struct {
	*issues.Collector
	PersistentVolumeClaimLister
}

PersistentVolumeClaim represents a PersistentVolumeClaim sanitizer.

func NewPersistentVolumeClaim 

func NewPersistentVolumeClaim(co *issues.Collector, lister PersistentVolumeClaimLister) *PersistentVolumeClaim

NewPersistentVolumeClaim returns a new sanitizer.

func (*PersistentVolumeClaim) Sanitize 

func (p *PersistentVolumeClaim) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type PersistentVolumeClaimLister 

type PersistentVolumeClaimLister interface {
	ListPersistentVolumeClaims() map[string]*v1.PersistentVolumeClaim
	PodLister
}

PersistentVolumeClaimLister list available PersistentVolumeClaim on a cluster.

type PersistentVolumeLister 

type PersistentVolumeLister interface {
	ListPersistentVolumes() map[string]*v1.PersistentVolume
}

PersistentVolumeLister list available PersistentVolume on a cluster.

type Pod 

type Pod struct {
	*issues.Collector
	PodMXLister
}

Pod represents a Pod linter.

func NewPod 

func NewPod(co *issues.Collector, lister PodMXLister) *Pod

NewPod returns a new sanitizer.

func (*Pod) Sanitize 

func (p *Pod) Sanitize(ctx context.Context) error

Sanitize cleanse the resource..

type PodDisruptionBudget added in v0.3.10 

type PodDisruptionBudget struct {
	*issues.Collector
	PodDisruptionBudgetLister
}

PodDisruptionBudget tracks PodDisruptionBudget sanitization.

func NewPodDisruptionBudget added in v0.3.10 

func NewPodDisruptionBudget(c *issues.Collector, lister PodDisruptionBudgetLister) *PodDisruptionBudget

NewPodDisruptionBudget returns a new PodDisruptionBudget sanitizer.

func (*PodDisruptionBudget) Sanitize added in v0.3.10 

func (p *PodDisruptionBudget) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type PodDisruptionBudgetLister added in v0.3.10 

type PodDisruptionBudgetLister interface {
	PodLister
	ListPodDisruptionBudgets() map[string]*policyv1.PodDisruptionBudget
}

PodDisruptionBudgetLister list available PodDisruptionBudgets on a cluster.

type PodGetter 

type PodGetter interface {
	GetPod(ns string, sel map[string]string) *v1.Pod
}

PodGetter find a single pod matching service selector.

type PodLimiter 

type PodLimiter interface {
	PodCPULimit() float64
	PodMEMLimit() float64
	RestartsLimit() int
}

PodLimiter tracks metrics limit range.

type PodLister 

type PodLister interface {
	ListPods() map[string]*v1.Pod
	GetPod(ns string, sel map[string]string) *v1.Pod
}

PodLister lists available pods.

type PodMXLister 

type PodMXLister interface {
	PodLimiter
	PodMetricsLister
	PodLister
	PdbLister
	ConfigLister
	ListServiceAccounts() map[string]*v1.ServiceAccount
}

PodMXLister list available pods.

type PodMetric 

type PodMetric interface {
	CurrentCPU() int64
	CurrentMEM() int64
	Empty() bool
}

PodMetric tracks node metrics available and current range.

type PodMetricsLister 

type PodMetricsLister interface {
	ListPodsMetrics() map[string]*mv1beta1.PodMetrics
}

PodMetricsLister handles pods metrics.

type PodRefs 

type PodRefs interface {
	PodRefs(*sync.Map)
}

PodRefs tracks pods object references.

type PodSelectorLister 

type PodSelectorLister interface {
	ListPodsBySelector(ns string, sel *metav1.LabelSelector) map[string]*v1.Pod
}

PodSelectorLister list a collection of pod matching a selector.

type PodsMetricsLister 

type PodsMetricsLister interface {
	ListPodsMetrics() map[string]*mv1beta1.PodMetrics
}

PodsMetricsLister handles pods metrics.

type RBLister added in v0.6.0 

type RBLister interface {
	RoleBindingLister
	ClusterRoleLister
	RoleLister
}

RBLister represents RB dependencies.

type ROLister added in v0.6.0 

type ROLister interface {
	RoleLister
	ClusterRoleBindingLister
	RoleBindingLister
}

ROLister list out roles and deps.

type ReplicaLister added in v0.4.0 

type ReplicaLister interface {
	ListReplicaSets() map[string]*appsv1.ReplicaSet
}

ReplicaLister list replicaset.

type ReplicaSet added in v0.4.0 

type ReplicaSet struct {
	*issues.Collector
	ReplicaSetLister
}

ReplicaSet tracks ReplicaSet sanitization.

func NewReplicaSet added in v0.4.0 

func NewReplicaSet(co *issues.Collector, lister ReplicaSetLister) *ReplicaSet

NewReplicaSet returns a new ReplicaSet sanitizer.

func (*ReplicaSet) Sanitize added in v0.4.0 

func (r *ReplicaSet) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type ReplicaSetLister added in v0.4.0 

type ReplicaSetLister interface {
	ReplicaLister
}

ReplicaSetLister list available ReplicaSets on a cluster.

type Role added in v0.6.0 

type Role struct {
	*issues.Collector
	ROLister
}

Role tracks Role sanitization.

func NewRole added in v0.6.0 

func NewRole(c *issues.Collector, lister ROLister) *Role

NewRole returns a new sanitizer.

func (*Role) Sanitize added in v0.6.0 

func (r *Role) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type RoleBinding added in v0.6.0 

type RoleBinding struct {
	*issues.Collector
	RBLister
}

RoleBinding tracks RoleBinding sanitization.

func NewRoleBinding added in v0.6.0 

func NewRoleBinding(c *issues.Collector, lister RBLister) *RoleBinding

NewRoleBinding returns a new sanitizer.

func (*RoleBinding) Sanitize added in v0.6.0 

func (r *RoleBinding) Sanitize(ctx context.Context) error

Sanitize cleanse the resource..

type RoleBindingLister 

type RoleBindingLister interface {
	RoleBindingRefs
	ListRoleBindings() map[string]*rbacv1.RoleBinding
}

RoleBindingLister list all available ClusterRoleBindings.

type RoleBindingRefs added in v0.6.0 

type RoleBindingRefs interface {
	RoleRefs(*sync.Map)
}

RoleBindingRefs tracks rb references.

type RoleLister added in v0.6.0 

type RoleLister interface {
	ListRoles() map[string]*rbacv1.Role
}

RoleLister list out roles.

type SARefs 

type SARefs interface {
	ServiceAccountRefs(*sync.Map)
}

SARefs tracks ServiceAccount object references.

type Secret 

type Secret struct {
	*issues.Collector
	SecretLister
}

Secret tracks Secret sanitization.

func NewSecret 

func NewSecret(co *issues.Collector, lister SecretLister) *Secret

NewSecret returns a new sanitizer.

func (*Secret) Sanitize 

func (s *Secret) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type SecretLister 

type SecretLister interface {
	PodRefs
	SARefs
	IngressRefs
	ListSecrets() map[string]*v1.Secret
}

SecretLister list available Secrets on a cluster.

type Service 

type Service struct {
	*issues.Collector
	ServiceLister
}

Service represents a service sanitizer.

func NewService 

func NewService(co *issues.Collector, lister ServiceLister) *Service

NewService returns a new sanitizer.

func (*Service) Sanitize 

func (s *Service) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type ServiceAccount 

type ServiceAccount struct {
	*issues.Collector

	ServiceAccountLister
}

ServiceAccount tracks ServiceAccount sanitizer.

func NewServiceAccount 

func NewServiceAccount(co *issues.Collector, lister ServiceAccountLister) *ServiceAccount

NewServiceAccount returns a new sanitizer.

func (*ServiceAccount) Sanitize 

func (s *ServiceAccount) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type ServiceAccountLister 

type ServiceAccountLister interface {
	PodLister
	ClusterRoleBindingLister
	RoleBindingLister
	SecretLister

	ListServiceAccounts() map[string]*v1.ServiceAccount
}

ServiceAccountLister list available ServiceAccounts on a cluster.

type ServiceLister 

type ServiceLister interface {
	PodGetter
	EndPointLister
	ListServices() map[string]*v1.Service
}

ServiceLister list available Services on a cluster.

type StatefulSet 

type StatefulSet struct {
	*issues.Collector
	StatefulSetLister
}

StatefulSet represents a StatefulSet sanitizer.

func NewStatefulSet 

func NewStatefulSet(co *issues.Collector, lister StatefulSetLister) *StatefulSet

NewStatefulSet returns a new sanitizer.

func (*StatefulSet) Sanitize 

func (s *StatefulSet) Sanitize(ctx context.Context) error

Sanitize cleanse the resource.

type StatefulSetLister 

type StatefulSetLister interface {
	PodLimiter
	ConfigLister
	PodSelectorLister
	PodsMetricsLister

	ListStatefulSets() map[string]*appsv1.StatefulSet
	ListServiceAccounts() map[string]*v1.ServiceAccount
}

StatefulSetLister handles statefulsets.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.