kubebench

package

v0.15.15 Latest Latest Go to latest Published: Oct 9, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/khulnasoft-lab/starboard

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kubebench provides primitives for working with CIS Kubernetes benchmarks.

Index ¶

type Builder
- func NewBuilder(scheme *runtime.Scheme) *Builder
type Config
type Plugin
- func NewKubeBenchPlugin(clock ext.Clock, config Config) Plugin
type ReadWriter
- func NewReadWriter(client client.Client) ReadWriter
type Reader
type Scanner
- func NewScanner(scheme *runtime.Scheme, clientset kubernetes.Interface, plugin Plugin, ...) *Scanner
- func (s *Scanner) Scan(ctx context.Context, node corev1.Node) (v1alpha1.CISKubeBenchReport, error)
type Writer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Builder ¶

type Builder struct {
	// contains filtered or unexported fields
}

func NewBuilder ¶

func NewBuilder(scheme *runtime.Scheme) *Builder

func (*Builder) Controller ¶

func (b *Builder) Controller(controller metav1.Object) *Builder

func (*Builder) Data ¶

func (b *Builder) Data(data v1alpha1.CISKubeBenchReportData) *Builder

func (*Builder) Get ¶

func (b *Builder) Get() (v1alpha1.CISKubeBenchReport, error)

type Config ¶

type Config interface {
	GetKubeBenchImageRef() (string, error)
}

type Plugin ¶

type Plugin interface {

	// GetScanJobSpec describes the pod that will be created by Starboard when
	// it schedules a Kubernetes job to audit the configuration of the specified
	// node.
	GetScanJobSpec(node corev1.Node) (corev1.PodSpec, error)

	// ParseCISKubeBenchReportData is a callback to parse and convert logs of
	// the pod controlled by the scan job to v1alpha1.CISKubeBenchReportData.
	ParseCISKubeBenchReportData(logsStream io.ReadCloser) (v1alpha1.CISKubeBenchReportData, error)

	GetContainerName() string
}

Plugin defines the interface between Starboard and Kubernetes configuration checker with CIS Kubernetes Benchmarks.

func NewKubeBenchPlugin ¶

func NewKubeBenchPlugin(clock ext.Clock, config Config) Plugin

NewKubeBenchPlugin constructs a new Plugin, which is using an official Kube-Bench container image, with the specified Config.

type ReadWriter ¶

type ReadWriter interface {
	Writer
	Reader
}

func NewReadWriter ¶

func NewReadWriter(client client.Client) ReadWriter

type Reader ¶

type Reader interface {
	FindByOwner(ctx context.Context, node kube.ObjectRef) (*v1alpha1.CISKubeBenchReport, error)
}

type Scanner ¶

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner ¶

func NewScanner(
	scheme *runtime.Scheme,
	clientset kubernetes.Interface,
	plugin Plugin,
	config starboard.ConfigData,
	opts kube.ScannerOpts,
) *Scanner

func (*Scanner) Scan ¶

func (s *Scanner) Scan(ctx context.Context, node corev1.Node) (v1alpha1.CISKubeBenchReport, error)

type Writer ¶

type Writer interface {
	Write(ctx context.Context, report v1alpha1.CISKubeBenchReport) error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL