Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Misconfiguration ¶
type Misconfiguration struct {
// contains filtered or unexported fields
}
type NodeCollectorJobController ¶
type NodeCollectorJobController struct { logr.Logger etc.Config kube.ObjectResolver kube.LogsReader tunneloperator.ConfigData tunneloperator.PluginContext configauditreport.PluginInMemory InfraReadWriter infraassessment.ReadWriter tunneloperator.BuildInfo }
NodeCollectorJobController watches Kubernetes jobs generates v1alpha1.ClusterInfraAssessmentReport instances using infra assessment scanner
func (*NodeCollectorJobController) SetupWithManager ¶
func (r *NodeCollectorJobController) SetupWithManager(mgr ctrl.Manager) error
type NodeReconciler ¶
type NodeReconciler struct { logr.Logger etc.Config tunneloperator.ConfigData kube.ObjectResolver tunneloperator.PluginContext configauditreport.PluginInMemory jobs.LimitChecker InfraReadWriter infraassessment.ReadWriter CacheSyncTimeout time.Duration tunneloperator.BuildInfo }
NodeReconciler reconciles corev1.Node and corev1.Job objects
to collect cluster nodes information (fileSystem permission and process arguments) the node information will be evaluated by the complaince control checks per relevant reports, examples: cis-benchmark and nsa
func (*NodeReconciler) SetupWithManager ¶
func (r *NodeReconciler) SetupWithManager(mgr ctrl.Manager) error
type PolicyConfigController ¶
type PolicyConfigController struct { logr.Logger etc.Config kube.ObjectResolver tunneloperator.PluginContext configauditreport.PluginInMemory ClusterVersion string }
PolicyConfigController watches changes on policies config map and generates v1alpha1.ConfigAuditReport instances based on OPA Rego policies as fast as possible.
func (*PolicyConfigController) SetupWithManager ¶
func (r *PolicyConfigController) SetupWithManager(mgr ctrl.Manager) error
type ResourceController ¶
type ResourceController struct { logr.Logger etc.Config tunneloperator.ConfigData kube.ObjectResolver tunneloperator.PluginContext configauditreport.PluginInMemory configauditreport.ReadWriter RbacReadWriter rbacassessment.ReadWriter InfraReadWriter infraassessment.ReadWriter tunneloperator.BuildInfo ClusterVersion string CacheSyncTimeout time.Duration }
ResourceController watches all Kubernetes kinds and generates v1alpha1.ConfigAuditReport instances based on OPA Rego policies as fast as possible.
func (*ResourceController) SetupWithManager ¶
func (r *ResourceController) SetupWithManager(mgr ctrl.Manager) error