workload

package

v0.0.0-...-46fbbb1 Latest Latest Go to latest Published: Feb 19, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vmware-tanzu/cloud-native-security-inspector

Links

Open Source Insights

Documentation ¶

Overview ¶

Constants ¶

View Source

const (
	// Deployment represents the Deployment workload.
	Deployment = "Deployment"
	// ReplicaSet represents the ReplicaSet workload.
	ReplicaSet = "ReplicaSet"
	// StatefulSet represents the StatefulSet workload.
	StatefulSet = "StatefulSet"
	// DaemonSet represents the DaemonSet workload.
	DaemonSet = "DaemonSet"
	// CronJob represents the CronJob workload.
	CronJob = "CronJob"
	// Job represents the Job workload.
	Job = "Job"
)

Variables ¶

View Source

var AllWorkloads = []string{
	Deployment,
	ReplicaSet,
	StatefulSet,
	DaemonSet,
	CronJob,
	Job,
}

AllWorkloads ...

Functions ¶

This section is empty.

Types ¶

type Collector ¶

type Collector interface {
	// CollectNamespaces scans all the namespaces matching the selector and
	// excluded by the skips slice.
	CollectNamespaces(ctx context.Context, selector *metav1.LabelSelector, skips []string) ([]corev1.ObjectReference, error)
	// CollectWorkloads scans all the workloads that matches the selector under the namespace.
	CollectWorkloads(ctx context.Context, namespace corev1.LocalObjectReference, selector *metav1.LabelSelector) ([]*Workload, error)
	// CollectOtherResource scans any kind resource that matches the selector under the namespace.
	CollectOtherResource(ctx context.Context, namespace corev1.LocalObjectReference, selector *metav1.LabelSelector, list client.ObjectList) error
}

Collector used to scan workloads of the cluster.

type Container ¶

type Container struct {
	// Name of the container.
	Name string `json:"name"`
	// ID of the container.
	ID string `json:"id"`
	// Image of the container.
	Image string `json:"image"`
	// ImageID of the container.
	ImageID string `json:"imageID"`
	// IsInit indicate if the container is an init container.
	IsInit bool `json:"isInit"`
	// VacProductMeta
	VacAssessment *VacProductInfo `json:"vacAssessment,omitempty"`
	// Info from Trivy Scanner
	TrivyReport *trivy.CNSIReport `json:"trivyReport,omitempty"`
}

Container for representing kubernetes Container.

type DefaultCollector ¶

type DefaultCollector struct {
	client.Client
	// contains filtered or unexported fields
}

DefaultCollector implements the interface Collector

func (*DefaultCollector) CollectNamespaces ¶

func (dc *DefaultCollector) CollectNamespaces(ctx context.Context, selector *metav1.LabelSelector, skips []string) ([]corev1.ObjectReference, error)

CollectNamespaces implements inspection.Collectner.

func (*DefaultCollector) CollectOtherResource ¶

func (dc *DefaultCollector) CollectOtherResource(ctx context.Context, namespace corev1.LocalObjectReference,
	selector *metav1.LabelSelector, list client.ObjectList) error

CollectOtherResource implements inspection.Collectner.

func (*DefaultCollector) CollectWorkloads ¶

func (dc *DefaultCollector) CollectWorkloads(ctx context.Context, namespace corev1.LocalObjectReference, selector *metav1.LabelSelector) ([]*Workload, error)

CollectWorkloads implements inspection.Collectner.

func (*DefaultCollector) Complete ¶

func (dc *DefaultCollector) Complete() Collector

Complete returns the collector interface.

func (*DefaultCollector) UseClient ¶

func (dc *DefaultCollector) UseClient(client client.Client) *DefaultCollector

UseClient uses the client.

func (*DefaultCollector) WithScheme ¶

func (dc *DefaultCollector) WithScheme(scheme *runtime.Scheme) *DefaultCollector

WithScheme sets schema.

type DeprecationPolicy ¶

type DeprecationPolicy struct {
	// Effective date since which the deprecation policy will take effect.
	DeprecationDate string `json:"deprecation_date"`
	// Period of time in days **after** the deprecation date in which the support for the catalog item, might be reduced instead of being completely removed.
	GracePeriodDays *int32 `json:"gracePeriodDays,omitempty"`
	// Sentence explaining why the deprecation policy is set.
	Reason *string `json:"reason,omitempty"`
	// Sentence pointing to alternatives to the deprecated resource.
	Alternative *string `json:"alternative,omitempty"`
}

DeprecationPolicy VMWare Application Catalog Product's deprecation policy information.

type NonSupportPolicy ¶

type NonSupportPolicy struct {
	// Human-readable name for the non-support policy.
	Name string `json:"name"`
	// Sentence explaining why the non-support policy is set.
	Reason string `json:"reason"`
}

NonSupportPolicy VMWare Application Catalog Product's non-support policy information.

type Pod ¶

type Pod struct {
	corev1.ObjectReference `json:"metadata"`
	// Containers of the pod.
	Containers []*Container `json:"containers"`
}

Pod for representing kubernetes Pod.

type VacProductInfo ¶

type VacProductInfo struct {
	Trusted bool `json:"trusted"`
	// Product name from VMWare Application Catalog
	Name *string `json:"name,omitempty"`
	// Product branch from VMWare Application Catalog
	Branch *string `json:"branch,omitempty"`
	// Product version from VMWare Application Catalog
	Version *string `json:"version,omitempty"`
	// Product revision from VMWare Application Catalog
	Revision *string `json:"revision,omitempty"`
	// The date-time which the product was released at
	ReleasedAt *time.Time `json:"releasedAt,omitempty"`
	// Last release version of product
	LastVersionReleased *string `json:"lastVersionReleased,omitempty"`
	// Newer branches available for product
	NewerBranchesAvailable []string           `json:"newerBranchesAvailable,omitempty"`
	DeprecationPolicy      *DeprecationPolicy `json:"deprecationPolicy,omitempty"`
	NonsupportPolicy       *NonSupportPolicy  `json:"nonSupportPolicy,omitempty"`
	// The status of the product in the catalog. Available values are DRAFT, ACTIVE, SCHEDULED_DEPRECATION, DEPRECATION_GRACE_PERIOD, DEPRECATED, NON_SUPPORTED
	Status *string `json:"status,omitempty"`
}

VacProductInfo for representing VacProductInfo for an image

type Workload ¶

type Workload struct {
	// For pure Pod, no object reference.
	corev1.ObjectReference `json:"metadata"`
	// Pods of this workload.
	Pods []*Pod `json:"pods"`
}

Workload is the kubernetes workload, including: Deployment,ReplicaSet,StatefulSet,DaemonSet,CronJob and Job. The workload is described with the following structure: workload -> pod -> containers (+images) For the kubernetes native resources, use ObjectReference to refer.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL