Documentation
¶
Overview ¶
Package k8s provides Kubernetes cluster interaction capabilities. This file contains caching functionality for cluster status.
Package k8s provides Kubernetes cluster interaction capabilities. This file contains helper functions for collecting cluster health data.
Package k8s provides Kubernetes cluster interaction capabilities. It handles kubeconfig parsing, cluster discovery, and status monitoring across multiple Kubernetes clusters with support for concurrent operations.
Package k8s provides Kubernetes cluster interaction capabilities. This file defines shared types used by the provider and collectors.
Index ¶
- Constants
- type CachedClusterStatus
- type ClusterInfo
- type ClusterStatus
- type NamespaceSanitizeScore
- type NodeInfo
- type PodInfo
- type Provider
- func (p *Provider) ClearCache()
- func (p *Provider) GetAllClusterStatuses(ctx context.Context) []*ClusterStatus
- func (p *Provider) GetClusterByContext(contextName string) (*ClusterInfo, error)
- func (p *Provider) GetClusterStatus(ctx context.Context, contextName string) (*ClusterStatus, error)
- func (p *Provider) GetClusters() []*ClusterInfo
- func (p *Provider) GetCurrentContext() string
- func (p *Provider) SanitizeCluster(ctx context.Context, contextName, targetNamespace string, includeSystem bool) (*SanitizeResult, error)
- func (p *Provider) SetCacheTTL(ttl time.Duration)
- func (p *Provider) SetCurrentContext(contextName string) error
- type SanitizeFinding
- type SanitizeResult
- type SanitizeSeverity
Constants ¶
const ( // DefaultAPITimeout is the default timeout for Kubernetes API calls DefaultAPITimeout = 30 * time.Second // DiscoveryTimeout is the timeout for discovery API calls (version checks) DiscoveryTimeout = 10 * time.Second )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CachedClusterStatus ¶
type CachedClusterStatus struct {
Status *ClusterStatus
ExpiresAt time.Time
}
CachedClusterStatus holds a cached cluster status with expiration
type ClusterInfo ¶
type ClusterInfo struct {
Name string
Server string
Context string
User string
Namespace string
IsCurrent bool
IsReachable bool
}
ClusterInfo represents information about a Kubernetes cluster
type ClusterStatus ¶
type ClusterStatus struct {
ClusterInfo
Version string
NodeCount int
HealthyNodes int
Nodes []NodeInfo
NamespaceList []string
APIServerURL string
Error string
PodCount int
HealthyPods int
UnhealthyPods []PodInfo
}
ClusterStatus represents detailed status information about a cluster
type NamespaceSanitizeScore ¶ added in v0.4.0
type NamespaceSanitizeScore struct {
Namespace string `json:"namespace"`
Score int `json:"score"`
Grade string `json:"grade"`
Findings []SanitizeFinding `json:"findings"`
}
NamespaceSanitizeScore holds the sanitization score for a single namespace
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider manages Kubernetes cluster information and operations
func NewProvider ¶
NewProvider creates a new Kubernetes provider
func (*Provider) ClearCache ¶
func (p *Provider) ClearCache()
ClearCache clears all cached cluster statuses
func (*Provider) GetAllClusterStatuses ¶
func (p *Provider) GetAllClusterStatuses(ctx context.Context) []*ClusterStatus
GetAllClusterStatuses returns status information for all clusters in parallel
func (*Provider) GetClusterByContext ¶
func (p *Provider) GetClusterByContext(contextName string) (*ClusterInfo, error)
GetClusterByContext returns cluster information for a specific context
func (*Provider) GetClusterStatus ¶
func (*Provider) GetClusters ¶
func (p *Provider) GetClusters() []*ClusterInfo
GetClusters returns a list of all clusters in the kubeconfig
func (*Provider) GetCurrentContext ¶
GetCurrentContext returns the current context name
func (*Provider) SanitizeCluster ¶ added in v0.4.0
func (p *Provider) SanitizeCluster(ctx context.Context, contextName, targetNamespace string, includeSystem bool) (*SanitizeResult, error)
SanitizeCluster inspects all Deployments, StatefulSets, and DaemonSets in the cluster against Kubernetes best-practice and security rules, returning a scored report grouped by namespace. If targetNamespace is non-empty, only that namespace is scanned. If includeSystem is false, system namespaces are excluded from the scan.
func (*Provider) SetCacheTTL ¶
SetCacheTTL sets the cache time-to-live duration
func (*Provider) SetCurrentContext ¶
SetCurrentContext overrides the current context
type SanitizeFinding ¶ added in v0.4.0
type SanitizeFinding struct {
RuleID string `json:"rule_id"`
Severity SanitizeSeverity `json:"severity"`
Workload string `json:"workload"` // namespace/Kind/name
Container string `json:"container"` // container name; empty for pod-level rules
Message string `json:"message"`
Penalty int `json:"penalty"`
}
SanitizeFinding represents a single linting finding for a workload or container
type SanitizeResult ¶ added in v0.4.0
type SanitizeResult struct {
Context string `json:"context"`
Score int `json:"score"`
Grade string `json:"grade"`
TotalWorkloads int `json:"total_workloads"`
TotalFindings int `json:"total_findings"`
CriticalCount int `json:"critical_count"`
MajorCount int `json:"major_count"`
MinorCount int `json:"minor_count"`
Namespaces []NamespaceSanitizeScore `json:"namespaces"`
}
SanitizeResult holds the complete sanitization results for a cluster
type SanitizeSeverity ¶ added in v0.4.0
type SanitizeSeverity string
SanitizeSeverity defines the severity level of a sanitize finding
const ( // SanitizeCritical represents a critical security issue (penalty −10) SanitizeCritical SanitizeSeverity = "critical" // SanitizeMajor represents a major best-practice violation (penalty −5) SanitizeMajor SanitizeSeverity = "major" // SanitizeMinor represents a minor best-practice violation (penalty −2) SanitizeMinor SanitizeSeverity = "minor" )
Source Files