resources

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package resources provides instance default configurations and resource generators for all supported controller types.

Index

Constants

View Source 
const (
	// FalcosidekickUITypeName is the type name for the Falcosidekick UI component.
	FalcosidekickUITypeName = "falcosidekick-ui"

	// DefaultRedisAddress is the default Redis service address.
	// Users must provide a Redis instance at this address, or override via podTemplateSpec.
	DefaultRedisAddress = "falcosidekick-ui-redis:6379"
)
View Source 
const (
	// ResourceTypeDeployment is the resource type for Deployment.
	ResourceTypeDeployment string = "Deployment"
	// ResourceTypeDaemonSet is the resource type for DaemonSet.
	ResourceTypeDaemonSet string = "DaemonSet"
)
View Source 
const (
	// FalcoTypeName is the type name for the Falco instance.
	FalcoTypeName = "falco"
)
View Source 
const (
	// FalcosidekickTypeName is the type name for the Falcosidekick component.
	FalcosidekickTypeName = "falcosidekick"
)
View Source 
const (
	// MetacollectorTypeName is the type name for the metacollector instance.
	MetacollectorTypeName = "metacollector"
)

Variables

View Source 
var FalcoDefaults = &InstanceDefaults{
	ResourceType:         ResourceTypeDaemonSet,
	Replicas:             new(int32(1)),
	ContainerName:        "falco",
	SidecarContainerName: "artifact-operator",
	ImageRepository:      image.Registry + "/" + image.Repository + "/" + image.FalcoImage,
	ImageTag:             image.FalcoTag,
	DefaultArgs:          []string{"/usr/bin/falco"},
	ImagePullPolicy:      corev1.PullIfNotPresent,
	DefaultPorts: []corev1.ContainerPort{
		{ContainerPort: 8765, Name: "web", Protocol: corev1.ProtocolTCP},
	},
	StartupProbe: &corev1.Probe{
		InitialDelaySeconds: 3,
		TimeoutSeconds:      5,
		PeriodSeconds:       5,
		FailureThreshold:    20,
		SuccessThreshold:    1,
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/healthz",
				Port: intstr.FromInt32(8765),
			},
		},
	},
	DefaultResources: corev1.ResourceRequirements{
		Limits: corev1.ResourceList{
			corev1.ResourceCPU:    resource.MustParse("1000m"),
			corev1.ResourceMemory: resource.MustParse("1024Mi"),
		},
		Requests: corev1.ResourceList{
			corev1.ResourceCPU:    resource.MustParse("100m"),
			corev1.ResourceMemory: resource.MustParse("512Mi"),
		},
	},
	LivenessProbe: &corev1.Probe{
		InitialDelaySeconds: 0,
		TimeoutSeconds:      5,
		PeriodSeconds:       15,
		FailureThreshold:    3,
		SuccessThreshold:    1,
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/healthz",
				Port: intstr.FromInt32(8765),
			},
		},
	},
	ReadinessProbe: &corev1.Probe{
		InitialDelaySeconds: 0,
		TimeoutSeconds:      5,
		PeriodSeconds:       15,
		FailureThreshold:    3,
		SuccessThreshold:    1,
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/healthz",
				Port: intstr.FromInt32(8765),
			},
		},
	},
	SecurityContext: &corev1.SecurityContext{
		Privileged: new(true),
	},
	EnvVars: []corev1.EnvVar{
		{Name: "HOST_ROOT", Value: "/host"},
		{
			Name: "FALCO_HOSTNAME",
			ValueFrom: &corev1.EnvVarSource{
				FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "spec.nodeName"},
			},
		},
		{
			Name: "FALCO_K8S_NODE_NAME",
			ValueFrom: &corev1.EnvVarSource{
				FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "spec.nodeName"},
			},
		},
	},
	Tolerations: []corev1.Toleration{
		{Key: "node-role.kubernetes.io/master", Effect: corev1.TaintEffectNoSchedule},
		{Key: "node-role.kubernetes.io/control-plane", Effect: corev1.TaintEffectNoSchedule},
	},
	ServicePorts: []corev1.ServicePort{
		{Name: "web", Protocol: corev1.ProtocolTCP, Port: 8765, TargetPort: intstr.FromInt32(8765)},
	},
	ClusterRoleRules: []rbacv1.PolicyRule{
		{
			APIGroups: []string{""},
			Resources: []string{"nodes"},
			Verbs:     []string{"get", "list", "watch"},
		},
	},
	RoleRules: []rbacv1.PolicyRule{
		{
			APIGroups: []string{""},
			Resources: []string{"configmaps"},
			Verbs:     []string{"get", "list", "watch"},
		},
		{
			APIGroups: []string{"events.k8s.io"},
			Resources: []string{"events"},
			Verbs:     []string{"create", "patch"},
		},
		{
			APIGroups: []string{artifactv1alpha1.GroupVersion.Group},
			Resources: []string{"configs", "rulesfiles", "plugins"},
			Verbs:     []string{"get", "list", "watch", "update", "patch"},
		},
		{
			APIGroups: []string{artifactv1alpha1.GroupVersion.Group},
			Resources: []string{"configs/status", "rulesfiles/status", "plugins/status"},
			Verbs:     []string{"get", "update", "patch"},
		},
	},
	VolumeMounts: []corev1.VolumeMount{
		{Name: "root-falco-fs", MountPath: "/root/.falco"},
		{Name: "boot-fs", MountPath: "/host/boot", ReadOnly: true},
		{Name: "lib-modules", MountPath: "/host/lib/modules"},
		{Name: "usr-fs", MountPath: "/host/usr", ReadOnly: true},
		{Name: "proc-fs", MountPath: "/host/proc"},
		{Name: "etc-fs", MountPath: "/host/etc", ReadOnly: true},
		{Name: "dev-fs", MountPath: "/host/dev", ReadOnly: true},
		{Name: "sys-fs", MountPath: "/sys/module"},
		{Name: "docker-socket", MountPath: "/host/var/run/"},
		{Name: "containerd-socket", MountPath: "/host/run/containerd/"},
		{Name: "crio-socket", MountPath: "/host/run/crio/"},
		{Name: "host-containerd-socket", MountPath: "/host/run/host-containerd/"},
		{Name: "k3s-containerd-socket", MountPath: "/host/run/k3s/containerd/"},
		{Name: mounts.ConfigMountName, MountPath: mounts.ConfigDirPath},
		{Name: mounts.RulesfileMountName, MountPath: mounts.RulesfileDirPath},
		{Name: mounts.PluginMountName, MountPath: mounts.PluginDirPath},
	},
	Volumes: []corev1.Volume{
		{Name: "root-falco-fs", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}},
		{Name: "boot-fs", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/boot"}}},
		{Name: "lib-modules", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/lib/modules"}}},
		{Name: "usr-fs", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/usr"}}},
		{Name: "etc-fs", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/etc"}}},
		{Name: "dev-fs", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/dev"}}},
		{Name: "sys-fs", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/sys/module"}}},
		{Name: "docker-socket", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/var/run"}}},
		{Name: "containerd-socket", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/run/containerd"}}},
		{Name: "crio-socket", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/run/crio"}}},
		{Name: "host-containerd-socket", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/run/host-containerd"}}},
		{Name: "k3s-containerd-socket", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/run/k3s/containerd"}}},
		{Name: "proc-fs", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/proc"}}},
		{Name: mounts.ConfigMountName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}},
		{Name: mounts.RulesfileMountName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}},
		{Name: mounts.PluginMountName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}},
	},
	ConfigMapData: map[string]map[string]string{
		"Deployment": {falcoConfigMapKey: deploymentFalcoConfig},
		"DaemonSet":  {falcoConfigMapKey: daemonsetFalcoConfig},
	},
	ConfigMapVolume: &ConfigMapVolumeConfig{
		VolumeName: "falco-config-default",
		MountPath:  "/etc/falco/falco.yaml",
		SubPath:    "falco.yaml",
	},
	SidecarContainers: []corev1.Container{
		{
			Name:            "artifact-operator",
			Image:           version.ArtifactOperatorImage,
			ImagePullPolicy: corev1.PullIfNotPresent,
			RestartPolicy:   &restartPolicy,
			EnvFrom:         []corev1.EnvFromSource{},
			Env: []corev1.EnvVar{
				{
					Name: "POD_NAMESPACE",
					ValueFrom: &corev1.EnvVarSource{
						FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "metadata.namespace"},
					},
				},
				{
					Name: "NODE_NAME",
					ValueFrom: &corev1.EnvVarSource{
						FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "spec.nodeName"},
					},
				},
			},
			VolumeMounts: []corev1.VolumeMount{
				{Name: mounts.ConfigMountName, MountPath: mounts.ConfigDirPath},
				{Name: mounts.RulesfileMountName, MountPath: mounts.RulesfileDirPath},
				{Name: mounts.PluginMountName, MountPath: mounts.PluginDirPath},
			},
			ReadinessProbe: &corev1.Probe{
				InitialDelaySeconds: 5,
				TimeoutSeconds:      5,
				PeriodSeconds:       10,
				FailureThreshold:    3,
				SuccessThreshold:    1,
				ProbeHandler: corev1.ProbeHandler{
					HTTPGet: &corev1.HTTPGetAction{
						Path: "/healthz",
						Port: intstr.FromInt32(8081),
					},
				},
			},
			LivenessProbe: &corev1.Probe{
				InitialDelaySeconds: 15,
				TimeoutSeconds:      5,
				PeriodSeconds:       10,
				FailureThreshold:    3,
				SuccessThreshold:    1,
				ProbeHandler: corev1.ProbeHandler{
					HTTPGet: &corev1.HTTPGetAction{
						Path: "/healthz",
						Port: intstr.FromInt32(8081),
					},
				},
			},
		},
	},
	SupportsDaemonSet: true,
	DeploymentStrategy: &appsv1.DeploymentStrategy{
		Type: appsv1.RollingUpdateDeploymentStrategyType,
	},
	DaemonSetUpdateStrategy: &appsv1.DaemonSetUpdateStrategy{
		Type: appsv1.RollingUpdateDaemonSetStrategyType,
	},
}

FalcoDefaults holds the default configuration for the Falco instance type.

View Source 
var FalcosidekickDefaults = &InstanceDefaults{
	ResourceType:    ResourceTypeDeployment,
	Replicas:        new(int32(2)),
	ContainerName:   "falcosidekick",
	ImageRepository: image.Registry + "/" + image.Repository + "/" + image.FalcosidekickImage,
	ImageTag:        image.FalcosidekickTag,
	ImagePullPolicy: corev1.PullIfNotPresent,
	DefaultPorts: []corev1.ContainerPort{
		{ContainerPort: 2801, Name: "http", Protocol: corev1.ProtocolTCP},
	},
	LivenessProbe: &corev1.Probe{
		InitialDelaySeconds: 10,
		TimeoutSeconds:      5,
		PeriodSeconds:       5,
		FailureThreshold:    3,
		SuccessThreshold:    1,
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/ping",
				Port: intstr.FromString("http"),
			},
		},
	},
	ReadinessProbe: &corev1.Probe{
		InitialDelaySeconds: 10,
		TimeoutSeconds:      5,
		PeriodSeconds:       5,
		FailureThreshold:    3,
		SuccessThreshold:    1,
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/ping",
				Port: intstr.FromString("http"),
			},
		},
	},
	PodSecurityContext: &corev1.PodSecurityContext{
		RunAsUser:  new(int64(1234)),
		RunAsGroup: new(int64(1234)),
		FSGroup:    new(int64(1234)),
	},
	ServicePorts: []corev1.ServicePort{
		{Name: "http", Protocol: corev1.ProtocolTCP, Port: 2801, TargetPort: intstr.FromString("http")},
	},

	RoleRules: []rbacv1.PolicyRule{
		{
			APIGroups: []string{""},
			Resources: []string{"endpoints"},
			Verbs:     []string{"get"},
		},
	},
	SupportsDaemonSet: false,
	DeploymentStrategy: &appsv1.DeploymentStrategy{
		Type: appsv1.RollingUpdateDeploymentStrategyType,
	},
}

FalcosidekickDefaults holds the default configuration for the Falcosidekick component.

View Source 
var FalcosidekickUIDefaults = &InstanceDefaults{
	ResourceType:    ResourceTypeDeployment,
	Replicas:        new(int32(2)),
	ContainerName:   "falcosidekick-ui",
	ImageRepository: image.Registry + "/" + image.Repository + "/" + image.FalcosidekickUIImage,
	ImageTag:        image.FalcosidekickUITag,
	DefaultArgs:     []string{"-r", DefaultRedisAddress},
	ImagePullPolicy: corev1.PullIfNotPresent,
	DefaultPorts: []corev1.ContainerPort{
		{ContainerPort: 2802, Name: "http", Protocol: corev1.ProtocolTCP},
	},
	LivenessProbe: &corev1.Probe{
		InitialDelaySeconds: 10,
		TimeoutSeconds:      5,
		PeriodSeconds:       5,
		FailureThreshold:    3,
		SuccessThreshold:    1,
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/api/v1/healthz",
				Port: intstr.FromString("http"),
			},
		},
	},
	ReadinessProbe: &corev1.Probe{
		InitialDelaySeconds: 10,
		TimeoutSeconds:      5,
		PeriodSeconds:       5,
		FailureThreshold:    3,
		SuccessThreshold:    1,
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/api/v1/healthz",
				Port: intstr.FromString("http"),
			},
		},
	},
	PodSecurityContext: &corev1.PodSecurityContext{
		RunAsUser:  new(int64(1234)),
		RunAsGroup: new(int64(1234)),
		FSGroup:    new(int64(1234)),
	},

	InitContainers: []corev1.Container{
		{
			Name:            "wait-redis",
			Image:           image.RedisRegistry + "/" + image.RedisRepository + "/" + image.RedisImage + ":" + image.RedisTag,
			ImagePullPolicy: corev1.PullIfNotPresent,
			Command:         []string{"sh", "-c"},
			Args: []string{
				`until redis-cli -h "$(echo $REDIS_ADDR | cut -d: -f1)" -p "$(echo $REDIS_ADDR | cut -d: -f2)" ping 2>/dev/null | grep -q PONG; do echo "Waiting for Redis at $REDIS_ADDR..."; sleep 3; done; echo "Redis is ready"`,
			},
			Env: []corev1.EnvVar{
				{Name: "REDIS_ADDR", Value: DefaultRedisAddress},
			},
		},
	},
	ServicePorts: []corev1.ServicePort{
		{Name: "http", Protocol: corev1.ProtocolTCP, Port: 2802, TargetPort: intstr.FromString("http")},
	},
	SupportsDaemonSet: false,
	DeploymentStrategy: &appsv1.DeploymentStrategy{
		Type: appsv1.RollingUpdateDeploymentStrategyType,
	},
}

FalcosidekickUIDefaults holds the default configuration for the Falcosidekick UI component. NOTE: This component requires an external Redis instance. The default configuration expects Redis at "falcosidekick-ui-redis:6379". If Redis is not available, the wait-redis init container will block and the pod will stay in Init:0/1 state. Users can override the Redis address via podTemplateSpec.

View Source 
var MetacollectorDefaults = &InstanceDefaults{
	ResourceType:    ResourceTypeDeployment,
	Replicas:        new(int32(1)),
	ContainerName:   "metacollector",
	ImageRepository: image.Registry + "/" + image.Repository + "/" + image.MetacollectorImage,
	ImageTag:        image.MetacollectorTag,
	DefaultCommand:  []string{"/meta-collector"},
	DefaultArgs:     []string{"run"},
	ImagePullPolicy: corev1.PullIfNotPresent,
	DefaultPorts: []corev1.ContainerPort{
		{Name: "metrics", ContainerPort: 8080, Protocol: corev1.ProtocolTCP},
		{Name: "health-probe", ContainerPort: 8081, Protocol: corev1.ProtocolTCP},
		{Name: "broker-grpc", ContainerPort: 45000, Protocol: corev1.ProtocolTCP},
	},
	DefaultResources: corev1.ResourceRequirements{
		Requests: corev1.ResourceList{
			corev1.ResourceCPU:    resource.MustParse("100m"),
			corev1.ResourceMemory: resource.MustParse("128Mi"),
		},
		Limits: corev1.ResourceList{
			corev1.ResourceCPU:    resource.MustParse("250m"),
			corev1.ResourceMemory: resource.MustParse("256Mi"),
		},
	},
	LivenessProbe: &corev1.Probe{
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/healthz",
				Port: intstr.FromInt32(8081),
			},
		},
		InitialDelaySeconds: 45,
		TimeoutSeconds:      5,
		PeriodSeconds:       15,
	},
	ReadinessProbe: &corev1.Probe{
		ProbeHandler: corev1.ProbeHandler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/readyz",
				Port: intstr.FromInt32(8081),
			},
		},
		InitialDelaySeconds: 30,
		TimeoutSeconds:      5,
		PeriodSeconds:       15,
	},
	SecurityContext: &corev1.SecurityContext{
		AllowPrivilegeEscalation: new(false),
		Capabilities: &corev1.Capabilities{
			Drop: []corev1.Capability{"ALL"},
		},
	},
	PodSecurityContext: &corev1.PodSecurityContext{
		RunAsNonRoot: new(true),
		RunAsUser:    new(int64(1000)),
		RunAsGroup:   new(int64(1000)),
		FSGroup:      new(int64(1000)),
	},
	ServicePorts: []corev1.ServicePort{
		{Name: "metrics", Protocol: corev1.ProtocolTCP, Port: 8080, TargetPort: intstr.FromInt32(8080)},
		{Name: "health-probe", Protocol: corev1.ProtocolTCP, Port: 8081, TargetPort: intstr.FromInt32(8081)},
		{Name: "broker-grpc", Protocol: corev1.ProtocolTCP, Port: 45000, TargetPort: intstr.FromInt32(45000)},
	},
	ClusterRoleRules: []rbacv1.PolicyRule{
		{
			APIGroups: []string{"apps"},
			Resources: []string{"daemonsets", "deployments", "replicasets"},
			Verbs:     []string{"get", "list", "watch"},
		},
		{
			APIGroups: []string{""},
			Resources: []string{"endpoints", "namespaces", "pods", "replicationcontrollers", "services"},
			Verbs:     []string{"get", "list", "watch"},
		},
		{
			APIGroups: []string{"discovery.k8s.io"},
			Resources: []string{"endpointslices"},
			Verbs:     []string{"get", "list", "watch"},
		},
	},
	SupportsDaemonSet: false,
}

MetacollectorDefaults holds the default configuration for the Metacollector instance type.

Functions

func GenerateClusterRole 

func GenerateClusterRole(obj client.Object, defs *InstanceDefaults) runtime.Object

GenerateClusterRole generates a ClusterRole from the given defaults.

func GenerateClusterRoleBinding 

func GenerateClusterRoleBinding(obj client.Object) runtime.Object

GenerateClusterRoleBinding generates a ClusterRoleBinding for the given object.

func GenerateConfigMap 

func GenerateConfigMap(obj client.Object, defs *InstanceDefaults, workloadType string) (runtime.Object, error)

GenerateConfigMap generates a ConfigMap from the given defaults and workload type.

func GenerateRole 

func GenerateRole(obj client.Object, defs *InstanceDefaults) runtime.Object

GenerateRole generates a Role from the given defaults.

func GenerateRoleBinding 

func GenerateRoleBinding(obj client.Object) runtime.Object

GenerateRoleBinding generates a RoleBinding for the given object.

func GenerateService 

func GenerateService(obj client.Object, defs *InstanceDefaults) runtime.Object

GenerateService generates a Service from the given object and defaults.

func GenerateServiceAccount 

func GenerateServiceAccount(obj client.Object) runtime.Object

GenerateServiceAccount generates a ServiceAccount for the given object.

func GenerateUniqueName 

func GenerateUniqueName(name, namespace string) string

GenerateUniqueName creates a unique name from the name and namespace.

func GenerateUserOverlay 

func GenerateUserOverlay(resourceType, name string, defs *InstanceDefaults, opts ...OverlayOption) (*unstructured.Unstructured, error)

GenerateUserOverlay builds a minimal overlay resource from user-defined fields.

func GenerateWorkload 

func GenerateWorkload(resourceType string, meta *metav1.ObjectMeta, defs *InstanceDefaults, nativeSidecar bool) (runtime.Object, error)

GenerateWorkload builds a base Deployment or DaemonSet from defaults and CR params.

func ParseUniqueName 

func ParseUniqueName(uniqueName string) (name, namespace string, err error)

ParseUniqueName reverses the unique name back into the original name and namespace.

Types

type ConfigMapVolumeConfig 

type ConfigMapVolumeConfig struct {
	VolumeName string
	MountPath  string
	SubPath    string
}

ConfigMapVolumeConfig describes how to mount the instance's ConfigMap as a volume. The ConfigMap name is derived from the CR name at runtime.

type InstanceDefaults 

type InstanceDefaults struct {
	// ResourceType is the default workload kind ("Deployment" or "DaemonSet").
	ResourceType string

	// Replicas is the default number of replicas (nil = no default, Kubernetes uses 1).
	Replicas *int32

	// Container
	ContainerName        string
	SidecarContainerName string
	ImageRepository      string
	ImageTag             string
	DefaultCommand       []string
	DefaultArgs          []string
	ImagePullPolicy      corev1.PullPolicy
	DefaultPorts         []corev1.ContainerPort
	DefaultResources     corev1.ResourceRequirements
	StartupProbe         *corev1.Probe
	LivenessProbe        *corev1.Probe
	ReadinessProbe       *corev1.Probe
	SecurityContext      *corev1.SecurityContext
	PodSecurityContext   *corev1.PodSecurityContext
	EnvVars              []corev1.EnvVar

	// Tolerations
	Tolerations []corev1.Toleration

	// Service (nil = no Service created)
	ServicePorts []corev1.ServicePort

	// RBAC (nil = no resource created)
	ClusterRoleRules []rbacv1.PolicyRule
	RoleRules        []rbacv1.PolicyRule

	// Volumes
	Volumes      []corev1.Volume
	VolumeMounts []corev1.VolumeMount

	// ConfigMap (nil = no ConfigMap created).
	// Key is the workload type ("Deployment", "DaemonSet"); value maps file names to content.
	ConfigMapData map[string]map[string]string

	// ConfigMapVolume defines how to mount the instance ConfigMap (nil = no ConfigMap volume).
	ConfigMapVolume *ConfigMapVolumeConfig

	// InitContainers are added as true init containers (run to completion before main).
	InitContainers []corev1.Container

	// Sidecar containers (nil = no sidecar).
	SidecarContainers []corev1.Container

	// SupportsDaemonSet indicates whether this instance type supports DaemonSet workloads.
	SupportsDaemonSet bool

	// DeploymentStrategy is the default deployment strategy (nil = no default).
	DeploymentStrategy *appsv1.DeploymentStrategy

	// DaemonSetUpdateStrategy is the default daemonset update strategy (nil = no default).
	DaemonSetUpdateStrategy *appsv1.DaemonSetUpdateStrategy
}

InstanceDefaults defines all the default configuration for an instance controller. Each instance type (falco, metacollector, etc.) registers its own defaults.

func GetDefaults 

func GetDefaults(typeName string) (*InstanceDefaults, error)

GetDefaults returns the defaults for the given instance type name.

type OverlayOption 

type OverlayOption func(*overlayConfig)

OverlayOption is a functional option for configuring a user overlay.

func GenerateOverlayOptions 

func GenerateOverlayOptions(obj client.Object) []OverlayOption

func WithOverlayLabels 

func WithOverlayLabels(l map[string]string) OverlayOption

WithOverlayLabels sets the labels on the overlay resource metadata.

func WithOverlayPodTemplateSpec 

func WithOverlayPodTemplateSpec(pts *corev1.PodTemplateSpec) OverlayOption

WithOverlayPodTemplateSpec sets the pod template spec on the overlay resource.

func WithOverlayReplicas 

func WithOverlayReplicas(replicas *int32) OverlayOption

WithOverlayReplicas sets the replicas on the overlay resource.

func WithOverlayStrategy 

func WithOverlayStrategy(s *appsv1.DeploymentStrategy) OverlayOption

WithOverlayStrategy sets the deployment strategy on the overlay resource.

func WithOverlayUpdateStrategy 

func WithOverlayUpdateStrategy(s *appsv1.DaemonSetUpdateStrategy) OverlayOption

WithOverlayUpdateStrategy sets the daemonset update strategy on the overlay resource.

func WithOverlayVersion 

func WithOverlayVersion(version *string) OverlayOption

WithOverlayVersion sets the version override on the overlay resource.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.