Documentation
¶
Overview ¶
Package v1alpha1 contains common types used across apis.
Index ¶
Constants ¶
const ( // ConfigMapRulesKey is the standard key used for rules data in ConfigMaps. ConfigMapRulesKey = "rules.yaml" // ConfigMapConfigKey is the standard key used for Falco configuration data in ConfigMaps. ConfigMapConfigKey = "config.yaml" // SecretUsernameKey is the key used for the username in authentication Secrets. SecretUsernameKey = "username" // SecretPasswordKey is the key used for the password (or token) in authentication Secrets. SecretPasswordKey = "password" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConditionType ¶
type ConditionType string
ConditionType represents a Falco condition type. +kubebuilder:validation:MinLength=1
const ( // ConditionAvailable indicates whether enough pods are ready to provide the // service. // The possible status values for this condition type are: // - True: all pods are running and ready, the service is fully available. // - False (reason: Degraded): some pods aren't ready, the service is partially available. // - False: no pods are running, the service is totally unavailable. // - Unknown: the operator couldn't determine the condition status. ConditionAvailable ConditionType = "Available" // ConditionReconciled indicates whether the operator has reconciled the state of // the underlying resources with the object's spec. // The possible status values for this condition type are: // - True: the reconciliation was successful. // - False: the reconciliation failed. // - Unknown: the operator couldn't determine the condition status. ConditionReconciled ConditionType = "Reconciled" // ConditionResolvedRefs indicates whether the references have been successfully resolved. // The possible status values for this condition type are: // - True: all references were resolved successfully. // - False: one or more references could not be resolved. ConditionResolvedRefs ConditionType = "ResolvedRefs" // ConditionProgrammed indicates whether the artifact has been successfully programmed into falco. // The possible status values for this condition type are: // - True: the artifact was programmed successfully. // - False: the artifact could not be programmed. ConditionProgrammed ConditionType = "Programmed" )
func (ConditionType) String ¶ added in v0.2.0
func (c ConditionType) String() string
String returns the string representation of the condition type.
type ConfigMapRef ¶ added in v0.2.0
type ConfigMapRef struct {
// Name is the name of the ConfigMap.
// +kubebuilder:validation:Required
Name string `json:"name"`
}
ConfigMapRef defines the structure for referencing a ConfigMap and a specific key within it. +kubebuilder:object:generate=true
func (*ConfigMapRef) DeepCopy ¶ added in v0.2.0
func (in *ConfigMapRef) DeepCopy() *ConfigMapRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapRef.
func (*ConfigMapRef) DeepCopyInto ¶ added in v0.2.0
func (in *ConfigMapRef) DeepCopyInto(out *ConfigMapRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ImageSpec ¶ added in v0.2.0
type ImageSpec struct {
// Repository is the OCI repository path (e.g. "falcosecurity/rules/falco-rules").
// +kubebuilder:validation:Required
Repository string `json:"repository"`
// Tag is the image tag or digest (e.g. "latest" or "sha256:abc...").
// +kubebuilder:default=latest
Tag string `json:"tag,omitempty"`
}
ImageSpec specifies the OCI image coordinates. +kubebuilder:object:generate=true
func (*ImageSpec) DeepCopy ¶ added in v0.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec.
func (*ImageSpec) DeepCopyInto ¶ added in v0.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OCIArtifact ¶
type OCIArtifact struct {
// Image specifies the OCI image coordinates.
// +kubebuilder:validation:Required
Image ImageSpec `json:"image"`
// Registry contains inline registry configuration for authentication, TLS, and hostname.
// +optional
Registry *RegistryConfig `json:"registry,omitempty"`
}
OCIArtifact defines the structure for specifying an OCI artifact reference. +kubebuilder:object:generate=true
func (*OCIArtifact) DeepCopy ¶
func (in *OCIArtifact) DeepCopy() *OCIArtifact
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCIArtifact.
func (*OCIArtifact) DeepCopyInto ¶
func (in *OCIArtifact) DeepCopyInto(out *OCIArtifact)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistryAuth ¶ added in v0.2.0
type RegistryAuth struct {
// SecretRef references a Secret containing registry credentials.
// +optional
SecretRef *SecretRef `json:"secretRef,omitempty"`
}
RegistryAuth defines authentication configuration for an OCI registry. +kubebuilder:object:generate=true
func (*RegistryAuth) DeepCopy ¶ added in v0.2.0
func (in *RegistryAuth) DeepCopy() *RegistryAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryAuth.
func (*RegistryAuth) DeepCopyInto ¶ added in v0.2.0
func (in *RegistryAuth) DeepCopyInto(out *RegistryAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistryConfig ¶ added in v0.2.0
type RegistryConfig struct {
// Name is the registry hostname (e.g. "ghcr.io").
// +optional
Name string `json:"name,omitempty"`
// Auth contains authentication configuration.
// +optional
Auth *RegistryAuth `json:"auth,omitempty"`
// PlainHTTP allows connections to registries over plain HTTP (no TLS).
// Mutually exclusive with tls.
// +optional
PlainHTTP *bool `json:"plainHTTP,omitempty"`
// TLS contains TLS transport configuration.
// Mutually exclusive with plainHTTP.
// +optional
TLS *TLSConfig `json:"tls,omitempty"`
}
RegistryConfig defines inline registry configuration for an OCI artifact. +kubebuilder:object:generate=true +kubebuilder:validation:XValidation:rule="!(has(self.plainHTTP) && self.plainHTTP && has(self.tls))",message="plainHTTP and tls are mutually exclusive"
func (*RegistryConfig) DeepCopy ¶ added in v0.2.0
func (in *RegistryConfig) DeepCopy() *RegistryConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryConfig.
func (*RegistryConfig) DeepCopyInto ¶ added in v0.2.0
func (in *RegistryConfig) DeepCopyInto(out *RegistryConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRef ¶ added in v0.2.0
type SecretRef struct {
// Name is the name of the Secret containing credentials.
// +kubebuilder:validation:Required
Name string `json:"name"`
}
SecretRef defines a reference to a Secret containing registry credentials. The referenced Secret must contain the keys "username" and "password". The "password" field can also hold an access token. +kubebuilder:object:generate=true
func (*SecretRef) DeepCopy ¶ added in v0.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRef.
func (*SecretRef) DeepCopyInto ¶ added in v0.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSConfig ¶ added in v0.2.0
type TLSConfig struct {
// InsecureSkipVerify disables TLS certificate verification.
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
}
TLSConfig defines TLS transport options for OCI registry communication. +kubebuilder:object:generate=true
func (*TLSConfig) DeepCopy ¶ added in v0.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.
func (*TLSConfig) DeepCopyInto ¶ added in v0.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files