Documentation
¶
Index ¶
- Constants
- Variables
- func CalculateHTTPEndpointHash(endpoint *v1beta1.HTTPEndpoint) string
- func CalculateSHA256CallStackHash(callStack v1beta1.IdentifiedCallStack) string
- func GetEndpointIdentifier(request utils.HttpEvent) (string, error)
- func GetNewEndpoint(event utils.HttpEvent, identifier string) (*v1beta1.HTTPEndpoint, error)
- func IsPolicyIncluded(existingPolicy, newPolicy *v1beta1.RulePolicy) bool
- type ContainerEntry
- type ContainerProfileManager
- func (cpm *ContainerProfileManager) ContainerCallback(notif containercollection.PubSubEvent)
- func (cpm *ContainerProfileManager) OnQueueError(_ *v1beta1.ContainerProfile, containerID string, err error)
- func (cpm *ContainerProfileManager) RegisterForContainerEndOfLife(notificationChannel chan *containercollection.Container)
- func (cpm *ContainerProfileManager) ReportCapability(containerID, capability string)
- func (cpm *ContainerProfileManager) ReportDroppedEvent(containerID string)
- func (cpm *ContainerProfileManager) ReportFileExec(containerID string, event utils.ExecEvent)
- func (cpm *ContainerProfileManager) ReportFileOpen(containerID string, event utils.OpenEvent)
- func (cpm *ContainerProfileManager) ReportHTTPEvent(containerID string, event utils.HttpEvent)
- func (cpm *ContainerProfileManager) ReportHardlinkEvent(containerID string, event utils.LinkEvent)
- func (cpm *ContainerProfileManager) ReportIdentifiedCallStack(containerID string, callStack *v1beta1.IdentifiedCallStack)
- func (cpm *ContainerProfileManager) ReportNetworkEvent(containerID string, event utils.NetworkEvent)
- func (cpm *ContainerProfileManager) ReportRulePolicy(containerID, ruleId, allowedProcess string, allowedContainer bool)
- func (cpm *ContainerProfileManager) ReportSymlinkEvent(containerID string, event utils.LinkEvent)
- func (cpm *ContainerProfileManager) ReportSyscall(containerID string, syscall string)
- type Destination
- type EndpointKind
- type NetworkEvent
Constants ¶
View Source
const ( MaxSniffingTimeLabel = "kubescape.io/max-sniffing-time" MaxWaitForAck = 30 * time.Second )
View Source
const ( InternalTrafficType = "internal" ExternalTrafficType = "external" )
Variables ¶
View Source
var ( ErrContainerNotFound = errors.New("container not found") ErrInvalidContainerID = errors.New("invalid container ID") ContainerHasTerminatedError = errors.New("container has terminated") ContainerReachedMaxTime = errors.New("container reached max time") ProfileRequiresSplit = errors.New("profile requires split") )
View Source
var DefaultLabelsToIgnore = map[string]struct{}{
"controller-revision-hash": {},
"pod-template-generation": {},
"pod-template-hash": {},
}
Functions ¶
func CalculateHTTPEndpointHash ¶
func CalculateHTTPEndpointHash(endpoint *v1beta1.HTTPEndpoint) string
func CalculateSHA256CallStackHash ¶
func CalculateSHA256CallStackHash(callStack v1beta1.IdentifiedCallStack) string
func GetNewEndpoint ¶
func IsPolicyIncluded ¶
func IsPolicyIncluded(existingPolicy, newPolicy *v1beta1.RulePolicy) bool
Types ¶
type ContainerEntry ¶
type ContainerEntry struct {
// contains filtered or unexported fields
}
ContainerEntry holds container data with its own mutex for fine-grained locking
type ContainerProfileManager ¶
type ContainerProfileManager struct {
// contains filtered or unexported fields
}
ContainerProfileManager manages container profiles and their lifecycle
func NewContainerProfileManager ¶
func NewContainerProfileManager( ctx context.Context, cfg config.Config, k8sClient k8sclient.K8sClientInterface, k8sObjectCache objectcache.K8sObjectCache, storageClient storage.ProfileCreator, dnsResolverClient dnsmanager.DNSResolver, seccompManager seccompmanager.SeccompManagerClient, enricher containerprofilemanager.Enricher, ruleBindingCache rulebindingmanager.RuleBindingCache, ) (*ContainerProfileManager, error)
NewContainerProfileManager creates a new container profile manager
func (*ContainerProfileManager) ContainerCallback ¶
func (cpm *ContainerProfileManager) ContainerCallback(notif containercollection.PubSubEvent)
ContainerCallback handles container lifecycle events
func (*ContainerProfileManager) OnQueueError ¶
func (cpm *ContainerProfileManager) OnQueueError(_ *v1beta1.ContainerProfile, containerID string, err error)
OnQueueError implements the queue.ErrorCallback interface This method is called by the queue when it encounters ObjectTooLargeError or ObjectCompletedError
func (*ContainerProfileManager) RegisterForContainerEndOfLife ¶
func (cpm *ContainerProfileManager) RegisterForContainerEndOfLife(notificationChannel chan *containercollection.Container)
RegisterForContainerEndOfLife registers a channel to receive notifications when a container reaches its max sniffing time
func (*ContainerProfileManager) ReportCapability ¶
func (cpm *ContainerProfileManager) ReportCapability(containerID, capability string)
ReportCapability reports a capability event for a container
func (*ContainerProfileManager) ReportDroppedEvent ¶
func (cpm *ContainerProfileManager) ReportDroppedEvent(containerID string)
ReportDroppedEvent reports a dropped event (currently just logs)
func (*ContainerProfileManager) ReportFileExec ¶
func (cpm *ContainerProfileManager) ReportFileExec(containerID string, event utils.ExecEvent)
ReportFileExec reports a file execution event for a container
func (*ContainerProfileManager) ReportFileOpen ¶
func (cpm *ContainerProfileManager) ReportFileOpen(containerID string, event utils.OpenEvent)
ReportFileOpen reports a file open event for a container
func (*ContainerProfileManager) ReportHTTPEvent ¶
func (cpm *ContainerProfileManager) ReportHTTPEvent(containerID string, event utils.HttpEvent)
ReportHTTPEvent reports an HTTP event for a container
func (*ContainerProfileManager) ReportHardlinkEvent ¶
func (cpm *ContainerProfileManager) ReportHardlinkEvent(containerID string, event utils.LinkEvent)
ReportHardlinkEvent reports a hardlink creation event for a container
func (*ContainerProfileManager) ReportIdentifiedCallStack ¶
func (cpm *ContainerProfileManager) ReportIdentifiedCallStack(containerID string, callStack *v1beta1.IdentifiedCallStack)
ReportIdentifiedCallStack reports a call stack for a container
func (*ContainerProfileManager) ReportNetworkEvent ¶
func (cpm *ContainerProfileManager) ReportNetworkEvent(containerID string, event utils.NetworkEvent)
ReportNetworkEvent reports a network event for a container
func (*ContainerProfileManager) ReportRulePolicy ¶
func (cpm *ContainerProfileManager) ReportRulePolicy(containerID, ruleId, allowedProcess string, allowedContainer bool)
ReportRulePolicy reports a rule policy for a container
func (*ContainerProfileManager) ReportSymlinkEvent ¶
func (cpm *ContainerProfileManager) ReportSymlinkEvent(containerID string, event utils.LinkEvent)
ReportSymlinkEvent reports a symlink creation event for a container
func (*ContainerProfileManager) ReportSyscall ¶ added in v0.3.3
func (cpm *ContainerProfileManager) ReportSyscall(containerID string, syscall string)
type Destination ¶
type Destination struct {
Namespace string
Name string
Kind EndpointKind
PodLabels string
IPAddress string
}
type EndpointKind ¶
type EndpointKind string
const ( EndpointKindPod EndpointKind = "pod" EndpointKindService EndpointKind = "svc" EndpointKindRaw EndpointKind = "raw" )
type NetworkEvent ¶
type NetworkEvent struct {
Port uint16
PktType string
Protocol string
PodLabels string
Destination Destination
}
func (*NetworkEvent) GetDestinationPodLabels ¶
func (ne *NetworkEvent) GetDestinationPodLabels() map[string]string
GetDestinationPodLabels returns a map of pod labels from the string in the network event. The labels are saved separated by commas, so we need to split them
func (*NetworkEvent) SetDestinationPodLabels ¶
func (ne *NetworkEvent) SetDestinationPodLabels(podLabels map[string]string)
func (*NetworkEvent) SetPodLabels ¶
func (ne *NetworkEvent) SetPodLabels(podLabels map[string]string)
func (*NetworkEvent) String ¶
func (ne *NetworkEvent) String() string
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.