-
Notifications
You must be signed in to change notification settings - Fork 51
/
options.go
384 lines (327 loc) · 12.9 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
package monitor
import (
"sync"
"go.aporeto.io/trireme-lib/collector"
"go.aporeto.io/trireme-lib/monitor/config"
"go.aporeto.io/trireme-lib/monitor/extractors"
cnimonitor "go.aporeto.io/trireme-lib/monitor/internal/cni"
dockermonitor "go.aporeto.io/trireme-lib/monitor/internal/docker"
kubernetesmonitor "go.aporeto.io/trireme-lib/monitor/internal/kubernetes"
linuxmonitor "go.aporeto.io/trireme-lib/monitor/internal/linux"
podmonitor "go.aporeto.io/trireme-lib/monitor/internal/pod"
uidmonitor "go.aporeto.io/trireme-lib/monitor/internal/uid"
"go.aporeto.io/trireme-lib/policy"
)
// Options is provided using functional arguments.
type Options func(*config.MonitorConfig)
// CNIMonitorOption is provided using functional arguments.
type CNIMonitorOption func(*cnimonitor.Config)
// UIDMonitorOption is provided using functional arguments.
type UIDMonitorOption func(*uidmonitor.Config)
// DockerMonitorOption is provided using functional arguments.
type DockerMonitorOption func(*dockermonitor.Config)
// KubernetesMonitorOption is provided using functional arguments.
type KubernetesMonitorOption func(*kubernetesmonitor.Config)
// PodMonitorOption is provided using functional arguments.
type PodMonitorOption func(*podmonitor.Config)
// LinuxMonitorOption is provided using functional arguments.
type LinuxMonitorOption func(*linuxmonitor.Config)
// SubOptionMonitorLinuxExtractor provides a way to specify metadata extractor for linux monitors.
func SubOptionMonitorLinuxExtractor(extractor extractors.EventMetadataExtractor) LinuxMonitorOption {
return func(cfg *linuxmonitor.Config) {
cfg.EventMetadataExtractor = extractor
}
}
// SubOptionMonitorLinuxRealeaseAgentPath specifies the path to release agent programmed in cgroup
func SubOptionMonitorLinuxRealeaseAgentPath(releasePath string) LinuxMonitorOption {
return func(cfg *linuxmonitor.Config) {
cfg.ReleasePath = releasePath
}
}
// optionMonitorLinux provides a way to add a linux monitor and related configuration to be used with New().
func optionMonitorLinux(
host bool,
opts ...LinuxMonitorOption,
) Options {
lc := linuxmonitor.DefaultConfig(host, false)
// Collect all docker options
for _, opt := range opts {
opt(lc)
}
return func(cfg *config.MonitorConfig) {
if host {
cfg.Monitors[config.LinuxHost] = lc
} else {
cfg.Monitors[config.LinuxProcess] = lc
}
}
}
// OptionMonitorLinuxHost provides a way to add a linux host monitor and related configuration to be used with New().
func OptionMonitorLinuxHost(
opts ...LinuxMonitorOption,
) Options {
return optionMonitorLinux(true, opts...)
}
// OptionMonitorLinuxProcess provides a way to add a linux process monitor and related configuration to be used with New().
func OptionMonitorLinuxProcess(
opts ...LinuxMonitorOption,
) Options {
return optionMonitorLinux(false, opts...)
}
// SubOptionMonitorCNIExtractor provides a way to specify metadata extractor for CNI monitors.
func SubOptionMonitorCNIExtractor(extractor extractors.EventMetadataExtractor) CNIMonitorOption {
return func(cfg *cnimonitor.Config) {
cfg.EventMetadataExtractor = extractor
}
}
// OptionMonitorCNI provides a way to add a cni monitor and related configuration to be used with New().
func OptionMonitorCNI(
opts ...CNIMonitorOption,
) Options {
cc := cnimonitor.DefaultConfig()
// Collect all docker options
for _, opt := range opts {
opt(cc)
}
return func(cfg *config.MonitorConfig) {
cfg.Monitors[config.CNI] = cc
}
}
// SubOptionMonitorUIDRealeaseAgentPath specifies the path to release agent programmed in cgroup
func SubOptionMonitorUIDRealeaseAgentPath(releasePath string) UIDMonitorOption {
return func(cfg *uidmonitor.Config) {
cfg.ReleasePath = releasePath
}
}
// SubOptionMonitorUIDExtractor provides a way to specify metadata extractor for UID monitors.
func SubOptionMonitorUIDExtractor(extractor extractors.EventMetadataExtractor) UIDMonitorOption {
return func(cfg *uidmonitor.Config) {
cfg.EventMetadataExtractor = extractor
}
}
// OptionMonitorUID provides a way to add a UID monitor and related configuration to be used with New().
func OptionMonitorUID(
opts ...UIDMonitorOption,
) Options {
uc := uidmonitor.DefaultConfig()
// Collect all docker options
for _, opt := range opts {
opt(uc)
}
return func(cfg *config.MonitorConfig) {
cfg.Monitors[config.UID] = uc
}
}
// SubOptionMonitorSSHRealeaseAgentPath specifies the path to release agent programmed in cgroup
func SubOptionMonitorSSHRealeaseAgentPath(releasePath string) LinuxMonitorOption {
return func(cfg *linuxmonitor.Config) {
cfg.ReleasePath = releasePath
}
}
// SubOptionMonitorSSHExtractor provides a way to specify metadata extractor for SSH monitors.
func SubOptionMonitorSSHExtractor(extractor extractors.EventMetadataExtractor) LinuxMonitorOption {
return func(cfg *linuxmonitor.Config) {
cfg.EventMetadataExtractor = extractor
}
}
// OptionMonitorSSH provides a way to add a SSH monitor and related configuration to be used with New().
func OptionMonitorSSH(
opts ...LinuxMonitorOption,
) Options {
sshc := linuxmonitor.DefaultConfig(false, true)
// Collect all docker options
for _, opt := range opts {
opt(sshc)
}
return func(cfg *config.MonitorConfig) {
cfg.Monitors[config.SSH] = sshc
}
}
// SubOptionMonitorDockerExtractor provides a way to specify metadata extractor for docker.
func SubOptionMonitorDockerExtractor(extractor extractors.DockerMetadataExtractor) DockerMonitorOption {
return func(cfg *dockermonitor.Config) {
cfg.EventMetadataExtractor = extractor
}
}
// SubOptionMonitorDockerSocket provides a way to specify socket info for docker.
func SubOptionMonitorDockerSocket(socketType, socketAddress string) DockerMonitorOption {
return func(cfg *dockermonitor.Config) {
cfg.SocketType = socketType
cfg.SocketAddress = socketAddress
}
}
// SubOptionMonitorDockerFlags provides a way to specify configuration flags info for docker.
func SubOptionMonitorDockerFlags(syncAtStart, killContainerOnPolicyError bool) DockerMonitorOption {
return func(cfg *dockermonitor.Config) {
cfg.KillContainerOnPolicyError = killContainerOnPolicyError
cfg.SyncAtStart = syncAtStart
}
}
// SubOptionMonitorDockerDestroyStoppedContainers sets the option to destroy stopped containers.
func SubOptionMonitorDockerDestroyStoppedContainers(f bool) DockerMonitorOption {
return func(cfg *dockermonitor.Config) {
cfg.DestroyStoppedContainers = f
}
}
// OptionMonitorDocker provides a way to add a docker monitor and related configuration to be used with New().
func OptionMonitorDocker(opts ...DockerMonitorOption) Options {
dc := dockermonitor.DefaultConfig()
// Collect all docker options
for _, opt := range opts {
opt(dc)
}
return func(cfg *config.MonitorConfig) {
cfg.Monitors[config.Docker] = dc
}
}
// OptionMonitorKubernetes provides a way to add a docker monitor and related configuration to be used with New().
func OptionMonitorKubernetes(opts ...KubernetesMonitorOption) Options {
kc := kubernetesmonitor.DefaultConfig()
// Collect all docker options
for _, opt := range opts {
opt(kc)
}
return func(cfg *config.MonitorConfig) {
cfg.Monitors[config.Kubernetes] = kc
}
}
// SubOptionMonitorKubernetesKubeconfig provides a way to specify a kubeconfig to use to connect to Kubernetes.
// In case of an in-cluter config, leave the kubeconfig field blank
func SubOptionMonitorKubernetesKubeconfig(kubeconfig string) KubernetesMonitorOption {
return func(cfg *kubernetesmonitor.Config) {
cfg.Kubeconfig = kubeconfig
}
}
// SubOptionMonitorKubernetesNodename provides a way to specify the kubernetes node name.
// This is useful for filtering
func SubOptionMonitorKubernetesNodename(nodename string) KubernetesMonitorOption {
return func(cfg *kubernetesmonitor.Config) {
cfg.Nodename = nodename
}
}
// SubOptionMonitorKubernetesHostPod provides a way to specify if we want to activate Pods launched in host mode.
func SubOptionMonitorKubernetesHostPod(enableHostPods bool) KubernetesMonitorOption {
return func(cfg *kubernetesmonitor.Config) {
cfg.EnableHostPods = enableHostPods
}
}
// SubOptionMonitorKubernetesExtractor provides a way to specify metadata extractor for Kubernetes
func SubOptionMonitorKubernetesExtractor(extractor extractors.KubernetesMetadataExtractorType) KubernetesMonitorOption {
return func(cfg *kubernetesmonitor.Config) {
cfg.KubernetesExtractor = extractor
}
}
// SubOptionMonitorKubernetesDockerExtractor provides a way to specify metadata extractor for docker.
func SubOptionMonitorKubernetesDockerExtractor(extractor extractors.DockerMetadataExtractor) KubernetesMonitorOption {
return func(cfg *kubernetesmonitor.Config) {
cfg.DockerExtractor = extractor
}
}
// OptionMonitorPod provides a way to add a Pod monitor and related configuration to be used with New().
func OptionMonitorPod(opts ...PodMonitorOption) Options {
kc := podmonitor.DefaultConfig()
// Collect all docker options
for _, opt := range opts {
opt(kc)
}
return func(cfg *config.MonitorConfig) {
cfg.Monitors[config.Pod] = kc
}
}
// SubOptionMonitorPodKubeconfig provides a way to specify a kubeconfig to use to connect to Kubernetes.
// In case of an in-cluter config, leave the kubeconfig field blank
func SubOptionMonitorPodKubeconfig(kubeconfig string) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.Kubeconfig = kubeconfig
}
}
// SubOptionMonitorPodNodename provides a way to specify the kubernetes node name.
// This is useful for filtering
func SubOptionMonitorPodNodename(nodename string) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.Nodename = nodename
}
}
// SubOptionMonitorPodActivateHostPods provides a way to specify if we want to activate Pods launched in host mode.
func SubOptionMonitorPodActivateHostPods(enableHostPods bool) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.EnableHostPods = enableHostPods
}
}
// SubOptionMonitorPodWorkers provides a way to specify the maximum number of workers that are used in the controller.
func SubOptionMonitorPodWorkers(workers int) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.Workers = workers
}
}
// SubOptionMonitorPodMetadataExtractor provides a way to specify metadata extractor for Kubernetes
func SubOptionMonitorPodMetadataExtractor(extractor extractors.PodMetadataExtractor) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.MetadataExtractor = extractor
}
}
// SubOptionMonitorSandboxExtractor provides a way to specify metadata extractor for Kubernetes
func SubOptionMonitorSandboxExtractor(extractor extractors.PodSandboxExtractor) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.SandboxExtractor = extractor
}
}
// SubOptionMonitorPodNetclsProgrammer provides a way to program the net_cls cgroup for host network pods in Kubernetes
func SubOptionMonitorPodNetclsProgrammer(netclsprogrammer extractors.PodNetclsProgrammer) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.NetclsProgrammer = netclsprogrammer
}
}
// SubOptionMonitorPodPidsSetMaxProcsProgrammer provides a way to program the pids cgroup for pods in Kubernetes
func SubOptionMonitorPodPidsSetMaxProcsProgrammer(pidsprogrammer extractors.PodPidsSetMaxProcsProgrammer) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.PidsSetMaxProcsProgrammer = pidsprogrammer
}
}
// SubOptionMonitorPodResetNetcls provides a way to reset all net_cls cgroups on resync
func SubOptionMonitorPodResetNetcls(resetnetcls extractors.ResetNetclsKubepods) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.ResetNetcls = resetnetcls
}
}
// SubOptionMonitorPodResetNetcls provides a way to reset all net_cls cgroups on resync
func SubOptionMonitorPodDeleteControllerGetRetryCounter(getRetryCounter uint8) PodMonitorOption {
return func(cfg *podmonitor.Config) {
cfg.DeleteControllerGetRetryCounter = getRetryCounter
}
}
// OptionMergeTags provides a way to add merge tags to be used with New().
func OptionMergeTags(tags []string) Options {
return func(cfg *config.MonitorConfig) {
cfg.MergeTags = tags
cfg.Common.MergeTags = tags
}
}
// OptionResyncLock provide a shared lock between monitors if the monitor desires to sync with other components during PU resync at startup
func OptionResyncLock(resyncLock *sync.RWMutex) Options {
return func(cfg *config.MonitorConfig) {
cfg.Common.ResyncLock = resyncLock
}
}
// OptionCollector provide a way to add to the docker monitor the collector instance
func OptionCollector(c collector.EventCollector) Options {
return func(cfg *config.MonitorConfig) {
cfg.Common.Collector = c
}
}
// OptionPolicyResolver provides a way to add to the docker monitor the policy resolver instance
func OptionPolicyResolver(p policy.Resolver) Options {
return func(cfg *config.MonitorConfig) {
cfg.Common.Policy = p
}
}
// NewMonitor provides a configuration for monitors.
func NewMonitor(opts ...Options) *config.MonitorConfig {
cfg := &config.MonitorConfig{
Monitors: make(map[config.Type]interface{}),
}
for _, opt := range opts {
opt(cfg)
}
return cfg
}