kubernetes/staging/src/k8s.io/kubectl/pkg/cmd/debug/profiles.go

type debugStyle

const ephemeral

const podCopy

const node

const unsupported

const ProfileLegacy

const ProfileGeneral

const ProfileBaseline

const ProfileRestricted

const ProfileNetadmin

const ProfileSysadmin

type ProfileApplier

// NewProfileApplier returns a new Options for the given profile name.
func NewProfileApplier(profile string, kflags KeepFlags) (ProfileApplier, error) {}

type legacyProfile

type generalProfile

type baselineProfile

type restrictedProfile

type netadminProfile

type sysadminProfile

type KeepFlags

// RemoveLabels removes labels from the pod.
func (kflags KeepFlags) RemoveLabels(p *corev1.Pod) {}

// RemoveAnnotations remove annotations from the pod.
func (kflags KeepFlags) RemoveAnnotations(p *corev1.Pod) {}

// RemoveProbes remove probes from all containers of the pod.
func (kflags KeepFlags) RemoveProbes(p *corev1.Pod) {}

// RemoveInitContainers remove initContainers from the pod.
func (kflags KeepFlags) RemoveInitContainers(p *corev1.Pod) {}

func getDebugStyle(pod *corev1.Pod, target runtime.Object) (debugStyle, error) {}

func (p *legacyProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error {}

func (p *generalProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error {}

func (p *baselineProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error {}

func (p *restrictedProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error {}

func (p *netadminProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error {}

func (p *sysadminProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error {}

// mountRootPartition mounts the host's root path at "/host" in the container.
func mountRootPartition(p *corev1.Pod, containerName string) {}

// useHostNamespaces configures the pod to use the host's network, PID, and IPC
// namespaces.
func useHostNamespaces(p *corev1.Pod) {}

// shareProcessNamespace configures all containers in the pod to share the
// process namespace.
func shareProcessNamespace(p *corev1.Pod) {}

// clearSecurityContext clears the security context for the container.
func clearSecurityContext(p *corev1.Pod, containerName string) {}

// setPrivileged configures the containers as privileged.
func setPrivileged(p *corev1.Pod, containerName string) {}

// disallowRoot configures the container to run as a non-root user.
func disallowRoot(p *corev1.Pod, containerName string) {}

// dropCapabilities drops all Capabilities for the container
func dropCapabilities(p *corev1.Pod, containerName string) {}

// allowProcessTracing grants the SYS_PTRACE capability to the container.
func allowProcessTracing(p *corev1.Pod, containerName string) {}

// allowNetadminCapability grants NET_ADMIN and NET_RAW capability to the container.
func allowNetadminCapability(p *corev1.Pod, containerName string) {}

func addCapability(c *corev1.Container, capability corev1.Capability) {}

// disallowPrivilegeEscalation configures the containers not allowed PrivilegeEscalation
func disallowPrivilegeEscalation(p *corev1.Pod, containerName string) {}

// setSeccompProfile apply SeccompProfile to the containers
func setSeccompProfile(p *corev1.Pod, containerName string) {}