# Custodian Kubernetes Support
Cloud Custodian can run policies directly inside your cluster, reporting on
resources that violate those policies, or blocking them altogether.
## Running the server
c7n-kates can be run and installed via poetry. `poetry install && poetry run c7n-kates`.
| name | default | description |
|----------------|-----------|--------------------------------------------------------------|
| --host | 127.0.0.1 | (optional) The host that the server should listen on. |
| --port | 8800 | (optional) The port the server will listen on. |
| --policy-dir | | Path to the policy directory. |
| --on-exception | warn | Action to take on an internal exception. One of: warn, deny. |
| --cert | | Path to the certificate. |
| --ca-cert | | Path to the CA's certificate. |
| --cert-key | | Path to the certificate's key. |
## Generate a MutatingWebhookConfiguration
After the server is running, you'll need to configure and install the
MutatingWebhookConfiguration manually. To generate a webhook configuration, you
can run `poetry run c7n-kates --generate --endpoint $ENDPOINT_URL --policy-dir $DIR`, and
it will generate an appropriate configuration for you, based on your policies.
Note: some modification of the webhook configuration may be required. See the
[documentation](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/)
on webhooks for more configuration.
## Development
You can use [skaffold](https://github.com/GoogleContainerTools/skaffold/) to
assist with testing and debugging this controller. Run `skaffold dev` in this
folder to deploy the local container into a local kubernetes cluster. It will
automatically redeploy it as files change.
Raw data
{
"_id": null,
"home_page": "https://cloudcustodian.io",
"name": "c7n-kube",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Cloud Custodian Project",
"author_email": null,
"download_url": null,
"platform": null,
"description": "# Custodian Kubernetes Support\n\nCloud Custodian can run policies directly inside your cluster, reporting on \nresources that violate those policies, or blocking them altogether.\n\n## Running the server\n\nc7n-kates can be run and installed via poetry. `poetry install && poetry run c7n-kates`. \n\n| name | default | description |\n|----------------|-----------|--------------------------------------------------------------|\n| --host | 127.0.0.1 | (optional) The host that the server should listen on. |\n| --port | 8800 | (optional) The port the server will listen on. |\n| --policy-dir | | Path to the policy directory. |\n| --on-exception | warn | Action to take on an internal exception. One of: warn, deny. |\n| --cert | | Path to the certificate. | \n| --ca-cert | | Path to the CA's certificate. |\n| --cert-key | | Path to the certificate's key. |\n\n## Generate a MutatingWebhookConfiguration\n\nAfter the server is running, you'll need to configure and install the \nMutatingWebhookConfiguration manually. To generate a webhook configuration, you\ncan run `poetry run c7n-kates --generate --endpoint $ENDPOINT_URL --policy-dir $DIR`, and \nit will generate an appropriate configuration for you, based on your policies.\n\nNote: some modification of the webhook configuration may be required. See the \n[documentation](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) \non webhooks for more configuration.\n\n## Development\n\nYou can use [skaffold](https://github.com/GoogleContainerTools/skaffold/) to \nassist with testing and debugging this controller. Run `skaffold dev` in this\nfolder to deploy the local container into a local kubernetes cluster. It will \nautomatically redeploy it as files change.\n\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Cloud Custodian - Kubernetes Provider",
"version": "0.2.34",
"project_urls": {
"Documentation": "https://cloudcustodian.io/docs/",
"Homepage": "https://cloudcustodian.io",
"Repository": "https://github.com/cloud-custodian/cloud-custodian"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0e8c7a7f60b830187c9b570d0c99abca7927088dd6ad939dcfe95106c9ab2bef",
"md5": "ba0414cc031156007feb997b2a210094",
"sha256": "b6cceb24867e1adc3200412472a5d79808a5fd481e2de926a0e46c019491c0a6"
},
"downloads": -1,
"filename": "c7n_kube-0.2.34-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ba0414cc031156007feb997b2a210094",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.8",
"size": 25920,
"upload_time": "2024-03-26T21:21:33",
"upload_time_iso_8601": "2024-03-26T21:21:33.261149Z",
"url": "https://files.pythonhosted.org/packages/0e/8c/7a7f60b830187c9b570d0c99abca7927088dd6ad939dcfe95106c9ab2bef/c7n_kube-0.2.34-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-26 21:21:33",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cloud-custodian",
"github_project": "cloud-custodian",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"lcname": "c7n-kube"
}
JSON
