Metadata-Version: 2.1
Name: c7n-kube
Version: 0.2.20
Summary: Cloud Custodian - Kubernetes Provider
Author: Cloud Custodian Project
Author-email: cloud-custodian@googlegroups.com
License: Apache-2.0
Project-URL: Homepage, https://cloudcustodian.io
Project-URL: Documentation, https://cloudcustodian.io/docs/
Project-URL: Source, https://github.com/cloud-custodian/cloud-custodian
Project-URL: Issue Tracker, https://github.com/cloud-custodian/cloud-custodian/issues
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: System :: Distributed Computing
Requires-Python: >=3.7,<4.0
Description-Content-Type: text/markdown
Requires-Dist: argcomplete (==2.0.0)
Requires-Dist: attrs (==22.1.0)
Requires-Dist: boto3 (==1.26.30)
Requires-Dist: botocore (==1.29.30)
Requires-Dist: c7n (==0.9.21)
Requires-Dist: docutils (==0.17.1)
Requires-Dist: importlib-metadata (==4.13.0)
Requires-Dist: importlib-resources (==5.10.1)
Requires-Dist: jmespath (==1.0.1)
Requires-Dist: jsonschema (==4.17.3)
Requires-Dist: pkgutil-resolve-name (==1.3.10)
Requires-Dist: pyrsistent (==0.19.2)
Requires-Dist: python-dateutil (==2.8.2)
Requires-Dist: pyyaml (==6.0)
Requires-Dist: s3transfer (==0.6.0)
Requires-Dist: six (==1.16.0)
Requires-Dist: tabulate (==0.8.10)
Requires-Dist: typing-extensions (==4.4.0)
Requires-Dist: urllib3 (==1.26.13)
Requires-Dist: zipp (==3.11.0)
Requires-Dist: rsa (==4.9) ; python_version >= "3.7" and python_version < "4"
Requires-Dist: cachetools (==5.2.0) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: certifi (==2022.12.7) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: charset-normalizer (==2.0.12) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: google-auth (==2.15.0) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: idna (==3.4) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: kubernetes (==10.0.1) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: oauthlib (==3.2.2) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: pyasn1-modules (==0.2.8) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: pyasn1 (==0.4.8) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: python-dateutil (==2.8.2) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: pyyaml (==6.0) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: requests-oauthlib (==1.3.1) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: requests (==2.27.1) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: setuptools (==65.6.3) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: six (==1.16.0) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: urllib3 (==1.26.13) ; python_version >= "3.7" and python_version < "4.0"
Requires-Dist: websocket-client (==1.4.2) ; python_version >= "3.7" and python_version < "4.0"

# Custodian Kubernetes Support

Cloud Custodian can run policies directly inside your cluster, reporting on 
resources that violate those policies, or blocking them altogether.

# Running the server 

c7n-kates can be run and installed via poetry. `poetry install && poetry run c7n-kates`.  

| name           | default   | description                                                  |
|----------------|-----------|--------------------------------------------------------------|
| --host         | 127.0.0.1 | (optional) The host that the server should listen on.        |
| --port         | 8800      | (optional) The port the server will listen on.               |
| --policy-dir   |           | Path to the policy directory.                                |
| --on-exception | warn      | Action to take on an internal exception. One of: warn, deny. |
| --cert         |           | Path to the certificate.                                     | 
| --ca-cert      |           | Path to the CA's certificate.                                |
| --cert-key     |           | Path to the certificate's key.                               |

# Generate a MutatingWebhookConfiguration

After the server is running, you'll need to configure and install the 
MutatingWebhookConfiguration manually. To generate a webhook configuration, you
can run `poetry run c7n-kates --generate --endpoint $ENDPOINT_URL --policy-dir $DIR`, and 
it will generate an appropriate configuration for you, based on your policies.

Note: some modification of the webhook configuration may be required. See the 
[documentation](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) 
on webhooks for more configuration.

# Development

You can use [skaffold](https://github.com/GoogleContainerTools/skaffold/) to 
assist with testing and debugging this controller. Run `skaffold dev` in this
folder to deploy the local container into a local kubernetes cluster. It will 
automatically redeploy it as files change.
