Selectors
Last updated
Last updated
© SPYDERBAT, Inc., All Rights Reserved
Selectors are used in various places to scope policies, rules, and actions. Spyderbat's selectors based on Kubernetes Labels and Selectors.
Spyderbat's selectors offer set-based selector primitives.
* Matches the syntax from Kubernetes
** Unique to Spyderbat's Selectors
Expressions have 3 fields: key
, operator
, and values
. They allow you to define set-based groupings.
Example:
In the example above whatever is being matched on, must have a label with a key app
and the value of that label must be either apache
or mysql
.
Operators define how the set-based expression is to be evaluated.
Pod and Namespace selectors are defined the exact same way that Kubernetes Pod and Namespace selectors are. Both resources types can have user-defined labels that allow them to be grouped by selectors.
The labels are found within the Pod and Namespace object yaml.
Examples:
The following selectors are Custom to Spyderbat's environment. They add an additional level on granularity to scoping operations.
The Cluster Selector allows for scoping by Kubernetes Cluster. Field values may be wildcarded with an *
character.
Example:
The Machine Selector allows for scoping my Machine. A machine in this context is a device with the Spyderbat Nano Agent installed.
Example:
The Container Selector allows for scoping by fields associated with containers.
Example:
The Service Selector allows for scoping by fields associated with Linux Services
Example:
The Trace Selector is used by Trace Suppression Policies to suppress Spydertraces within a specific scope.
Example:
The User Selector is used by Trace Suppression Policies to suppress Spydertraces triggered by a specific user or users.
Example:
The Process Selector is used to scope by fields associated with a Linux Process.
Supported Primitives |
---|
Supported Primitives |
---|
Supported Fields | Description |
---|---|
Supported Fields | Description |
---|---|
Supported Fields | Description |
---|---|
Supported Fields | Description |
---|---|
Supported Fields | Description |
---|---|
Supported Fields | Description |
---|---|
Supported Fields | Description |
---|---|
*matchLabels
user-defined key value pairs
*matchExpressions
contain a key, operator, and values
**matchFields
pre-defined key value pairs
**matchFieldsExpressions
key from pre-defined list, operator, and values
In
The key must exist and the value must be in values
NotIn
The key must exists and the value must not be in values
Exists
The key must exist
DoesNotExist
The key must not exist
matchLabels
matchExpressions
matchFields
matchFieldsExpressions
name
The name of the cluster as defined in Spyderbat
uid
The Spyderbat-provided uid of the cluster generally begins with clus:
hostname
The hostname of a host on the network
uid
The Spyderbat-provided uid of the machine generally begins with mach:
image
The container's image name
imageID
The container's image hash
containerName
The name of a specific container instance (usually auto-generated)
containerID
The ID of a specific container instance (usually auto-generated)
cgroup
The cgroup that every process within the service falls under. Ex. systemd:/system.slice/nano-agent.service
name
The simple name of the Linux service. Ex. nano-agent.service
triggerClass
The class of flag that triggered the Spydertrace
triggerAncestors
The names of the ancestor processes of the flag that triggered the Spydertrace
user
The username of the offending user
name
The name of the process
exe
The executable of the process
euser
The username of the process' effective user