validators

package
v0.0.1-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2021 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DenyHostNamespace

type DenyHostNamespace struct{}

DenyHostNamespace is a Validator that denies sharing the host namespaces

func (DenyHostNamespace) Validate

func (v DenyHostNamespace) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type DenyHostPathVolumes

type DenyHostPathVolumes struct{}

DenyHostPathVolumes is a Validator that denies usage of HostPath volumes

func (DenyHostPathVolumes) Validate

type DenyHostPorts

type DenyHostPorts struct {
	// contains filtered or unexported fields
}

DenyHostPorts is a Validator that denies usage of HostPorts

func NewDenyHostPorts

func NewDenyHostPorts(hostPorts []PortRange) DenyHostPorts

func (DenyHostPorts) Validate

func (v DenyHostPorts) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type DenyNonCoreVolumeTypes

type DenyNonCoreVolumeTypes struct{}

DenyNonCoreVolumeTypes is a Validator that denies usage of non-core volume types

func (DenyNonCoreVolumeTypes) Validate

type DenyPrivilegeEscalation

type DenyPrivilegeEscalation struct{}

DenyPrivilegeEscalation is a Validator that denies privilege escalation

func (DenyPrivilegeEscalation) Validate

type DenyPrivilegedContainers

type DenyPrivilegedContainers struct{}

DenyPrivilegedContainers is a Validator that denies privileged containers

func (DenyPrivilegedContainers) Validate

type DenyRootGroups

type DenyRootGroups struct{}

DenyRootGroups is a Validator that denies running with a root primary or supplementary GID

func (DenyRootGroups) Validate

func (v DenyRootGroups) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type DenyRunAsRoot

type DenyRunAsRoot struct{}

DenyRunAsRoot is a Validator that denies running as root users

func (DenyRunAsRoot) Validate

func (v DenyRunAsRoot) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type DenyUnsafeAppArmor

type DenyUnsafeAppArmor struct{}

DenyUnsafeAppArmor is a Validator that denies overriding or disabling the default AppArmor profile

func (DenyUnsafeAppArmor) Validate

func (v DenyUnsafeAppArmor) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type DenyUnsafeCapabilities

type DenyUnsafeCapabilities struct {
	// contains filtered or unexported fields
}

DenyUnsafeCapabilities is a Validator that denies adding capabilities beyond the default set

func NewDenyUnsafeCapabilities

func NewDenyUnsafeCapabilities(capabilities []string) DenyUnsafeCapabilities

func (DenyUnsafeCapabilities) Validate

type DenyUnsafeProcMount

type DenyUnsafeProcMount struct{}

DenyUnsafeProcMount is a Validator that denies unmasked proc mount

func (DenyUnsafeProcMount) Validate

type DenyUnsafeSELinux

type DenyUnsafeSELinux struct{}

DenyUnsafeSELinux is a Validator that denies setting custom SELinux options

func (DenyUnsafeSELinux) Validate

func (v DenyUnsafeSELinux) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type DenyUnsafeSeccomp

type DenyUnsafeSeccomp struct{}

DenyUnsafeSeccomp is a Validator that denies usage of non-default Seccomp profile

func (DenyUnsafeSeccomp) Validate

func (v DenyUnsafeSeccomp) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type DenyUnsafeSysctls

type DenyUnsafeSysctls struct{}

DenyUnsafeSysctls is a Validator that denies usage of unsafe sysctls

func (DenyUnsafeSysctls) Validate

func (v DenyUnsafeSysctls) Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList

type PortRange

type PortRange struct {
	Min int32 `json:"min"`
	Max int32 `json:"max"`
}

type Validator

type Validator interface {
	Validate(ctx context.Context, pod *corev1.Pod) field.ErrorList
}

Validator is an interface for validator

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL