Affected by GO-2022-0617 and 17 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0885: Improper Authentication in Kubernetes in k8s.io/kubernetes

GO-2022-0890: Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes

GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

GO-2022-0908: Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes

GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

GO-2022-0983: kubectl ANSI escape characters not filtered in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2748: Privilege Escalation in Kubernetes in k8s.io/apimachinery

GO-2024-2753: Denial of service in Kubernetes in k8s.io/kubernetes

GO-2024-2754: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2755: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

volumerestrictions

package

v1.18.1-beta.0 Latest Latest Go to latest Published: Mar 25, 2020 License: Apache-2.0 Imports: 5 Imported by: 6

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Documentation ¶

Index ¶

Constants
func New(_ *runtime.Unknown, _ framework.FrameworkHandle) (framework.Plugin, error)
type VolumeRestrictions
- func (pl *VolumeRestrictions) Filter(ctx context.Context, _ *framework.CycleState, pod *v1.Pod, ...) *framework.Status
- func (pl *VolumeRestrictions) Name() string

Constants ¶

View Source

const (
	// ErrReasonDiskConflict is used for NoDiskConflict predicate error.
	ErrReasonDiskConflict = "node(s) had no available disk"
)

View Source

const Name = "VolumeRestrictions"

Name is the name of the plugin used in the plugin registry and configurations.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(_ *runtime.Unknown, _ framework.FrameworkHandle) (framework.Plugin, error)

New initializes a new plugin and returns it.

Types ¶

type VolumeRestrictions ¶

type VolumeRestrictions struct{}

VolumeRestrictions is a plugin that checks volume restrictions.

func (*VolumeRestrictions) Filter ¶

func (pl *VolumeRestrictions) Filter(ctx context.Context, _ *framework.CycleState, pod *v1.Pod, nodeInfo *nodeinfo.NodeInfo) *framework.Status

Filter invoked at the filter extension point. It evaluates if a pod can fit due to the volumes it requests, and those that are already mounted. If there is already a volume mounted on that node, another pod that uses the same volume can't be scheduled there. This is GCE, Amazon EBS, ISCSI and Ceph RBD specific for now: - GCE PD allows multiple mounts as long as they're all read-only - AWS EBS forbids any two pods mounting the same volume ID - Ceph RBD forbids if any two pods share at least same monitor, and match pool and image, and the image is read-only - ISCSI forbids if any two pods share at least same IQN and ISCSI volume is read-only

func (*VolumeRestrictions) Name ¶

func (pl *VolumeRestrictions) Name() string

Name returns name of the plugin. It is used in logs, etc.

Source Files ¶

View all Source files

volume_restrictions.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL