Affected by GO-2022-0617
and 16 other vulnerabilities
GO-2022-0617 : WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0885 : Improper Authentication in Kubernetes in k8s.io/kubernetes
GO-2022-0907 : Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
GO-2022-0908 : Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
GO-2022-0910 : Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
GO-2022-0983 : kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1864 : Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891 : kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892 : Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-2159 : Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
GO-2023-2341 : Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2748 : Privilege Escalation in Kubernetes in k8s.io/apimachinery
GO-2024-2753 : Denial of service in Kubernetes in k8s.io/kubernetes
GO-2024-2754 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2755 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2994 : Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
GO-2024-3277 : Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Discover Packages
k8s.io/kubernetes
pkg
scheduler
framework
plugins
volumerestrictions
package
Version:
v1.18.4-rc.0
Opens a new window with list of versions in this module.
Published: May 20, 2020
License: Apache-2.0
Opens a new window with license information.
Imports: 5
Opens a new window with list of imports.
Imported by: 6
Opens a new window with list of known importers.
Documentation
Documentation
¶
View Source
const (
ErrReasonDiskConflict = "node(s) had no available disk"
)
Name is the name of the plugin used in the plugin registry and configurations.
New initializes a new plugin and returns it.
type VolumeRestrictions struct{}
VolumeRestrictions is a plugin that checks volume restrictions.
Filter invoked at the filter extension point.
It evaluates if a pod can fit due to the volumes it requests, and those that
are already mounted. If there is already a volume mounted on that node, another pod that uses the same volume
can't be scheduled there.
This is GCE, Amazon EBS, ISCSI and Ceph RBD specific for now:
- GCE PD allows multiple mounts as long as they're all read-only
- AWS EBS forbids any two pods mounting the same volume ID
- Ceph RBD forbids if any two pods share at least same monitor, and match pool and image, and the image is read-only
- ISCSI forbids if any two pods share at least same IQN and ISCSI volume is read-only
Name returns name of the plugin. It is used in logs, etc.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.