Documentation ¶
Overview ¶
Package validation has functions for validating the correctness of api objects and explaining what is wrong with them when they aren't valid.
Index ¶
- Constants
- Variables
- func AccumulateUniqueHostPorts(containers []core.Container, accumulator *sets.Set[string], ...) field.ErrorList
- func GetVolumeDeviceMap(devices []core.VolumeDevice) map[string]string
- func GetVolumeMountMap(mounts []core.VolumeMount) map[string]string
- func IsDecremented(update, old *int32) bool
- func IsMatchedVolume(name string, volumes map[string]core.VolumeSource) bool
- func IsValidSysctlName(name string) bool
- func ValidateAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateAppArmorPodAnnotations(annotations map[string]string, spec *core.PodSpec, fldPath *field.Path) field.ErrorList
- func ValidateAppArmorProfileField(profile *core.AppArmorProfile, fldPath *field.Path) field.ErrorList
- func ValidateAppArmorProfileFormat(profile string) error
- func ValidateAvoidPodsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateCSIDriverName(driverName string, fldPath *field.Path) field.ErrorList
- func ValidateClusterTrustBundleName(signerName string) func(name string, prefix bool) []string
- func ValidateConfigMap(cfg *core.ConfigMap) field.ErrorList
- func ValidateConfigMapUpdate(newCfg, oldCfg *core.ConfigMap) field.ErrorList
- func ValidateContainerStateTransition(newStatuses, oldStatuses []core.ContainerStatus, fldpath *field.Path, ...) field.ErrorList
- func ValidateContainerUpdates(newContainers, oldContainers []core.Container, fldPath *field.Path) (allErrs field.ErrorList, stop bool)
- func ValidateDNS1123Label(value string, fldPath *field.Path) field.ErrorList
- func ValidateDNS1123Subdomain(value string, fldPath *field.Path) field.ErrorList
- func ValidateEndpoints(endpoints *core.Endpoints) field.ErrorList
- func ValidateEndpointsCreate(endpoints *core.Endpoints) field.ErrorList
- func ValidateEndpointsSpecificAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateEndpointsUpdate(newEndpoints, oldEndpoints *core.Endpoints) field.ErrorList
- func ValidateEnv(vars []core.EnvVar, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
- func ValidateEnvFrom(vars []core.EnvFromSource, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
- func ValidateEventCreate(event *core.Event, requestVersion schema.GroupVersion) field.ErrorList
- func ValidateEventUpdate(newEvent, oldEvent *core.Event, requestVersion schema.GroupVersion) field.ErrorList
- func ValidateHasLabel(meta metav1.ObjectMeta, fldPath *field.Path, key, expectedValue string) field.ErrorList
- func ValidateHostAliases(hostAliases []core.HostAlias, fldPath *field.Path) field.ErrorList
- func ValidateHostSysctl(sysctl string, securityContext *core.PodSecurityContext, fldPath *field.Path) *field.Error
- func ValidateImmutableAnnotation(newVal string, oldVal string, annotation string, fldPath *field.Path) field.ErrorList
- func ValidateImmutableField(newVal, oldVal interface{}, fldPath *field.Path) field.ErrorList
- func ValidateInitContainerStateTransition(newStatuses, oldStatuses []core.ContainerStatus, fldpath *field.Path, ...) field.ErrorList
- func ValidateLimitRange(limitRange *core.LimitRange) field.ErrorList
- func ValidateLoadBalancerStatus(status *core.LoadBalancerStatus, fldPath *field.Path, spec *core.ServiceSpec) field.ErrorList
- func ValidateLocalNonReservedPath(targetPath string, fldPath *field.Path) field.ErrorList
- func ValidateMaxSkew(fldPath *field.Path, maxSkew int32) *field.Error
- func ValidateNamespace(namespace *core.Namespace) field.ErrorList
- func ValidateNamespaceFinalizeUpdate(newNamespace, oldNamespace *core.Namespace) field.ErrorList
- func ValidateNamespaceStatusUpdate(newNamespace, oldNamespace *core.Namespace) field.ErrorList
- func ValidateNamespaceUpdate(newNamespace *core.Namespace, oldNamespace *core.Namespace) field.ErrorList
- func ValidateNode(node *core.Node) field.ErrorList
- func ValidateNodeFieldSelectorRequirement(req core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList
- func ValidateNodeResources(node *core.Node) field.ErrorList
- func ValidateNodeSelector(nodeSelector *core.NodeSelector, fldPath *field.Path) field.ErrorList
- func ValidateNodeSelectorRequirement(rq core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList
- func ValidateNodeSelectorTerm(term core.NodeSelectorTerm, fldPath *field.Path) field.ErrorList
- func ValidateNodeSpecificAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateNodeUpdate(node, oldNode *core.Node) field.ErrorList
- func ValidateNonEmptySelector(selectorMap map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateNonSpecialIP(ipAddress string, fldPath *field.Path) field.ErrorList
- func ValidateNonnegativeField(value int64, fldPath *field.Path) field.ErrorList
- func ValidateNonnegativeQuantity(value resource.Quantity, fldPath *field.Path) field.ErrorList
- func ValidateObjectMeta(meta *metav1.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc, ...) field.ErrorList
- func ValidateObjectMetaUpdate(newMeta, oldMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList
- func ValidatePersistentVolume(pv *core.PersistentVolume, opts PersistentVolumeSpecValidationOptions) field.ErrorList
- func ValidatePersistentVolumeClaim(pvc *core.PersistentVolumeClaim, ...) field.ErrorList
- func ValidatePersistentVolumeClaimSpec(spec *core.PersistentVolumeClaimSpec, fldPath *field.Path, ...) field.ErrorList
- func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, ...) field.ErrorList
- func ValidatePersistentVolumeClaimTemplate(claimTemplate *core.PersistentVolumeClaimTemplate, fldPath *field.Path, ...) field.ErrorList
- func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, ...) field.ErrorList
- func ValidatePersistentVolumeSpec(pvSpec *core.PersistentVolumeSpec, pvName string, ...) field.ErrorList
- func ValidatePersistentVolumeStatusUpdate(newPv, oldPv *core.PersistentVolume) field.ErrorList
- func ValidatePersistentVolumeUpdate(newPv, oldPv *core.PersistentVolume, ...) field.ErrorList
- func ValidatePodAffinityTermSelector(podAffinityTerm core.PodAffinityTerm, allowInvalidLabelValueInSelector bool, ...) field.ErrorList
- func ValidatePodBinding(binding *core.Binding) field.ErrorList
- func ValidatePodCreate(pod *core.Pod, opts PodValidationOptions) field.ErrorList
- func ValidatePodEphemeralContainersUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList
- func ValidatePodLogOptions(opts *core.PodLogOptions) field.ErrorList
- func ValidatePodSpec(spec *core.PodSpec, podMeta *metav1.ObjectMeta, fldPath *field.Path, ...) field.ErrorList
- func ValidatePodSpecificAnnotationUpdates(newPod, oldPod *core.Pod, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
- func ValidatePodSpecificAnnotations(annotations map[string]string, spec *core.PodSpec, fldPath *field.Path, ...) field.ErrorList
- func ValidatePodStatusUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList
- func ValidatePodTemplate(pod *core.PodTemplate, opts PodValidationOptions) field.ErrorList
- func ValidatePodTemplateSpec(spec *core.PodTemplateSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
- func ValidatePodTemplateSpecForRC(template, oldTemplate *core.PodTemplateSpec, selectorMap map[string]string, ...) field.ErrorList
- func ValidatePodTemplateUpdate(newPod, oldPod *core.PodTemplate, opts PodValidationOptions) field.ErrorList
- func ValidatePodUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList
- func ValidatePortNumOrName(port intstr.IntOrString, fldPath *field.Path) field.ErrorList
- func ValidatePositiveQuantityValue(value resource.Quantity, fldPath *field.Path) field.ErrorList
- func ValidatePreemptionPolicy(preemptionPolicy *core.PreemptionPolicy, fldPath *field.Path) field.ErrorList
- func ValidatePreferredSchedulingTerms(terms []core.PreferredSchedulingTerm, fldPath *field.Path) field.ErrorList
- func ValidateProcMountType(fldPath *field.Path, procMountType core.ProcMountType) *field.Error
- func ValidateQualifiedName(value string, fldPath *field.Path) field.ErrorList
- func ValidateReadOnlyPersistentDisks(volumes, oldVolumes []core.Volume, fldPath *field.Path) field.ErrorList
- func ValidateReplicationController(controller *core.ReplicationController, opts PodValidationOptions) field.ErrorList
- func ValidateReplicationControllerSpec(spec, oldSpec *core.ReplicationControllerSpec, fldPath *field.Path, ...) field.ErrorList
- func ValidateReplicationControllerStatus(status core.ReplicationControllerStatus, statusPath *field.Path) field.ErrorList
- func ValidateReplicationControllerStatusUpdate(controller, oldController *core.ReplicationController) field.ErrorList
- func ValidateReplicationControllerUpdate(controller, oldController *core.ReplicationController, ...) field.ErrorList
- func ValidateResourceQuantityValue(resource core.ResourceName, value resource.Quantity, fldPath *field.Path) field.ErrorList
- func ValidateResourceQuota(resourceQuota *core.ResourceQuota) field.ErrorList
- func ValidateResourceQuotaResourceName(value core.ResourceName, fldPath *field.Path) field.ErrorList
- func ValidateResourceQuotaSpec(resourceQuotaSpec *core.ResourceQuotaSpec, fld *field.Path) field.ErrorList
- func ValidateResourceQuotaStatus(status *core.ResourceQuotaStatus, fld *field.Path) field.ErrorList
- func ValidateResourceQuotaStatusUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList
- func ValidateResourceQuotaUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList
- func ValidateResourceRequirements(requirements *core.ResourceRequirements, podClaimNames sets.Set[string], ...) field.ErrorList
- func ValidateRuntimeClassName(name string, fldPath *field.Path) field.ErrorList
- func ValidateSeccompPodAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateSeccompProfile(p string, fldPath *field.Path) field.ErrorList
- func ValidateSecret(secret *core.Secret) field.ErrorList
- func ValidateSecretUpdate(newSecret, oldSecret *core.Secret) field.ErrorList
- func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path, hostUsers bool) field.ErrorList
- func ValidateService(service *core.Service) field.ErrorList
- func ValidateServiceAccount(serviceAccount *core.ServiceAccount) field.ErrorList
- func ValidateServiceAccountUpdate(newServiceAccount, oldServiceAccount *core.ServiceAccount) field.ErrorList
- func ValidateServiceClusterIPsRelatedFields(service *core.Service) field.ErrorList
- func ValidateServiceCreate(service *core.Service) field.ErrorList
- func ValidateServiceStatusUpdate(service, oldService *core.Service) field.ErrorList
- func ValidateServiceUpdate(service, oldService *core.Service) field.ErrorList
- func ValidateSignerName(fldPath *field.Path, signerName string) field.ErrorList
- func ValidateSpreadConstraintNotRepeat(fldPath *field.Path, constraint core.TopologySpreadConstraint, ...) *field.Error
- func ValidateTaintsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateTemplateObjectMeta(objMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList
- func ValidateTolerations(tolerations []core.Toleration, fldPath *field.Path) field.ErrorList
- func ValidateTolerationsInPodAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
- func ValidateTopologyKey(fldPath *field.Path, topologyKey string) *field.Error
- func ValidateTopologySelectorTerm(term core.TopologySelectorTerm, fldPath *field.Path) (map[string]sets.Set[string], field.ErrorList)
- func ValidateVolumeDevices(devices []core.VolumeDevice, volmounts map[string]string, ...) field.ErrorList
- func ValidateVolumeMounts(mounts []core.VolumeMount, voldevices map[string]string, ...) field.ErrorList
- func ValidateVolumes(volumes []core.Volume, podMeta *metav1.ObjectMeta, fldPath *field.Path, ...) (map[string]core.VolumeSource, field.ErrorList)
- func ValidateWhenUnsatisfiable(fldPath *field.Path, action core.UnsatisfiableConstraintAction) *field.Error
- type PersistentVolumeClaimSpecValidationOptions
- type PersistentVolumeSpecValidationOptions
- type PodValidationOptions
- type ValidateNameFunc
Constants ¶
const ( ReportingInstanceLengthLimit = 128 ActionLengthLimit = 128 ReasonLengthLimit = 128 NoteLengthLimit = 1024 )
const ( // Limits on various DNS parameters. These are derived from // restrictions in Linux libc name resolution handling. // Max number of DNS name servers. MaxDNSNameservers = 3 // Max number of domains in the search path list. MaxDNSSearchPaths = 32 // Max number of characters in the search path. MaxDNSSearchListChars = 2048 )
const ( // a sysctl segment regex, concatenated with dots to form a sysctl name SysctlSegmentFmt string = "[a-z0-9]([-_a-z0-9]*[a-z0-9])?" // a sysctl name regex with slash allowed SysctlContainSlashFmt string = "(" + SysctlSegmentFmt + "[\\./])*" + SysctlSegmentFmt // the maximal length of a sysctl name SysctlMaxLength int = 253 )
Variables ¶
var BannedOwners = apimachineryvalidation.BannedOwners
BannedOwners is a black list of object that are not allowed to be owners.
var ValidateClassName = apimachineryvalidation.NameIsDNSSubdomain
ValidateClassName can be used to check whether the given class name is valid. It is defined here to avoid import cycle between pkg/apis/storage/validation (where it should be) and this file.
var ValidateConfigMapName = apimachineryvalidation.NameIsDNSSubdomain
ValidateConfigMapName can be used to check whether the given ConfigMap name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateEndpointsName = apimachineryvalidation.NameIsDNSSubdomain
ValidateEndpointsName can be used to check whether the given endpoints name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateLimitRangeName = apimachineryvalidation.NameIsDNSSubdomain
ValidateLimitRangeName can be used to check whether the given limit range name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateNamespaceName = apimachineryvalidation.ValidateNamespaceName
ValidateNamespaceName can be used to check whether the given namespace name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateNodeName = apimachineryvalidation.NameIsDNSSubdomain
ValidateNodeName can be used to check whether the given node name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidatePersistentVolumeName = apimachineryvalidation.NameIsDNSSubdomain
ValidatePersistentVolumeName checks that a name is appropriate for a PersistentVolumeName object.
var ValidatePodName = apimachineryvalidation.NameIsDNSSubdomain
ValidatePodName can be used to check whether the given pod name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidatePriorityClassName = apimachineryvalidation.NameIsDNSSubdomain
ValidatePriorityClassName can be used to check whether the given priority class name is valid.
var ValidateReplicationControllerName = apimachineryvalidation.NameIsDNSSubdomain
ValidateReplicationControllerName can be used to check whether the given replication controller name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateResourceClaimName = apimachineryvalidation.NameIsDNSSubdomain
ValidateResourceClaimName can be used to check whether the given name for a ResourceClaim is valid.
var ValidateResourceClaimTemplateName = apimachineryvalidation.NameIsDNSSubdomain
ValidateResourceClaimTemplateName can be used to check whether the given name for a ResourceClaimTemplate is valid.
var ValidateResourceQuotaName = apimachineryvalidation.NameIsDNSSubdomain
ValidateResourceQuotaName can be used to check whether the given resource quota name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateSecretName = apimachineryvalidation.NameIsDNSSubdomain
ValidateSecretName can be used to check whether the given secret name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateServiceAccountName = apimachineryvalidation.ValidateServiceAccountName
ValidateServiceAccountName can be used to check whether the given service account name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
var ValidateServiceName = apimachineryvalidation.NameIsDNS1035Label
ValidateServiceName can be used to check whether the given service name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
Functions ¶
func AccumulateUniqueHostPorts ¶
func AccumulateUniqueHostPorts(containers []core.Container, accumulator *sets.Set[string], fldPath *field.Path) field.ErrorList
AccumulateUniqueHostPorts extracts each HostPort of each Container, accumulating the results and returning an error if any ports conflict.
func GetVolumeDeviceMap ¶
func GetVolumeDeviceMap(devices []core.VolumeDevice) map[string]string
func GetVolumeMountMap ¶
func GetVolumeMountMap(mounts []core.VolumeMount) map[string]string
func IsDecremented ¶ added in v1.10.0
func IsMatchedVolume ¶
func IsMatchedVolume(name string, volumes map[string]core.VolumeSource) bool
func IsValidSysctlName ¶
IsValidSysctlName checks that the given string is a valid sysctl name, i.e. matches SysctlContainSlashFmt. More info:
https://man7.org/linux/man-pages/man8/sysctl.8.html https://man7.org/linux/man-pages/man5/sysctl.d.5.html
func ValidateAnnotations ¶
ValidateAnnotations validates that a set of annotations are correctly defined.
func ValidateAppArmorProfileField ¶ added in v1.30.0
func ValidateAppArmorProfileFormat ¶ added in v1.24.0
func ValidateAvoidPodsInNodeAnnotations ¶
func ValidateAvoidPodsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
ValidateAvoidPodsInNodeAnnotations tests that the serialized AvoidPods in Node.Annotations has valid data
func ValidateCSIDriverName ¶ added in v1.13.0
func ValidateClusterTrustBundleName ¶ added in v1.29.0
ValidateClusterTrustBundleName checks that a ClusterTrustBundle name conforms to the rules documented on the type.
func ValidateConfigMap ¶
ValidateConfigMap tests whether required fields in the ConfigMap are set.
func ValidateConfigMapUpdate ¶
ValidateConfigMapUpdate tests if required fields in the ConfigMap are set.
func ValidateContainerStateTransition ¶ added in v1.10.0
func ValidateContainerStateTransition(newStatuses, oldStatuses []core.ContainerStatus, fldpath *field.Path, restartPolicy core.RestartPolicy) field.ErrorList
ValidateContainerStateTransition test to if any illegal container state transitions are being attempted
func ValidateDNS1123Label ¶
func ValidateDNS1123Subdomain ¶
ValidateDNS1123Subdomain validates that a name is a proper DNS subdomain.
func ValidateEndpoints ¶
ValidateEndpoints validates Endpoints on create and update.
func ValidateEndpointsCreate ¶ added in v1.18.0
ValidateEndpointsCreate validates Endpoints on create.
func ValidateEndpointsUpdate ¶
ValidateEndpointsUpdate validates Endpoints on update. NodeName changes are allowed during update to accommodate the case where nodeIP or PodCIDR is reused. An existing endpoint ip will have a different nodeName if this happens.
func ValidateEnv ¶
func ValidateEnv(vars []core.EnvVar, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
ValidateEnv validates env vars
func ValidateEnvFrom ¶
func ValidateEnvFrom(vars []core.EnvFromSource, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
func ValidateEventCreate ¶ added in v1.19.0
func ValidateEventUpdate ¶ added in v1.19.0
func ValidateHasLabel ¶
func ValidateHasLabel(meta metav1.ObjectMeta, fldPath *field.Path, key, expectedValue string) field.ErrorList
ValidateHasLabel requires that metav1.ObjectMeta has a Label with key and expectedValue
func ValidateHostAliases ¶
func ValidateHostSysctl ¶ added in v1.29.0
func ValidateHostSysctl(sysctl string, securityContext *core.PodSecurityContext, fldPath *field.Path) *field.Error
ValidateHostSysctl will return error if namespaced sysctls is applied to pod sharing the respective namespaces with the host.
func ValidateImmutableField ¶
func ValidateInitContainerStateTransition ¶ added in v1.28.8
func ValidateInitContainerStateTransition(newStatuses, oldStatuses []core.ContainerStatus, fldpath *field.Path, podSpec *core.PodSpec) field.ErrorList
ValidateInitContainerStateTransition test to if any illegal init container state transitions are being attempted
func ValidateLimitRange ¶
func ValidateLimitRange(limitRange *core.LimitRange) field.ErrorList
ValidateLimitRange tests if required fields in the LimitRange are set.
func ValidateLoadBalancerStatus ¶
func ValidateLoadBalancerStatus(status *core.LoadBalancerStatus, fldPath *field.Path, spec *core.ServiceSpec) field.ErrorList
ValidateLoadBalancerStatus validates required fields on a LoadBalancerStatus
func ValidateLocalNonReservedPath ¶ added in v1.30.0
ValidateLocalNonReservedPath makes sure targetPath: 1. is not abs path 2. does not contain any '..' elements 3. does not start with '..'
func ValidateMaxSkew ¶ added in v1.16.0
ValidateMaxSkew tests that the argument is a valid MaxSkew.
func ValidateNamespace ¶
ValidateNamespace tests if required fields are set.
func ValidateNamespaceFinalizeUpdate ¶
ValidateNamespaceFinalizeUpdate tests to see if the update is legal for an end user to make.
func ValidateNamespaceStatusUpdate ¶
ValidateNamespaceStatusUpdate tests to see if the update is legal for an end user to make.
func ValidateNamespaceUpdate ¶
func ValidateNamespaceUpdate(newNamespace *core.Namespace, oldNamespace *core.Namespace) field.ErrorList
ValidateNamespaceUpdate tests to make sure a namespace update can be applied.
func ValidateNode ¶
ValidateNode tests if required fields in the node are set.
func ValidateNodeFieldSelectorRequirement ¶ added in v1.11.0
func ValidateNodeFieldSelectorRequirement(req core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList
ValidateNodeFieldSelectorRequirement tests that the specified NodeSelectorRequirement fields has valid data
func ValidateNodeResources ¶
ValidateNodeResources is used to make sure a node has valid capacity and allocatable values.
func ValidateNodeSelector ¶
ValidateNodeSelector tests that the specified nodeSelector fields has valid data
func ValidateNodeSelectorRequirement ¶
func ValidateNodeSelectorRequirement(rq core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList
ValidateNodeSelectorRequirement tests that the specified NodeSelectorRequirement fields has valid data
func ValidateNodeSelectorTerm ¶
ValidateNodeSelectorTerm tests that the specified node selector term has valid data
func ValidateNodeUpdate ¶
ValidateNodeUpdate tests to make sure a node update can be applied. Modifies oldNode.
func ValidateNonEmptySelector ¶
Validates that the given selector is non-empty.
func ValidateNonSpecialIP ¶ added in v1.18.19
ValidateNonSpecialIP is used to validate Endpoints, EndpointSlices, and external IPs. Specifically, this disallows unspecified and loopback addresses are nonsensical and link-local addresses tend to be used for node-centric purposes (e.g. metadata service).
IPv6 references - https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml - https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
func ValidateNonnegativeField ¶
Validates that given value is not negative.
func ValidateNonnegativeQuantity ¶
Validates that a Quantity is not negative
func ValidateObjectMeta ¶
func ValidateObjectMeta(meta *metav1.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc, fldPath *field.Path) field.ErrorList
ValidateObjectMeta validates an object's metadata on creation. It expects that name generation has already been performed. It doesn't return an error for rootscoped resources with namespace, because namespace should already be cleared before. TODO: Remove calls to this method scattered in validations of specific resources, e.g., ValidatePodUpdate.
func ValidateObjectMetaUpdate ¶
func ValidateObjectMetaUpdate(newMeta, oldMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList
ValidateObjectMetaUpdate validates an object's metadata when updated
func ValidatePersistentVolume ¶
func ValidatePersistentVolume(pv *core.PersistentVolume, opts PersistentVolumeSpecValidationOptions) field.ErrorList
func ValidatePersistentVolumeClaim ¶
func ValidatePersistentVolumeClaim(pvc *core.PersistentVolumeClaim, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList
ValidatePersistentVolumeClaim validates a PersistentVolumeClaim
func ValidatePersistentVolumeClaimSpec ¶
func ValidatePersistentVolumeClaimSpec(spec *core.PersistentVolumeClaimSpec, fldPath *field.Path, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList
ValidatePersistentVolumeClaimSpec validates a PersistentVolumeClaimSpec
func ValidatePersistentVolumeClaimStatusUpdate ¶
func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, validationOpts PersistentVolumeClaimSpecValidationOptions) field.ErrorList
ValidatePersistentVolumeClaimStatusUpdate validates an update to status of a PersistentVolumeClaim
func ValidatePersistentVolumeClaimTemplate ¶ added in v1.19.0
func ValidatePersistentVolumeClaimTemplate(claimTemplate *core.PersistentVolumeClaimTemplate, fldPath *field.Path, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList
ValidatePersistentVolumeClaimTemplate verifies that the embedded object meta and spec are valid. Checking of the object data is very minimal because only labels and annotations are used.
func ValidatePersistentVolumeClaimUpdate ¶
func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList
ValidatePersistentVolumeClaimUpdate validates an update to a PersistentVolumeClaim
func ValidatePersistentVolumeSpec ¶ added in v1.15.0
func ValidatePersistentVolumeSpec(pvSpec *core.PersistentVolumeSpec, pvName string, validateInlinePersistentVolumeSpec bool, fldPath *field.Path, opts PersistentVolumeSpecValidationOptions) field.ErrorList
func ValidatePersistentVolumeStatusUpdate ¶
func ValidatePersistentVolumeStatusUpdate(newPv, oldPv *core.PersistentVolume) field.ErrorList
ValidatePersistentVolumeStatusUpdate tests to see if the status update is legal for an end user to make.
func ValidatePersistentVolumeUpdate ¶
func ValidatePersistentVolumeUpdate(newPv, oldPv *core.PersistentVolume, opts PersistentVolumeSpecValidationOptions) field.ErrorList
ValidatePersistentVolumeUpdate tests to see if the update is legal for an end user to make. newPv is updated with fields that cannot be changed.
func ValidatePodAffinityTermSelector ¶ added in v1.26.0
func ValidatePodBinding ¶
ValidatePodBinding tests if required fields in the pod binding are legal.
func ValidatePodCreate ¶ added in v1.16.0
func ValidatePodCreate(pod *core.Pod, opts PodValidationOptions) field.ErrorList
ValidatePodCreate validates a pod in the context of its initial create
func ValidatePodEphemeralContainersUpdate ¶ added in v1.16.0
func ValidatePodEphemeralContainersUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList
ValidatePodEphemeralContainersUpdate tests that a user update to EphemeralContainers is valid. newPod and oldPod must only differ in their EphemeralContainers.
func ValidatePodLogOptions ¶
func ValidatePodLogOptions(opts *core.PodLogOptions) field.ErrorList
func ValidatePodSpec ¶
func ValidatePodSpec(spec *core.PodSpec, podMeta *metav1.ObjectMeta, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
ValidatePodSpec tests that the specified PodSpec has valid data. This includes checking formatting and uniqueness. It also canonicalizes the structure by setting default values and implementing any backwards-compatibility tricks. The pod metadata is needed to validate generic ephemeral volumes. It is optional and should be left empty unless the spec is from a real pod object.
func ValidatePodStatusUpdate ¶
func ValidatePodStatusUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList
ValidatePodStatusUpdate checks for changes to status that shouldn't occur in normal operation.
func ValidatePodTemplate ¶
func ValidatePodTemplate(pod *core.PodTemplate, opts PodValidationOptions) field.ErrorList
ValidatePodTemplate tests if required fields in the pod template are set.
func ValidatePodTemplateSpec ¶
func ValidatePodTemplateSpec(spec *core.PodTemplateSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
ValidatePodTemplateSpec validates the spec of a pod template
func ValidatePodTemplateSpecForRC ¶
func ValidatePodTemplateSpecForRC(template, oldTemplate *core.PodTemplateSpec, selectorMap map[string]string, replicas int32, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
Validates the given template and ensures that it is in accordance with the desired selector and replicas.
func ValidatePodTemplateUpdate ¶
func ValidatePodTemplateUpdate(newPod, oldPod *core.PodTemplate, opts PodValidationOptions) field.ErrorList
ValidatePodTemplateUpdate tests to see if the update is legal for an end user to make. newPod is updated with fields that cannot be changed.
func ValidatePodUpdate ¶
func ValidatePodUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList
ValidatePodUpdate tests to see if the update is legal for an end user to make. newPod is updated with fields that cannot be changed.
func ValidatePortNumOrName ¶
func ValidatePositiveQuantityValue ¶
Validates that a Quantity is positive
func ValidatePreemptionPolicy ¶ added in v1.15.0
func ValidatePreferredSchedulingTerms ¶
func ValidatePreferredSchedulingTerms(terms []core.PreferredSchedulingTerm, fldPath *field.Path) field.ErrorList
ValidatePreferredSchedulingTerms tests that the specified SoftNodeAffinity fields has valid data
func ValidateProcMountType ¶ added in v1.14.0
ValidateProcMountType tests that the argument is a valid ProcMountType.
func ValidateQualifiedName ¶ added in v1.21.0
ValidateQualifiedName validates if name is what Kubernetes calls a "qualified name".
func ValidateReadOnlyPersistentDisks ¶
func ValidateReadOnlyPersistentDisks(volumes, oldVolumes []core.Volume, fldPath *field.Path) field.ErrorList
ValidateReadOnlyPersistentDisks stick this AFTER the short-circuit checks
func ValidateReplicationController ¶
func ValidateReplicationController(controller *core.ReplicationController, opts PodValidationOptions) field.ErrorList
ValidateReplicationController tests if required fields in the replication controller are set.
func ValidateReplicationControllerSpec ¶
func ValidateReplicationControllerSpec(spec, oldSpec *core.ReplicationControllerSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList
ValidateReplicationControllerSpec tests if required fields in the replication controller spec are set.
func ValidateReplicationControllerStatusUpdate ¶
func ValidateReplicationControllerStatusUpdate(controller, oldController *core.ReplicationController) field.ErrorList
ValidateReplicationControllerStatusUpdate tests if required fields in the replication controller are set.
func ValidateReplicationControllerUpdate ¶
func ValidateReplicationControllerUpdate(controller, oldController *core.ReplicationController, opts PodValidationOptions) field.ErrorList
ValidateReplicationControllerUpdate tests if required fields in the replication controller are set.
func ValidateResourceQuantityValue ¶
func ValidateResourceQuantityValue(resource core.ResourceName, value resource.Quantity, fldPath *field.Path) field.ErrorList
ValidateResourceQuantityValue enforces that specified quantity is valid for specified resource
func ValidateResourceQuota ¶
func ValidateResourceQuota(resourceQuota *core.ResourceQuota) field.ErrorList
ValidateResourceQuota tests if required fields in the ResourceQuota are set.
func ValidateResourceQuotaResourceName ¶
func ValidateResourceQuotaResourceName(value core.ResourceName, fldPath *field.Path) field.ErrorList
Validate resource names that can go in a resource quota Refer to docs/design/resources.md for more details.
func ValidateResourceQuotaStatusUpdate ¶
func ValidateResourceQuotaStatusUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList
ValidateResourceQuotaStatusUpdate tests to see if the status update is legal for an end user to make.
func ValidateResourceQuotaUpdate ¶
func ValidateResourceQuotaUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList
ValidateResourceQuotaUpdate tests to see if the update is legal for an end user to make.
func ValidateResourceRequirements ¶
func ValidateResourceRequirements(requirements *core.ResourceRequirements, podClaimNames sets.Set[string], fldPath *field.Path, opts PodValidationOptions) field.ErrorList
Validates resource requirement spec.
func ValidateRuntimeClassName ¶ added in v1.12.0
ValidateRuntimeClassName can be used to check whether the given RuntimeClass name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.
func ValidateSeccompProfile ¶
func ValidateSecret ¶
ValidateSecret tests if required fields in the Secret are set.
func ValidateSecretUpdate ¶
ValidateSecretUpdate tests if required fields in the Secret are set.
func ValidateSecurityContext ¶
func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path, hostUsers bool) field.ErrorList
ValidateSecurityContext ensures the security context contains valid settings
func ValidateService ¶
ValidateService tests if required fields/annotations of a Service are valid.
func ValidateServiceAccount ¶
func ValidateServiceAccount(serviceAccount *core.ServiceAccount) field.ErrorList
ValidateServiceAccount tests if required fields in the ServiceAccount are set.
func ValidateServiceAccountUpdate ¶
func ValidateServiceAccountUpdate(newServiceAccount, oldServiceAccount *core.ServiceAccount) field.ErrorList
ValidateServiceAccountUpdate tests if required fields in the ServiceAccount are set.
func ValidateServiceClusterIPsRelatedFields ¶ added in v1.23.0
ValidateServiceClusterIPsRelatedFields validates .spec.ClusterIPs,, .spec.IPFamilies, .spec.ipFamilyPolicy. This is exported because it is used during IP init and allocation.
func ValidateServiceCreate ¶ added in v1.18.0
ValidateServiceCreate validates Services as they are created.
func ValidateServiceStatusUpdate ¶
ValidateServiceStatusUpdate tests if required fields in the Service are set when updating status.
func ValidateServiceUpdate ¶
ValidateServiceUpdate tests if required fields in the service are set during an update
func ValidateSignerName ¶ added in v1.29.0
ValidateSignerName checks that signerName is syntactically valid.
ensure signerName is of the form domain.com/something and up to 571 characters. This length and format is specified to accommodate signerNames like: <fqdn>/<resource-namespace>.<resource-name>. The max length of a FQDN is 253 characters (DNS1123Subdomain max length) The max length of a namespace name is 63 characters (DNS1123Label max length) The max length of a resource name is 253 characters (DNS1123Subdomain max length) We then add an additional 2 characters to account for the one '.' and one '/'.
func ValidateSpreadConstraintNotRepeat ¶ added in v1.16.0
func ValidateSpreadConstraintNotRepeat(fldPath *field.Path, constraint core.TopologySpreadConstraint, restingConstraints []core.TopologySpreadConstraint) *field.Error
ValidateSpreadConstraintNotRepeat tests that if `constraint` duplicates with `existingConstraintPairs` on TopologyKey and WhenUnsatisfiable fields.
func ValidateTaintsInNodeAnnotations ¶
func ValidateTaintsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
ValidateTaintsInNodeAnnotations tests that the serialized taints in Node.Annotations has valid data
func ValidateTemplateObjectMeta ¶ added in v1.26.0
func ValidateTolerations ¶
ValidateTolerations tests if given tolerations have valid data.
func ValidateTolerationsInPodAnnotations ¶
func ValidateTolerationsInPodAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList
ValidateTolerationsInPodAnnotations tests that the serialized tolerations in Pod.Annotations has valid data
func ValidateTopologyKey ¶ added in v1.16.0
ValidateTopologyKey tests that the argument is a valid TopologyKey.
func ValidateTopologySelectorTerm ¶ added in v1.11.0
func ValidateTopologySelectorTerm(term core.TopologySelectorTerm, fldPath *field.Path) (map[string]sets.Set[string], field.ErrorList)
ValidateTopologySelectorTerm tests that the specified topology selector term has valid data, and constructs a map representing the term in raw form.
func ValidateVolumeDevices ¶
func ValidateVolumeMounts ¶
func ValidateVolumes ¶
func ValidateVolumes(volumes []core.Volume, podMeta *metav1.ObjectMeta, fldPath *field.Path, opts PodValidationOptions) (map[string]core.VolumeSource, field.ErrorList)
func ValidateWhenUnsatisfiable ¶ added in v1.16.0
func ValidateWhenUnsatisfiable(fldPath *field.Path, action core.UnsatisfiableConstraintAction) *field.Error
ValidateWhenUnsatisfiable tests that the argument is a valid UnsatisfiableConstraintAction.
Types ¶
type PersistentVolumeClaimSpecValidationOptions ¶ added in v1.22.0
type PersistentVolumeClaimSpecValidationOptions struct { // Allow users to recover from previously failing expansion operation EnableRecoverFromExpansionFailure bool // Allow to validate the label value of the label selector AllowInvalidLabelValueInSelector bool // Allow to validate the API group of the data source and data source reference AllowInvalidAPIGroupInDataSourceOrRef bool // Allow users to modify the class of volume attributes EnableVolumeAttributesClass bool }
func ValidationOptionsForPersistentVolumeClaim ¶ added in v1.22.0
func ValidationOptionsForPersistentVolumeClaim(pvc, oldPvc *core.PersistentVolumeClaim) PersistentVolumeClaimSpecValidationOptions
func ValidationOptionsForPersistentVolumeClaimTemplate ¶ added in v1.22.0
func ValidationOptionsForPersistentVolumeClaimTemplate(claimTemplate, oldClaimTemplate *core.PersistentVolumeClaimTemplate) PersistentVolumeClaimSpecValidationOptions
type PersistentVolumeSpecValidationOptions ¶ added in v1.22.0
type PersistentVolumeSpecValidationOptions struct { // Allow users to modify the class of volume attributes EnableVolumeAttributesClass bool }
PersistentVolumeSpecValidationOptions contains the different settings for PeristentVolume validation
func ValidationOptionsForPersistentVolume ¶ added in v1.22.0
func ValidationOptionsForPersistentVolume(pv, oldPv *core.PersistentVolume) PersistentVolumeSpecValidationOptions
type PodValidationOptions ¶ added in v1.18.0
type PodValidationOptions struct { // Allow invalid pod-deletion-cost annotation value for backward compatibility. AllowInvalidPodDeletionCost bool // Allow invalid label-value in LabelSelector AllowInvalidLabelValueInSelector bool // Allow pod spec to use non-integer multiple of huge page unit size AllowIndivisibleHugePagesValues bool // Allow pod spec to use status.hostIPs in downward API if feature is enabled AllowHostIPsField bool // Allow invalid topologySpreadConstraint labelSelector for backward compatibility AllowInvalidTopologySpreadConstraintLabelSelector bool // Allow projected token volumes with non-local paths AllowNonLocalProjectedTokenPath bool // Allow namespaced sysctls in hostNet and hostIPC pods AllowNamespacedSysctlsForHostNetAndHostIPC bool // The top-level resource being validated is a Pod, not just a PodSpec // embedded in some other resource. ResourceIsPod bool // Allow relaxed validation of environment variable names AllowRelaxedEnvironmentVariableValidation bool }
PodValidationOptions contains the different settings for pod validation
type ValidateNameFunc ¶
type ValidateNameFunc apimachineryvalidation.ValidateNameFunc
ValidateNameFunc validates that the provided name is valid for a given resource type. Not all resources have the same validation rules for names. Prefix is true if the name will have a value appended to it. If the name is not valid, this returns a list of descriptions of individual characteristics of the value that were not valid. Otherwise this returns an empty list or nil.