validation

package
v1.30.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2024 License: Apache-2.0 Imports: 43 Imported by: 1,477

Documentation

Overview

Package validation has functions for validating the correctness of api objects and explaining what is wrong with them when they aren't valid.

Index

Constants

View Source
const (
	ReportingInstanceLengthLimit = 128
	ActionLengthLimit            = 128
	ReasonLengthLimit            = 128
	NoteLengthLimit              = 1024
)
View Source
const (
	// Limits on various DNS parameters. These are derived from
	// restrictions in Linux libc name resolution handling.
	// Max number of DNS name servers.
	MaxDNSNameservers = 3
	// Max number of domains in the search path list.
	MaxDNSSearchPaths = 32
	// Max number of characters in the search path.
	MaxDNSSearchListChars = 2048
)
View Source
const (
	// a sysctl segment regex, concatenated with dots to form a sysctl name
	SysctlSegmentFmt string = "[a-z0-9]([-_a-z0-9]*[a-z0-9])?"

	// a sysctl name regex with slash allowed
	SysctlContainSlashFmt string = "(" + SysctlSegmentFmt + "[\\./])*" + SysctlSegmentFmt

	// the maximal length of a sysctl name
	SysctlMaxLength int = 253
)

Variables

BannedOwners is a black list of object that are not allowed to be owners.

ValidateClassName can be used to check whether the given class name is valid. It is defined here to avoid import cycle between pkg/apis/storage/validation (where it should be) and this file.

ValidateConfigMapName can be used to check whether the given ConfigMap name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

ValidateEndpointsName can be used to check whether the given endpoints name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

ValidateLimitRangeName can be used to check whether the given limit range name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

ValidateNamespaceName can be used to check whether the given namespace name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

ValidateNodeName can be used to check whether the given node name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

View Source
var ValidatePersistentVolumeName = apimachineryvalidation.NameIsDNSSubdomain

ValidatePersistentVolumeName checks that a name is appropriate for a PersistentVolumeName object.

ValidatePodName can be used to check whether the given pod name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

View Source
var ValidatePriorityClassName = apimachineryvalidation.NameIsDNSSubdomain

ValidatePriorityClassName can be used to check whether the given priority class name is valid.

View Source
var ValidateReplicationControllerName = apimachineryvalidation.NameIsDNSSubdomain

ValidateReplicationControllerName can be used to check whether the given replication controller name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

View Source
var ValidateResourceClaimName = apimachineryvalidation.NameIsDNSSubdomain

ValidateResourceClaimName can be used to check whether the given name for a ResourceClaim is valid.

View Source
var ValidateResourceClaimTemplateName = apimachineryvalidation.NameIsDNSSubdomain

ValidateResourceClaimTemplateName can be used to check whether the given name for a ResourceClaimTemplate is valid.

View Source
var ValidateResourceQuotaName = apimachineryvalidation.NameIsDNSSubdomain

ValidateResourceQuotaName can be used to check whether the given resource quota name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

ValidateSecretName can be used to check whether the given secret name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

ValidateServiceAccountName can be used to check whether the given service account name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

ValidateServiceName can be used to check whether the given service name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

Functions

func AccumulateUniqueHostPorts

func AccumulateUniqueHostPorts(containers []core.Container, accumulator *sets.Set[string], fldPath *field.Path) field.ErrorList

AccumulateUniqueHostPorts extracts each HostPort of each Container, accumulating the results and returning an error if any ports conflict.

func GetVolumeDeviceMap

func GetVolumeDeviceMap(devices []core.VolumeDevice) map[string]string

func GetVolumeMountMap

func GetVolumeMountMap(mounts []core.VolumeMount) map[string]string

func IsDecremented added in v1.10.0

func IsDecremented(update, old *int32) bool

func IsMatchedVolume

func IsMatchedVolume(name string, volumes map[string]core.VolumeSource) bool

func IsValidSysctlName

func IsValidSysctlName(name string) bool

IsValidSysctlName checks that the given string is a valid sysctl name, i.e. matches SysctlContainSlashFmt. More info:

https://man7.org/linux/man-pages/man8/sysctl.8.html
https://man7.org/linux/man-pages/man5/sysctl.d.5.html

func ValidateAnnotations

func ValidateAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList

ValidateAnnotations validates that a set of annotations are correctly defined.

func ValidateAppArmorPodAnnotations

func ValidateAppArmorPodAnnotations(annotations map[string]string, spec *core.PodSpec, fldPath *field.Path) field.ErrorList

func ValidateAppArmorProfileField added in v1.30.0

func ValidateAppArmorProfileField(profile *core.AppArmorProfile, fldPath *field.Path) field.ErrorList

func ValidateAppArmorProfileFormat added in v1.24.0

func ValidateAppArmorProfileFormat(profile string) error

func ValidateAvoidPodsInNodeAnnotations

func ValidateAvoidPodsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList

ValidateAvoidPodsInNodeAnnotations tests that the serialized AvoidPods in Node.Annotations has valid data

func ValidateCSIDriverName added in v1.13.0

func ValidateCSIDriverName(driverName string, fldPath *field.Path) field.ErrorList

func ValidateClusterTrustBundleName added in v1.29.0

func ValidateClusterTrustBundleName(signerName string) func(name string, prefix bool) []string

ValidateClusterTrustBundleName checks that a ClusterTrustBundle name conforms to the rules documented on the type.

func ValidateConfigMap

func ValidateConfigMap(cfg *core.ConfigMap) field.ErrorList

ValidateConfigMap tests whether required fields in the ConfigMap are set.

func ValidateConfigMapUpdate

func ValidateConfigMapUpdate(newCfg, oldCfg *core.ConfigMap) field.ErrorList

ValidateConfigMapUpdate tests if required fields in the ConfigMap are set.

func ValidateContainerStateTransition added in v1.10.0

func ValidateContainerStateTransition(newStatuses, oldStatuses []core.ContainerStatus, fldpath *field.Path, restartPolicy core.RestartPolicy) field.ErrorList

ValidateContainerStateTransition test to if any illegal container state transitions are being attempted

func ValidateContainerUpdates

func ValidateContainerUpdates(newContainers, oldContainers []core.Container, fldPath *field.Path) (allErrs field.ErrorList, stop bool)

func ValidateDNS1123Label

func ValidateDNS1123Label(value string, fldPath *field.Path) field.ErrorList

func ValidateDNS1123Subdomain

func ValidateDNS1123Subdomain(value string, fldPath *field.Path) field.ErrorList

ValidateDNS1123Subdomain validates that a name is a proper DNS subdomain.

func ValidateEndpoints

func ValidateEndpoints(endpoints *core.Endpoints) field.ErrorList

ValidateEndpoints validates Endpoints on create and update.

func ValidateEndpointsCreate added in v1.18.0

func ValidateEndpointsCreate(endpoints *core.Endpoints) field.ErrorList

ValidateEndpointsCreate validates Endpoints on create.

func ValidateEndpointsSpecificAnnotations

func ValidateEndpointsSpecificAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList

func ValidateEndpointsUpdate

func ValidateEndpointsUpdate(newEndpoints, oldEndpoints *core.Endpoints) field.ErrorList

ValidateEndpointsUpdate validates Endpoints on update. NodeName changes are allowed during update to accommodate the case where nodeIP or PodCIDR is reused. An existing endpoint ip will have a different nodeName if this happens.

func ValidateEnv

func ValidateEnv(vars []core.EnvVar, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

ValidateEnv validates env vars

func ValidateEnvFrom

func ValidateEnvFrom(vars []core.EnvFromSource, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

func ValidateEventCreate added in v1.19.0

func ValidateEventCreate(event *core.Event, requestVersion schema.GroupVersion) field.ErrorList

func ValidateEventUpdate added in v1.19.0

func ValidateEventUpdate(newEvent, oldEvent *core.Event, requestVersion schema.GroupVersion) field.ErrorList

func ValidateHasLabel

func ValidateHasLabel(meta metav1.ObjectMeta, fldPath *field.Path, key, expectedValue string) field.ErrorList

ValidateHasLabel requires that metav1.ObjectMeta has a Label with key and expectedValue

func ValidateHostAliases

func ValidateHostAliases(hostAliases []core.HostAlias, fldPath *field.Path) field.ErrorList

func ValidateHostSysctl added in v1.29.0

func ValidateHostSysctl(sysctl string, securityContext *core.PodSecurityContext, fldPath *field.Path) *field.Error

ValidateHostSysctl will return error if namespaced sysctls is applied to pod sharing the respective namespaces with the host.

func ValidateImmutableAnnotation

func ValidateImmutableAnnotation(newVal string, oldVal string, annotation string, fldPath *field.Path) field.ErrorList

func ValidateImmutableField

func ValidateImmutableField(newVal, oldVal interface{}, fldPath *field.Path) field.ErrorList

func ValidateInitContainerStateTransition added in v1.28.8

func ValidateInitContainerStateTransition(newStatuses, oldStatuses []core.ContainerStatus, fldpath *field.Path, podSpec *core.PodSpec) field.ErrorList

ValidateInitContainerStateTransition test to if any illegal init container state transitions are being attempted

func ValidateLimitRange

func ValidateLimitRange(limitRange *core.LimitRange) field.ErrorList

ValidateLimitRange tests if required fields in the LimitRange are set.

func ValidateLoadBalancerStatus

func ValidateLoadBalancerStatus(status *core.LoadBalancerStatus, fldPath *field.Path, spec *core.ServiceSpec) field.ErrorList

ValidateLoadBalancerStatus validates required fields on a LoadBalancerStatus

func ValidateLocalNonReservedPath added in v1.30.0

func ValidateLocalNonReservedPath(targetPath string, fldPath *field.Path) field.ErrorList

ValidateLocalNonReservedPath makes sure targetPath: 1. is not abs path 2. does not contain any '..' elements 3. does not start with '..'

func ValidateMaxSkew added in v1.16.0

func ValidateMaxSkew(fldPath *field.Path, maxSkew int32) *field.Error

ValidateMaxSkew tests that the argument is a valid MaxSkew.

func ValidateNamespace

func ValidateNamespace(namespace *core.Namespace) field.ErrorList

ValidateNamespace tests if required fields are set.

func ValidateNamespaceFinalizeUpdate

func ValidateNamespaceFinalizeUpdate(newNamespace, oldNamespace *core.Namespace) field.ErrorList

ValidateNamespaceFinalizeUpdate tests to see if the update is legal for an end user to make.

func ValidateNamespaceStatusUpdate

func ValidateNamespaceStatusUpdate(newNamespace, oldNamespace *core.Namespace) field.ErrorList

ValidateNamespaceStatusUpdate tests to see if the update is legal for an end user to make.

func ValidateNamespaceUpdate

func ValidateNamespaceUpdate(newNamespace *core.Namespace, oldNamespace *core.Namespace) field.ErrorList

ValidateNamespaceUpdate tests to make sure a namespace update can be applied.

func ValidateNode

func ValidateNode(node *core.Node) field.ErrorList

ValidateNode tests if required fields in the node are set.

func ValidateNodeFieldSelectorRequirement added in v1.11.0

func ValidateNodeFieldSelectorRequirement(req core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList

ValidateNodeFieldSelectorRequirement tests that the specified NodeSelectorRequirement fields has valid data

func ValidateNodeResources

func ValidateNodeResources(node *core.Node) field.ErrorList

ValidateNodeResources is used to make sure a node has valid capacity and allocatable values.

func ValidateNodeSelector

func ValidateNodeSelector(nodeSelector *core.NodeSelector, fldPath *field.Path) field.ErrorList

ValidateNodeSelector tests that the specified nodeSelector fields has valid data

func ValidateNodeSelectorRequirement

func ValidateNodeSelectorRequirement(rq core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList

ValidateNodeSelectorRequirement tests that the specified NodeSelectorRequirement fields has valid data

func ValidateNodeSelectorTerm

func ValidateNodeSelectorTerm(term core.NodeSelectorTerm, fldPath *field.Path) field.ErrorList

ValidateNodeSelectorTerm tests that the specified node selector term has valid data

func ValidateNodeSpecificAnnotations

func ValidateNodeSpecificAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList

func ValidateNodeUpdate

func ValidateNodeUpdate(node, oldNode *core.Node) field.ErrorList

ValidateNodeUpdate tests to make sure a node update can be applied. Modifies oldNode.

func ValidateNonEmptySelector

func ValidateNonEmptySelector(selectorMap map[string]string, fldPath *field.Path) field.ErrorList

Validates that the given selector is non-empty.

func ValidateNonSpecialIP added in v1.18.19

func ValidateNonSpecialIP(ipAddress string, fldPath *field.Path) field.ErrorList

ValidateNonSpecialIP is used to validate Endpoints, EndpointSlices, and external IPs. Specifically, this disallows unspecified and loopback addresses are nonsensical and link-local addresses tend to be used for node-centric purposes (e.g. metadata service).

IPv6 references - https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml - https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml

func ValidateNonnegativeField

func ValidateNonnegativeField(value int64, fldPath *field.Path) field.ErrorList

Validates that given value is not negative.

func ValidateNonnegativeQuantity

func ValidateNonnegativeQuantity(value resource.Quantity, fldPath *field.Path) field.ErrorList

Validates that a Quantity is not negative

func ValidateObjectMeta

func ValidateObjectMeta(meta *metav1.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc, fldPath *field.Path) field.ErrorList

ValidateObjectMeta validates an object's metadata on creation. It expects that name generation has already been performed. It doesn't return an error for rootscoped resources with namespace, because namespace should already be cleared before. TODO: Remove calls to this method scattered in validations of specific resources, e.g., ValidatePodUpdate.

func ValidateObjectMetaUpdate

func ValidateObjectMetaUpdate(newMeta, oldMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList

ValidateObjectMetaUpdate validates an object's metadata when updated

func ValidatePersistentVolumeClaim

ValidatePersistentVolumeClaim validates a PersistentVolumeClaim

func ValidatePersistentVolumeClaimSpec

func ValidatePersistentVolumeClaimSpec(spec *core.PersistentVolumeClaimSpec, fldPath *field.Path, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList

ValidatePersistentVolumeClaimSpec validates a PersistentVolumeClaimSpec

func ValidatePersistentVolumeClaimStatusUpdate

func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, validationOpts PersistentVolumeClaimSpecValidationOptions) field.ErrorList

ValidatePersistentVolumeClaimStatusUpdate validates an update to status of a PersistentVolumeClaim

func ValidatePersistentVolumeClaimTemplate added in v1.19.0

func ValidatePersistentVolumeClaimTemplate(claimTemplate *core.PersistentVolumeClaimTemplate, fldPath *field.Path, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList

ValidatePersistentVolumeClaimTemplate verifies that the embedded object meta and spec are valid. Checking of the object data is very minimal because only labels and annotations are used.

func ValidatePersistentVolumeClaimUpdate

func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList

ValidatePersistentVolumeClaimUpdate validates an update to a PersistentVolumeClaim

func ValidatePersistentVolumeSpec added in v1.15.0

func ValidatePersistentVolumeSpec(pvSpec *core.PersistentVolumeSpec, pvName string, validateInlinePersistentVolumeSpec bool, fldPath *field.Path, opts PersistentVolumeSpecValidationOptions) field.ErrorList

func ValidatePersistentVolumeStatusUpdate

func ValidatePersistentVolumeStatusUpdate(newPv, oldPv *core.PersistentVolume) field.ErrorList

ValidatePersistentVolumeStatusUpdate tests to see if the status update is legal for an end user to make.

func ValidatePersistentVolumeUpdate

func ValidatePersistentVolumeUpdate(newPv, oldPv *core.PersistentVolume, opts PersistentVolumeSpecValidationOptions) field.ErrorList

ValidatePersistentVolumeUpdate tests to see if the update is legal for an end user to make. newPv is updated with fields that cannot be changed.

func ValidatePodAffinityTermSelector added in v1.26.0

func ValidatePodAffinityTermSelector(podAffinityTerm core.PodAffinityTerm, allowInvalidLabelValueInSelector bool, fldPath *field.Path) field.ErrorList

func ValidatePodBinding

func ValidatePodBinding(binding *core.Binding) field.ErrorList

ValidatePodBinding tests if required fields in the pod binding are legal.

func ValidatePodCreate added in v1.16.0

func ValidatePodCreate(pod *core.Pod, opts PodValidationOptions) field.ErrorList

ValidatePodCreate validates a pod in the context of its initial create

func ValidatePodEphemeralContainersUpdate added in v1.16.0

func ValidatePodEphemeralContainersUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList

ValidatePodEphemeralContainersUpdate tests that a user update to EphemeralContainers is valid. newPod and oldPod must only differ in their EphemeralContainers.

func ValidatePodLogOptions

func ValidatePodLogOptions(opts *core.PodLogOptions) field.ErrorList

func ValidatePodSpec

func ValidatePodSpec(spec *core.PodSpec, podMeta *metav1.ObjectMeta, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

ValidatePodSpec tests that the specified PodSpec has valid data. This includes checking formatting and uniqueness. It also canonicalizes the structure by setting default values and implementing any backwards-compatibility tricks. The pod metadata is needed to validate generic ephemeral volumes. It is optional and should be left empty unless the spec is from a real pod object.

func ValidatePodSpecificAnnotationUpdates

func ValidatePodSpecificAnnotationUpdates(newPod, oldPod *core.Pod, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

func ValidatePodSpecificAnnotations

func ValidatePodSpecificAnnotations(annotations map[string]string, spec *core.PodSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

func ValidatePodStatusUpdate

func ValidatePodStatusUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList

ValidatePodStatusUpdate checks for changes to status that shouldn't occur in normal operation.

func ValidatePodTemplate

func ValidatePodTemplate(pod *core.PodTemplate, opts PodValidationOptions) field.ErrorList

ValidatePodTemplate tests if required fields in the pod template are set.

func ValidatePodTemplateSpec

func ValidatePodTemplateSpec(spec *core.PodTemplateSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

ValidatePodTemplateSpec validates the spec of a pod template

func ValidatePodTemplateSpecForRC

func ValidatePodTemplateSpecForRC(template, oldTemplate *core.PodTemplateSpec, selectorMap map[string]string, replicas int32, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

Validates the given template and ensures that it is in accordance with the desired selector and replicas.

func ValidatePodTemplateUpdate

func ValidatePodTemplateUpdate(newPod, oldPod *core.PodTemplate, opts PodValidationOptions) field.ErrorList

ValidatePodTemplateUpdate tests to see if the update is legal for an end user to make. newPod is updated with fields that cannot be changed.

func ValidatePodUpdate

func ValidatePodUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList

ValidatePodUpdate tests to see if the update is legal for an end user to make. newPod is updated with fields that cannot be changed.

func ValidatePortNumOrName

func ValidatePortNumOrName(port intstr.IntOrString, fldPath *field.Path) field.ErrorList

func ValidatePositiveQuantityValue

func ValidatePositiveQuantityValue(value resource.Quantity, fldPath *field.Path) field.ErrorList

Validates that a Quantity is positive

func ValidatePreemptionPolicy added in v1.15.0

func ValidatePreemptionPolicy(preemptionPolicy *core.PreemptionPolicy, fldPath *field.Path) field.ErrorList

func ValidatePreferredSchedulingTerms

func ValidatePreferredSchedulingTerms(terms []core.PreferredSchedulingTerm, fldPath *field.Path) field.ErrorList

ValidatePreferredSchedulingTerms tests that the specified SoftNodeAffinity fields has valid data

func ValidateProcMountType added in v1.14.0

func ValidateProcMountType(fldPath *field.Path, procMountType core.ProcMountType) *field.Error

ValidateProcMountType tests that the argument is a valid ProcMountType.

func ValidateQualifiedName added in v1.21.0

func ValidateQualifiedName(value string, fldPath *field.Path) field.ErrorList

ValidateQualifiedName validates if name is what Kubernetes calls a "qualified name".

func ValidateReadOnlyPersistentDisks

func ValidateReadOnlyPersistentDisks(volumes, oldVolumes []core.Volume, fldPath *field.Path) field.ErrorList

ValidateReadOnlyPersistentDisks stick this AFTER the short-circuit checks

func ValidateReplicationController

func ValidateReplicationController(controller *core.ReplicationController, opts PodValidationOptions) field.ErrorList

ValidateReplicationController tests if required fields in the replication controller are set.

func ValidateReplicationControllerSpec

func ValidateReplicationControllerSpec(spec, oldSpec *core.ReplicationControllerSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList

ValidateReplicationControllerSpec tests if required fields in the replication controller spec are set.

func ValidateReplicationControllerStatus

func ValidateReplicationControllerStatus(status core.ReplicationControllerStatus, statusPath *field.Path) field.ErrorList

func ValidateReplicationControllerStatusUpdate

func ValidateReplicationControllerStatusUpdate(controller, oldController *core.ReplicationController) field.ErrorList

ValidateReplicationControllerStatusUpdate tests if required fields in the replication controller are set.

func ValidateReplicationControllerUpdate

func ValidateReplicationControllerUpdate(controller, oldController *core.ReplicationController, opts PodValidationOptions) field.ErrorList

ValidateReplicationControllerUpdate tests if required fields in the replication controller are set.

func ValidateResourceQuantityValue

func ValidateResourceQuantityValue(resource core.ResourceName, value resource.Quantity, fldPath *field.Path) field.ErrorList

ValidateResourceQuantityValue enforces that specified quantity is valid for specified resource

func ValidateResourceQuota

func ValidateResourceQuota(resourceQuota *core.ResourceQuota) field.ErrorList

ValidateResourceQuota tests if required fields in the ResourceQuota are set.

func ValidateResourceQuotaResourceName

func ValidateResourceQuotaResourceName(value core.ResourceName, fldPath *field.Path) field.ErrorList

Validate resource names that can go in a resource quota Refer to docs/design/resources.md for more details.

func ValidateResourceQuotaSpec

func ValidateResourceQuotaSpec(resourceQuotaSpec *core.ResourceQuotaSpec, fld *field.Path) field.ErrorList

func ValidateResourceQuotaStatus

func ValidateResourceQuotaStatus(status *core.ResourceQuotaStatus, fld *field.Path) field.ErrorList

func ValidateResourceQuotaStatusUpdate

func ValidateResourceQuotaStatusUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList

ValidateResourceQuotaStatusUpdate tests to see if the status update is legal for an end user to make.

func ValidateResourceQuotaUpdate

func ValidateResourceQuotaUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList

ValidateResourceQuotaUpdate tests to see if the update is legal for an end user to make.

func ValidateResourceRequirements

func ValidateResourceRequirements(requirements *core.ResourceRequirements, podClaimNames sets.Set[string], fldPath *field.Path, opts PodValidationOptions) field.ErrorList

Validates resource requirement spec.

func ValidateRuntimeClassName added in v1.12.0

func ValidateRuntimeClassName(name string, fldPath *field.Path) field.ErrorList

ValidateRuntimeClassName can be used to check whether the given RuntimeClass name is valid. Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed.

func ValidateSeccompPodAnnotations

func ValidateSeccompPodAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList

func ValidateSeccompProfile

func ValidateSeccompProfile(p string, fldPath *field.Path) field.ErrorList

func ValidateSecret

func ValidateSecret(secret *core.Secret) field.ErrorList

ValidateSecret tests if required fields in the Secret are set.

func ValidateSecretUpdate

func ValidateSecretUpdate(newSecret, oldSecret *core.Secret) field.ErrorList

ValidateSecretUpdate tests if required fields in the Secret are set.

func ValidateSecurityContext

func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path, hostUsers bool) field.ErrorList

ValidateSecurityContext ensures the security context contains valid settings

func ValidateService

func ValidateService(service *core.Service) field.ErrorList

ValidateService tests if required fields/annotations of a Service are valid.

func ValidateServiceAccount

func ValidateServiceAccount(serviceAccount *core.ServiceAccount) field.ErrorList

ValidateServiceAccount tests if required fields in the ServiceAccount are set.

func ValidateServiceAccountUpdate

func ValidateServiceAccountUpdate(newServiceAccount, oldServiceAccount *core.ServiceAccount) field.ErrorList

ValidateServiceAccountUpdate tests if required fields in the ServiceAccount are set.

func ValidateServiceClusterIPsRelatedFields added in v1.23.0

func ValidateServiceClusterIPsRelatedFields(service *core.Service) field.ErrorList

ValidateServiceClusterIPsRelatedFields validates .spec.ClusterIPs,, .spec.IPFamilies, .spec.ipFamilyPolicy. This is exported because it is used during IP init and allocation.

func ValidateServiceCreate added in v1.18.0

func ValidateServiceCreate(service *core.Service) field.ErrorList

ValidateServiceCreate validates Services as they are created.

func ValidateServiceStatusUpdate

func ValidateServiceStatusUpdate(service, oldService *core.Service) field.ErrorList

ValidateServiceStatusUpdate tests if required fields in the Service are set when updating status.

func ValidateServiceUpdate

func ValidateServiceUpdate(service, oldService *core.Service) field.ErrorList

ValidateServiceUpdate tests if required fields in the service are set during an update

func ValidateSignerName added in v1.29.0

func ValidateSignerName(fldPath *field.Path, signerName string) field.ErrorList

ValidateSignerName checks that signerName is syntactically valid.

ensure signerName is of the form domain.com/something and up to 571 characters. This length and format is specified to accommodate signerNames like: <fqdn>/<resource-namespace>.<resource-name>. The max length of a FQDN is 253 characters (DNS1123Subdomain max length) The max length of a namespace name is 63 characters (DNS1123Label max length) The max length of a resource name is 253 characters (DNS1123Subdomain max length) We then add an additional 2 characters to account for the one '.' and one '/'.

func ValidateSpreadConstraintNotRepeat added in v1.16.0

func ValidateSpreadConstraintNotRepeat(fldPath *field.Path, constraint core.TopologySpreadConstraint, restingConstraints []core.TopologySpreadConstraint) *field.Error

ValidateSpreadConstraintNotRepeat tests that if `constraint` duplicates with `existingConstraintPairs` on TopologyKey and WhenUnsatisfiable fields.

func ValidateTaintsInNodeAnnotations

func ValidateTaintsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList

ValidateTaintsInNodeAnnotations tests that the serialized taints in Node.Annotations has valid data

func ValidateTemplateObjectMeta added in v1.26.0

func ValidateTemplateObjectMeta(objMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList

func ValidateTolerations

func ValidateTolerations(tolerations []core.Toleration, fldPath *field.Path) field.ErrorList

ValidateTolerations tests if given tolerations have valid data.

func ValidateTolerationsInPodAnnotations

func ValidateTolerationsInPodAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList

ValidateTolerationsInPodAnnotations tests that the serialized tolerations in Pod.Annotations has valid data

func ValidateTopologyKey added in v1.16.0

func ValidateTopologyKey(fldPath *field.Path, topologyKey string) *field.Error

ValidateTopologyKey tests that the argument is a valid TopologyKey.

func ValidateTopologySelectorTerm added in v1.11.0

func ValidateTopologySelectorTerm(term core.TopologySelectorTerm, fldPath *field.Path) (map[string]sets.Set[string], field.ErrorList)

ValidateTopologySelectorTerm tests that the specified topology selector term has valid data, and constructs a map representing the term in raw form.

func ValidateVolumeDevices

func ValidateVolumeDevices(devices []core.VolumeDevice, volmounts map[string]string, volumes map[string]core.VolumeSource, fldPath *field.Path) field.ErrorList

func ValidateVolumeMounts

func ValidateVolumeMounts(mounts []core.VolumeMount, voldevices map[string]string, volumes map[string]core.VolumeSource, container *core.Container, fldPath *field.Path) field.ErrorList

func ValidateVolumes

func ValidateVolumes(volumes []core.Volume, podMeta *metav1.ObjectMeta, fldPath *field.Path, opts PodValidationOptions) (map[string]core.VolumeSource, field.ErrorList)

func ValidateWhenUnsatisfiable added in v1.16.0

func ValidateWhenUnsatisfiable(fldPath *field.Path, action core.UnsatisfiableConstraintAction) *field.Error

ValidateWhenUnsatisfiable tests that the argument is a valid UnsatisfiableConstraintAction.

Types

type PersistentVolumeClaimSpecValidationOptions added in v1.22.0

type PersistentVolumeClaimSpecValidationOptions struct {
	// Allow users to recover from previously failing expansion operation
	EnableRecoverFromExpansionFailure bool
	// Allow to validate the label value of the label selector
	AllowInvalidLabelValueInSelector bool
	// Allow to validate the API group of the data source and data source reference
	AllowInvalidAPIGroupInDataSourceOrRef bool
	// Allow users to modify the class of volume attributes
	EnableVolumeAttributesClass bool
}

func ValidationOptionsForPersistentVolumeClaim added in v1.22.0

func ValidationOptionsForPersistentVolumeClaim(pvc, oldPvc *core.PersistentVolumeClaim) PersistentVolumeClaimSpecValidationOptions

func ValidationOptionsForPersistentVolumeClaimTemplate added in v1.22.0

func ValidationOptionsForPersistentVolumeClaimTemplate(claimTemplate, oldClaimTemplate *core.PersistentVolumeClaimTemplate) PersistentVolumeClaimSpecValidationOptions

type PersistentVolumeSpecValidationOptions added in v1.22.0

type PersistentVolumeSpecValidationOptions struct {
	// Allow users to modify the class of volume attributes
	EnableVolumeAttributesClass bool
}

PersistentVolumeSpecValidationOptions contains the different settings for PeristentVolume validation

func ValidationOptionsForPersistentVolume added in v1.22.0

func ValidationOptionsForPersistentVolume(pv, oldPv *core.PersistentVolume) PersistentVolumeSpecValidationOptions

type PodValidationOptions added in v1.18.0

type PodValidationOptions struct {
	// Allow invalid pod-deletion-cost annotation value for backward compatibility.
	AllowInvalidPodDeletionCost bool
	// Allow invalid label-value in LabelSelector
	AllowInvalidLabelValueInSelector bool
	// Allow pod spec to use non-integer multiple of huge page unit size
	AllowIndivisibleHugePagesValues bool
	// Allow pod spec to use status.hostIPs in downward API if feature is enabled
	AllowHostIPsField bool
	// Allow invalid topologySpreadConstraint labelSelector for backward compatibility
	AllowInvalidTopologySpreadConstraintLabelSelector bool
	// Allow projected token volumes with non-local paths
	AllowNonLocalProjectedTokenPath bool
	// Allow namespaced sysctls in hostNet and hostIPC pods
	AllowNamespacedSysctlsForHostNetAndHostIPC bool
	// The top-level resource being validated is a Pod, not just a PodSpec
	// embedded in some other resource.
	ResourceIsPod bool
	// Allow relaxed validation of environment variable names
	AllowRelaxedEnvironmentVariableValidation bool
}

PodValidationOptions contains the different settings for pod validation

type ValidateNameFunc

ValidateNameFunc validates that the provided name is valid for a given resource type. Not all resources have the same validation rules for names. Prefix is true if the name will have a value appended to it. If the name is not valid, this returns a list of descriptions of individual characteristics of the value that were not valid. Otherwise this returns an empty list or nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL