// DefaultCompatibilityVersion returns a default compatibility version for use with EnvSet // that guarantees compatibility with CEL features/libraries/parameters understood by // the api server min compatibility version // // This default will be set to no more than the current Kubernetes major.minor version. // // Note that a default version number less than n-1 the current Kubernetes major.minor version // indicates a wider range of version compatibility than strictly required for rollback. // A wide range of compatibility is desirable because it means that CEL expressions are portable // across a wider range of Kubernetes versions. // A default version number equal to the current Kubernetes major.minor version // indicates fast forward CEL features that can be used when rollback is no longer needed. func DefaultCompatibilityVersion() *version.Version { … } var baseOpts … var baseOptsWithoutStrictCost … var authzSelectorsLibraryInit … var authzSelectorsLibraryEnabled … // AuthzSelectorsLibraryEnabled returns whether the AuthzSelectors library was enabled when it was constructed. // If it has not been contructed yet, this returns `false, false`. // This is solely for the benefit of the integration tests making sure feature gates get correctly parsed before AuthzSelector ever has to check for enablement. func AuthzSelectorsLibraryEnabled() (enabled, constructed bool) { … } var StrictCostOpt … var cacheBaseEnvs … // DisableBaseEnvSetCachingForTests clears and disables base env caching. // This is only intended for unit tests exercising MustBaseEnvSet directly with different enablement options. // It does not clear other initialization paths that may cache results of calling MustBaseEnvSet. func DisableBaseEnvSetCachingForTests() { … } // MustBaseEnvSet returns the common CEL base environments for Kubernetes for Version, or panics // if the version is nil, or does not have major and minor components. // // The returned environment contains function libraries, language settings, optimizations and // runtime cost limits appropriate CEL as it is used in Kubernetes. // // The returned environment contains no CEL variable definitions or custom type declarations and // should be extended to construct environments with the appropriate variable definitions, // type declarations and any other needed configuration. // strictCost is used to determine whether to enforce strict cost calculation for CEL expressions. func MustBaseEnvSet(ver *version.Version, strictCost bool) *EnvSet { … } var baseEnvs … var baseEnvsWithOption … var baseEnvsSingleflight … var baseEnvsWithOptionSingleflight …