type Check … type VersionedCheck … type CheckPodFn … type CheckID … type CheckResult … type AggregateCheckResult … // ForbiddenReason returns a comma-separated string of of the forbidden reasons. // Example: host ports, privileged containers, non-default capabilities func (a *AggregateCheckResult) ForbiddenReason() string { … } // ForbiddenDetail returns a detailed forbidden message, with non-empty details formatted in // parentheses with the associated reason. // Example: host ports (8080, 9090), privileged containers, non-default capabilities (NET_RAW) func (a *AggregateCheckResult) ForbiddenDetail() string { … } const UnknownForbiddenReason … // AggregateCheckPod runs all the checks and aggregates the forbidden results into a single CheckResult. // The aggregated reason is a comma-separated func AggregateCheckResults(results []CheckResult) AggregateCheckResult { … } var defaultChecks … var experimentalChecks … func addCheck(f func() Check) { … } // DefaultChecks returns checks that are expected to be enabled by default. // The results are mutually exclusive with ExperimentalChecks. // It returns a new copy of checks on each invocation and is expected to be called once at setup time. func DefaultChecks() []Check { … } // ExperimentalChecks returns checks that have not yet been assigned to policy versions. // The results are mutually exclusive with DefaultChecks. // It returns a new copy of checks on each invocation and is expected to be called once at setup time. func ExperimentalChecks() []Check { … }