type ContainerType … const Containers … const InitContainers … const EphemeralContainers … const AllContainers … // AllFeatureEnabledContainers returns a ContainerType mask which includes all container // types except for the ones guarded by feature gate. func AllFeatureEnabledContainers() ContainerType { … } type ContainerVisitor … // VisitContainers invokes the visitor function with a pointer to every container // spec in the given pod spec with type set in mask. If visitor returns false, // visiting is short-circuited. VisitContainers returns true if visiting completes, // false if visiting was short-circuited. func VisitContainers(podSpec *api.PodSpec, mask ContainerType, visitor ContainerVisitor) bool { … } type Visitor … func skipEmptyNames(visitor Visitor) Visitor { … } // VisitPodSecretNames invokes the visitor function with the name of every secret // referenced by the pod spec. If visitor returns false, visiting is short-circuited. // Transitive references (e.g. pod -> pvc -> pv -> secret) are not visited. // Returns true if visiting completed, false if visiting was short-circuited. func VisitPodSecretNames(pod *api.Pod, visitor Visitor, containerType ContainerType) bool { … } func visitContainerSecretNames(container *api.Container, visitor Visitor) bool { … } // VisitPodConfigmapNames invokes the visitor function with the name of every configmap // referenced by the pod spec. If visitor returns false, visiting is short-circuited. // Transitive references (e.g. pod -> pvc -> pv -> secret) are not visited. // Returns true if visiting completed, false if visiting was short-circuited. func VisitPodConfigmapNames(pod *api.Pod, visitor Visitor, containerType ContainerType) bool { … } func visitContainerConfigmapNames(container *api.Container, visitor Visitor) bool { … } // IsPodReady returns true if a pod is ready; false otherwise. func IsPodReady(pod *api.Pod) bool { … } // IsPodReadyConditionTrue returns true if a pod is ready; false otherwise. func IsPodReadyConditionTrue(status api.PodStatus) bool { … } // GetPodReadyCondition extracts the pod ready condition from the given status and returns that. // Returns nil if the condition is not present. func GetPodReadyCondition(status api.PodStatus) *api.PodCondition { … } // GetPodCondition extracts the provided condition from the given status and returns that. // Returns nil and -1 if the condition is not present, and the index of the located condition. func GetPodCondition(status *api.PodStatus, conditionType api.PodConditionType) (int, *api.PodCondition) { … } // UpdatePodCondition updates existing pod condition or creates a new one. Sets LastTransitionTime to now if the // status has changed. // Returns true if pod condition has changed or has been added. func UpdatePodCondition(status *api.PodStatus, condition *api.PodCondition) bool { … } func checkContainerUseIndivisibleHugePagesValues(container api.Container) bool { … } // usesIndivisibleHugePagesValues returns true if the one of the containers uses non-integer multiple // of huge page unit size func usesIndivisibleHugePagesValues(podSpec *api.PodSpec) bool { … } // hasInvalidTopologySpreadConstraintLabelSelector return true if spec.TopologySpreadConstraints have any entry with invalid labelSelector func hasInvalidTopologySpreadConstraintLabelSelector(spec *api.PodSpec) bool { … } // hasNonLocalProjectedTokenPath return true if spec.Volumes have any entry with non-local projected token path func hasNonLocalProjectedTokenPath(spec *api.PodSpec) bool { … } // GetValidationOptionsFromPodSpecAndMeta returns validation options based on pod specs and metadata func GetValidationOptionsFromPodSpecAndMeta(podSpec, oldPodSpec *api.PodSpec, podMeta, oldPodMeta *metav1.ObjectMeta) apivalidation.PodValidationOptions { … } func useRelaxedEnvironmentVariableValidation(podSpec, oldPodSpec *api.PodSpec) bool { … } func useRelaxedDNSSearchValidation(oldPodSpec *api.PodSpec) bool { … } // Helper function to check if any domain is a dot or contains an underscore. func hasDotOrUnderscore(searches []string) bool { … } func gatherPodEnvVarNames(podSpec *api.PodSpec) sets.Set[string] { … } func relaxedEnvVarUsed(name string, oldPodEnvVarNames sets.Set[string]) bool { … } func hasUsedDownwardAPIFieldPathWithPodSpec(podSpec *api.PodSpec, fieldPath string) bool { … } func hasUsedDownwardAPIFieldPathWithVolume(volume *api.Volume, fieldPath string) bool { … } func hasUsedDownwardAPIFieldPathWithContainer(container *api.Container, fieldPath string) bool { … } // GetValidationOptionsFromPodTemplate will return pod validation options for specified template. func GetValidationOptionsFromPodTemplate(podTemplate, oldPodTemplate *api.PodTemplateSpec) apivalidation.PodValidationOptions { … } // DropDisabledTemplateFields removes disabled fields from the pod template metadata and spec. // This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a PodTemplateSpec func DropDisabledTemplateFields(podTemplate, oldPodTemplate *api.PodTemplateSpec) { … } // DropDisabledPodFields removes disabled fields from the pod metadata and spec. // This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a Pod func DropDisabledPodFields(pod, oldPod *api.Pod) { … } // dropDisabledFields removes disabled fields from the pod metadata and spec. func dropDisabledFields( podSpec *api.PodSpec, podAnnotations map[string]string, oldPodSpec *api.PodSpec, oldPodAnnotations map[string]string, ) { … } func dropPodLifecycleSleepAction(podSpec, oldPodSpec *api.PodSpec) { … } func podLifecycleSleepActionInUse(podSpec *api.PodSpec) bool { … } // dropDisabledPodStatusFields removes disabled fields from the pod status func dropDisabledPodStatusFields(podStatus, oldPodStatus *api.PodStatus, podSpec, oldPodSpec *api.PodSpec) { … } func hostIPsInUse(podStatus *api.PodStatus) bool { … } // dropDisabledDynamicResourceAllocationFields removes pod claim references from // container specs and pod-level resource claims unless they are already used // by the old pod spec. func dropDisabledDynamicResourceAllocationFields(podSpec, oldPodSpec *api.PodSpec) { … } func dynamicResourceAllocationInUse(podSpec *api.PodSpec) bool { … } func dropResourceClaimRequests(containers []api.Container) { … } func dropEphemeralResourceClaimRequests(containers []api.EphemeralContainer) { … } // dropDisabledProcMountField removes disabled fields from PodSpec related // to ProcMount only if it is not already used by the old spec func dropDisabledProcMountField(podSpec, oldPodSpec *api.PodSpec) { … } // dropDisabledNodeInclusionPolicyFields removes disabled fields from PodSpec related // to NodeInclusionPolicy only if it is not used by the old spec. func dropDisabledNodeInclusionPolicyFields(podSpec, oldPodSpec *api.PodSpec) { … } // dropDisabledMatchLabelKeysFieldInPodAffinity removes disabled fields from PodSpec related // to MatchLabelKeys in required/preferred PodAffinity/PodAntiAffinity only if it is not already used by the old spec. func dropDisabledMatchLabelKeysFieldInPodAffinity(podSpec, oldPodSpec *api.PodSpec) { … } // dropDisabledMatchLabelKeysFieldInTopologySpread removes disabled fields from PodSpec related // to MatchLabelKeys in TopologySpread only if it is not already used by the old spec. func dropDisabledMatchLabelKeysFieldInTopologySpread(podSpec, oldPodSpec *api.PodSpec) { … } // dropMatchLabelKeysFieldInWeightedPodAffnityTerm removes MatchLabelKeys and MismatchLabelKeys fields from WeightedPodAffinityTerm func dropMatchLabelKeysFieldInWeightedPodAffnityTerm(terms []api.WeightedPodAffinityTerm) { … } // dropMatchLabelKeysFieldInPodAffnityTerm removes MatchLabelKeys and MismatchLabelKeys fields from PodAffinityTerm func dropMatchLabelKeysFieldInPodAffnityTerm(terms []api.PodAffinityTerm) { … } // matchLabelKeysFieldInPodAffinityInUse returns true if given affinityTerms have MatchLabelKeys field set. func matchLabelKeysFieldInPodAffinityInUse(podSpec *api.PodSpec) bool { … } // matchLabelKeysInTopologySpreadInUse returns true if the pod spec is non-nil // and has MatchLabelKeys field set in TopologySpreadConstraints. func matchLabelKeysInTopologySpreadInUse(podSpec *api.PodSpec) bool { … } // nodeAffinityPolicyInUse returns true if the pod spec is non-nil and has NodeAffinityPolicy field set // in TopologySpreadConstraints func nodeAffinityPolicyInUse(podSpec *api.PodSpec) bool { … } // nodeTaintsPolicyInUse returns true if the pod spec is non-nil and has NodeTaintsPolicy field set // in TopologySpreadConstraints func nodeTaintsPolicyInUse(podSpec *api.PodSpec) bool { … } // hostUsersInUse returns true if the pod spec has spec.hostUsers field set. func hostUsersInUse(podSpec *api.PodSpec) bool { … } func supplementalGroupsPolicyInUse(podSpec *api.PodSpec) bool { … } // inPlacePodVerticalScalingInUse returns true if pod spec is non-nil and ResizePolicy is set func inPlacePodVerticalScalingInUse(podSpec *api.PodSpec) bool { … } // procMountInUse returns true if the pod spec is non-nil and has a SecurityContext's ProcMount field set to a non-default value func procMountInUse(podSpec *api.PodSpec) bool { … } // appArmorAnnotationsInUse returns true if the pod has apparmor annotations func appArmorAnnotationsInUse(podAnnotations map[string]string) bool { … } // appArmorFieldsInUse returns true if the pod has apparmor fields set func appArmorFieldsInUse(podSpec *api.PodSpec) bool { … } // restartableInitContainersInUse returns true if the pod spec is non-nil and // it has any init container with ContainerRestartPolicyAlways. func restartableInitContainersInUse(podSpec *api.PodSpec) bool { … } func clusterTrustBundleProjectionInUse(podSpec *api.PodSpec) bool { … } func rroInUse(podSpec *api.PodSpec) bool { … } func dropDisabledClusterTrustBundleProjection(podSpec, oldPodSpec *api.PodSpec) { … } func hasInvalidLabelValueInAffinitySelector(spec *api.PodSpec) bool { … } func MarkPodProposedForResize(oldPod, newPod *api.Pod) { … } // KEP: https://kep.k8s.io/4639 func dropImageVolumes(podSpec, oldPodSpec *api.PodSpec) { … } func imageVolumesInUse(podSpec *api.PodSpec) bool { … }