apimachineryk8s.io/apimachinery/pkg/util/validation Index | Files | Directories

package validation

import "k8s.io/apimachinery/pkg/util/validation"

Index

Constants 

const DNS1035LabelMaxLength int = 63

DNS1035LabelMaxLength is a label's max length in DNS (RFC 1035) 

const DNS1123LabelMaxLength int = 63

DNS1123LabelMaxLength is a label's max length in DNS (RFC 1123) 

const DNS1123SubdomainMaxLength int = 253

DNS1123SubdomainMaxLength is a subdomain's max length in DNS (RFC 1123) 

const LabelValueMaxLength int = 63

LabelValueMaxLength is a label's max length

Functions

func EmptyError 

func EmptyError() string

EmptyError returns a string explanation of a "must not be empty" validation failure.

func GetWarningsForCIDR 

func GetWarningsForCIDR(fldPath *field.Path, value string) []string

GetWarningsForCIDR returns warnings for CIDR values in non-standard forms. This should only be used with fields that are validated with IsValidCIDRForLegacyField().

func GetWarningsForIP 

func GetWarningsForIP(fldPath *field.Path, value string) []string

GetWarningsForIP returns warnings for IP address values in non-standard forms. This should only be used with fields that are validated with IsValidIPForLegacyField().

func InclusiveRangeError 

func InclusiveRangeError(lo, hi int) string

InclusiveRangeError returns a string explanation of a numeric "must be between" validation failure.

func IsCIdentifier 

func IsCIdentifier(value string) []string

IsCIdentifier tests for a string that conforms the definition of an identifier in C. This checks the format, but not the length.

func IsConfigMapKey 

func IsConfigMapKey(value string) []string

IsConfigMapKey tests for a string that is a valid key for a ConfigMap or Secret

func IsDNS1035Label 

func IsDNS1035Label(value string) []string

IsDNS1035Label tests for a string that conforms to the definition of a label in DNS (RFC 1035).

func IsDNS1123Label 

func IsDNS1123Label(value string) []string

IsDNS1123Label tests for a string that conforms to the definition of a label in DNS (RFC 1123).

func IsDNS1123Subdomain 

func IsDNS1123Subdomain(value string) []string

IsDNS1123Subdomain tests for a string that conforms to the definition of a subdomain in DNS (RFC 1123).

func IsDNS1123SubdomainWithUnderscore 

func IsDNS1123SubdomainWithUnderscore(value string) []string

IsDNS1123SubdomainWithUnderscore tests for a string that conforms to the definition of a subdomain in DNS (RFC 1123), but allows the use of an underscore in the string

func IsDomainPrefixedPath 

func IsDomainPrefixedPath(fldPath *field.Path, dpPath string) field.ErrorList

IsDomainPrefixedPath checks if the given string is a domain-prefixed path (e.g. acme.io/foo). All characters before the first "/" must be a valid subdomain as defined by RFC 1123. All characters trailing the first "/" must be valid HTTP Path characters as defined by RFC 3986.

func IsEnvVarName 

func IsEnvVarName(value string) []string

IsEnvVarName tests if a string is a valid environment variable name.

func IsFullyQualifiedDomainName 

func IsFullyQualifiedDomainName(fldPath *field.Path, name string) field.ErrorList

IsFullyQualifiedDomainName checks if the domain name is fully qualified. This is similar to IsFullyQualifiedName but only requires a minimum of 2 segments instead of 3 and accepts a trailing . as valid.

func IsFullyQualifiedName 

func IsFullyQualifiedName(fldPath *field.Path, name string) field.ErrorList

IsFullyQualifiedName checks if the name is fully qualified. This is similar to IsFullyQualifiedDomainName but requires a minimum of 3 segments instead of 2 and does not accept a trailing . as valid. TODO: This function is deprecated and preserved until all callers migrate to IsFullyQualifiedDomainName; please don't add new callers.

func IsHTTPHeaderName 

func IsHTTPHeaderName(value string) []string

IsHTTPHeaderName checks that a string conforms to the Go HTTP library's definition of a valid header field name (a stricter subset than RFC7230).

func IsInRange 

func IsInRange(value int, min int, max int) []string

IsInRange tests that the argument is in an inclusive range.

func IsQualifiedName 

func IsQualifiedName(value string) []string

IsQualifiedName tests whether the value passed is what Kubernetes calls a "qualified name". This is a format used in various places throughout the system. If the value is not valid, a list of error strings is returned. Otherwise an empty list (or nil) is returned.

func IsRelaxedEnvVarName 

func IsRelaxedEnvVarName(value string) []string

IsRelaxedEnvVarName tests if a string is a valid environment variable name.

func IsValidCIDR 

func IsValidCIDR(fldPath *field.Path, value string) field.ErrorList

IsValidCIDR tests that the argument is a valid CIDR value, according to current Kubernetes standards for CIDR validation. This function is only for "subnet"/"mask"-style CIDR values (e.g., "192.168.1.0/24", with no bits set beyond the prefix length). Use IsValidInterfaceAddress for "ifaddr"-style CIDR values.

func IsValidCIDRForLegacyField 

func IsValidCIDRForLegacyField(fldPath *field.Path, value string, strictValidation bool, validOldCIDRs []string) field.ErrorList

IsValidCIDRForLegacyField tests that the argument is a valid CIDR value for a "legacy" API field that predates strict IP validation. In particular, this allows IPs that are not in canonical form (e.g., "FE80:0abc:0:0:0:0:0:0/64" instead of "fe80:abc::/64").

If strictValidation is false, this also allows CIDR values in certain invalid or ambiguous formats:

  1. The IP part of the CIDR value is parsed as with IsValidIPForLegacyField with strictValidation=false.

  2. The CIDR value is allowed to be either a "subnet"/"mask" (with the lower bits after the prefix length all being 0), or an "interface address" as with `ip addr` (with a complete IP address and associated subnet length). With strict validation, the value is required to be in "subnet"/"mask" form.

  3. The prefix length is allowed to have leading 0s.

Alternatively, when validating an update to an existing field, you can pass a list of CIDR values from the old object that should be accepted if they appear in the new object even if they are not valid.

This function should only be used to validate the existing fields that were historically validated in this way, and strictValidation should be true unless the StrictIPCIDRValidation feature gate is disabled. Use IsValidCIDR or IsValidInterfaceAddress for parsing new fields.

func IsValidGroupID 

func IsValidGroupID(gid int64) []string

IsValidGroupID tests that the argument is a valid Unix GID.

func IsValidIP 

func IsValidIP(fldPath *field.Path, value string) field.ErrorList

IsValidIP tests that the argument is a valid IP address, according to current Kubernetes standards for IP address validation.

func IsValidIPForLegacyField 

func IsValidIPForLegacyField(fldPath *field.Path, value string, strictValidation bool, validOldIPs []string) field.ErrorList

IsValidIPForLegacyField tests that the argument is a valid IP address for a "legacy" API field that predates strict IP validation. In particular, this allows IPs that are not in canonical form (e.g., "FE80:0:0:0:0:0:0:0abc" instead of "fe80::abc").

If strictValidation is false, this also allows IPs in certain invalid or ambiguous formats:

  1. IPv4 IPs are allowed to have leading "0"s in octets (e.g. "010.002.003.004"). Historically, net.ParseIP (and later netutils.ParseIPSloppy) simply ignored leading "0"s in IPv4 addresses, but most libc-based software treats 0-prefixed IPv4 octets as octal, meaning different software might interpret the same string as two different IPs, potentially leading to security issues. (Current net.ParseIP and netip.ParseAddr simply reject inputs with leading "0"s.)

  2. IPv4-mapped IPv6 IPs (e.g. "::ffff:1.2.3.4") are allowed. These can also lead to different software interpreting the value in different ways, because they may be treated as IPv4 by some software and IPv6 by other software. (net.ParseIP and netip.ParseAddr both allow these, but there are no use cases for representing IPv4 addresses as IPv4-mapped IPv6 addresses in Kubernetes.)

Alternatively, when validating an update to an existing field, you can pass a list of IP values from the old object that should be accepted if they appear in the new object even if they are not valid.

This function should only be used to validate the existing fields that were historically validated in this way, and strictValidation should be true unless the StrictIPCIDRValidation feature gate is disabled. Use IsValidIP for parsing new fields.

func IsValidInterfaceAddress 

func IsValidInterfaceAddress(fldPath *field.Path, value string) field.ErrorList

IsValidInterfaceAddress tests that the argument is a valid "ifaddr"-style CIDR value in canonical form (e.g., "192.168.1.5/24", with a complete IP address and associated subnet length). Use IsValidCIDR for "subnet"/"mask"-style CIDR values (e.g., "192.168.1.0/24").

func IsValidLabelValue 

func IsValidLabelValue(value string) []string

IsValidLabelValue tests whether the value passed is a valid label value. If the value is not valid, a list of error strings is returned. Otherwise an empty list (or nil) is returned.

func IsValidPercent 

func IsValidPercent(percent string) []string

IsValidPercent checks that string is in the form of a percentage

func IsValidPortName 

func IsValidPortName(port string) []string

IsValidPortName check that the argument is valid syntax. It must be non-empty and no more than 15 characters long. It may contain only [-a-z0-9] and must contain at least one letter [a-z]. It must not start or end with a hyphen, nor contain adjacent hyphens.

Note: We only allow lower-case characters, even though RFC 6335 is case insensitive.

func IsValidPortNum 

func IsValidPortNum(port int) []string

IsValidPortNum tests that the argument is a valid, non-zero port number.

func IsValidUserID 

func IsValidUserID(uid int64) []string

IsValidUserID tests that the argument is a valid Unix UID.

func IsWildcardDNS1123Subdomain 

func IsWildcardDNS1123Subdomain(value string) []string

IsWildcardDNS1123Subdomain tests for a string that conforms to the definition of a wildcard subdomain in DNS (RFC 1034 section 4.3.3).

func MaxLenError 

func MaxLenError(length int) string

MaxLenError returns a string explanation of a "string too long" validation failure.

func RegexError 

func RegexError(msg string, fmt string, examples ...string) string

RegexError returns a string explanation of a regex validation failure.

Source Files

ip.go validation.go

Directories

PathSynopsis
pkg/util/validation/field
Version
v0.33.0 (latest)
Published
Apr 11, 2025
Platform
linux/amd64
Imports
11 packages
Last checked
3 hours ago

Tools for package owners.