This is the documentation for version 0.39. For documentation on the latest version of kpt, please see

Validator Catalog

Catalog of Validator Functions.

A validator verifies that a resource satisfies certain conditions without creating or modifying any resources. Validator functions are managed by function authors who desire to verify the state (optionally) recorded in the --results-dir path provided by kpt.

For example, a replica may be specified to be within a certain range and verified using a validator function.

Validator Functions

Image Args Description Example Source Toolchain Istioctl analyze is a diagnostic tool that can detect potential issues with Istio configuration and output errors to the results field. Example Source Typescript SDK Enforces OPA constraints on input objects. The constraints are also passed as part of the input to the function. Source [Demo] Enforces a blacklist of subjects in RoleBinding objects. Source Typescript SDK Validates configuration using kubeval. Source Typescript SDK [Demo] Validates that all containers have cpu and memory reservations set. Source Go Library Validates Kubernetes configuration files using schemas from the Kubernetes OpenAPI spec. Source Go Library [Demo] Lints PodSecurityPolicy by suggesting ‘spec.allowPrivilegeEscalation’ field be set to ‘false’. Source Typescript SDK

Next Steps

  • Learn more ways of using the kpt fn command from the reference doc.

Last modified November 9, 2020: docs: fix broken links for fn (a863150c)