Validator Catalog
Catalog of Validator Functions.
A validator verifies that a resource satisfies certain conditions without creating
or modifying any resources. Validator functions are managed by function authors who
desire to verify the state (optionally) recorded in the --results-dir path
provided by kpt.
For example, a replica may be specified to be within a certain range and verified using a validator function.
Validator Functions
| Image | Args | Description | Example | Source | Toolchain |
|---|---|---|---|---|---|
| gcr.io/kpt-functions/istioctl-analyze | Istioctl analyze is a diagnostic tool that can detect potential issues with Istio configuration and output errors to the results field. | Example | Source | Typescript SDK | |
| gcr.io/kpt-functions/gatekeeper-validate | Enforces OPA constraints on input objects. The constraints are also passed as part of the input to the function. | Source | |||
| gcr.io/kpt-functions/validate-rolebinding | [Demo] Enforces a blacklist of subjects in RoleBinding objects. | Source | Typescript SDK | ||
| gcr.io/kpt-functions/kubeval | Validates configuration using kubeval. | Source | Typescript SDK | ||
| gcr.io/kustomize-functions/example-validator-kubeval | [Demo] Validates that all containers have cpu and memory reservations set. | Source | Go Library | ||
| gcr.io/kustomize-functions/example-validator | Validates Kubernetes configuration files using schemas from the Kubernetes OpenAPI spec. | Source | Go Library | ||
| gcr.io/kpt-functions/suggest-psp | [Demo] Lints PodSecurityPolicy by suggesting ‘spec.allowPrivilegeEscalation’ field be set to ‘false’. | Source | Typescript SDK |
Next Steps
- Learn more ways of using the kpt fn command from the reference doc.
Last modified November 9, 2020: docs: fix broken links for fn (a863150c)