This is the documentation for version 0.39. For documentation on the latest version of kpt, please see kpt.dev.

Validator Catalog

Catalog of Validator Functions.

A validator verifies that a resource satisfies certain conditions without creating or modifying any resources. Validator functions are managed by function authors who desire to verify the state (optionally) recorded in the --results-dir path provided by kpt.

For example, a replica may be specified to be within a certain range and verified using a validator function.

Validator Functions

Image Args Description Example Source Toolchain
gcr.io/kpt-functions/istioctl-analyze Istioctl analyze is a diagnostic tool that can detect potential issues with Istio configuration and output errors to the results field. Example Source Typescript SDK
gcr.io/kpt-functions/gatekeeper-validate Enforces OPA constraints on input objects. The constraints are also passed as part of the input to the function. Source
gcr.io/kpt-functions/validate-rolebinding [Demo] Enforces a blacklist of subjects in RoleBinding objects. Source Typescript SDK
gcr.io/kpt-functions/kubeval Validates configuration using kubeval. Source Typescript SDK
gcr.io/kustomize-functions/example-validator-kubeval [Demo] Validates that all containers have cpu and memory reservations set. Source Go Library
gcr.io/kustomize-functions/example-validator Validates Kubernetes configuration files using schemas from the Kubernetes OpenAPI spec. Source Go Library
gcr.io/kpt-functions/suggest-psp [Demo] Lints PodSecurityPolicy by suggesting ‘spec.allowPrivilegeEscalation’ field be set to ‘false’. Source Typescript SDK

Next Steps

  • Learn more ways of using the kpt fn command from the reference doc.

Last modified November 9, 2020: docs: fix broken links for fn (a863150c)