Affected by GO-2022-0617 and 22 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0703: XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes

GO-2022-0867: Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes

GO-2022-0885: Improper Authentication in Kubernetes in k8s.io/kubernetes

GO-2022-0890: Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes

GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

GO-2022-0983: kubectl ANSI escape characters not filtered in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2748: Privilege Escalation in Kubernetes in k8s.io/apimachinery

GO-2024-2753: Denial of service in Kubernetes in k8s.io/kubernetes

GO-2024-2754: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2755: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

GO-2025-3465: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3522: Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

util

package

v1.15.0 Latest Latest Go to latest Published: Jun 15, 2019 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetNamespacesFromPodAffinityTerm(pod *v1.Pod, podAffinityTerm *v1.PodAffinityTerm) sets.String
func GetNonzeroRequests(requests *v1.ResourceList) (int64, int64)
func NodesHaveSameTopologyKey(nodeA, nodeB *v1.Node, topologyKey string) bool
func PodMatchesTermsNamespaceAndSelector(pod *v1.Pod, namespaces sets.String, selector labels.Selector) bool
type Topologies
- func (tps *Topologies) NodesHaveSameTopologyKey(nodeA, nodeB *v1.Node, topologyKey string) bool

Constants ¶

View Source

const DefaultMemoryRequest int64 = 200 * 1024 * 1024 // 200 MB

DefaultMemoryRequest defines default memory request size.

View Source

const DefaultMilliCPURequest int64 = 100 // 0.1 core

DefaultMilliCPURequest defines default milli cpu request number.

Variables ¶

This section is empty.

Functions ¶

func GetNamespacesFromPodAffinityTerm ¶

func GetNamespacesFromPodAffinityTerm(pod *v1.Pod, podAffinityTerm *v1.PodAffinityTerm) sets.String

GetNamespacesFromPodAffinityTerm returns a set of names according to the namespaces indicated in podAffinityTerm. If namespaces is empty it considers the given pod's namespace.

func GetNonzeroRequests ¶

func GetNonzeroRequests(requests *v1.ResourceList) (int64, int64)

GetNonzeroRequests returns the default resource request if none is found or what is provided on the request.

func NodesHaveSameTopologyKey ¶

func NodesHaveSameTopologyKey(nodeA, nodeB *v1.Node, topologyKey string) bool

NodesHaveSameTopologyKey checks if nodeA and nodeB have same label value with given topologyKey as label key. Returns false if topologyKey is empty.

func PodMatchesTermsNamespaceAndSelector ¶

func PodMatchesTermsNamespaceAndSelector(pod *v1.Pod, namespaces sets.String, selector labels.Selector) bool

PodMatchesTermsNamespaceAndSelector returns true if the given <pod> matches the namespace and selector defined by <affinityPod>`s <term>.

Types ¶

type Topologies ¶

type Topologies struct {
	DefaultKeys []string
}

Topologies contains topologies information of nodes.

func (*Topologies) NodesHaveSameTopologyKey ¶

func (tps *Topologies) NodesHaveSameTopologyKey(nodeA, nodeB *v1.Node, topologyKey string) bool

NodesHaveSameTopologyKey checks if nodeA and nodeB have same label value with given topologyKey as label key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL