From f306a0dbb4a462e2ac5882196e7276a0c890b219 Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Wed, 22 Apr 2020 15:41:00 -0700 Subject: [PATCH] convert .import-restrictions to yaml yaml has comments, so we can explain why we have certain rules or certain prefixes for those files that weren't already commented yaml, I converted them to yaml and took a best guess at comments based on the PRs that introduced or updated them --- cmd/kubeadm/.import-restrictions | 72 +-- pkg/.import-restrictions | 27 +- .../providers/.import-restrictions | 16 +- pkg/controller/.import-restrictions | 25 +- pkg/kubectl/.import-restrictions | 138 ++-- .../server/portforward/.import-restrictions | 13 +- .../server/remotecommand/.import-restrictions | 13 +- .../server/streaming/.import-restrictions | 17 +- pkg/kubemark/.import-restrictions | 19 +- .../src/k8s.io/apiserver/.import-restrictions | 15 +- test/e2e/framework/.import-restrictions | 598 +++++++++--------- test/integration/.import-restrictions | 13 +- 12 files changed, 437 insertions(+), 529 deletions(-) diff --git a/cmd/kubeadm/.import-restrictions b/cmd/kubeadm/.import-restrictions index 95bc81f92ef..4f6fa72bde7 100644 --- a/cmd/kubeadm/.import-restrictions +++ b/cmd/kubeadm/.import-restrictions @@ -1,48 +1,24 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/(api/|apimachinery/|apiextensions-apiserver/|apiserver/)", - "AllowedPrefixes": [ - "" - ] - }, - { - "SelectorRegexp": "k8s[.]io/client-go/", - "AllowedPrefixes": [ - "" - ] - }, - { - "SelectorRegexp": "k8s[.]io/kubelet/", - "AllowedPrefixes": [ - "k8s.io/kubelet/config/v1beta1" - ] - }, - { - "SelectorRegexp": "k8s[.]io/kube-openapi/", - "AllowedPrefixes": [ - "k8s.io/kube-openapi/pkg/util/proto" - ] - }, - { - "SelectorRegexp": "k8s[.]io/kube-proxy/", - "AllowedPrefixes": [ - "k8s.io/kube-proxy/config/v1alpha1" - ] - }, - { - "SelectorRegexp": "k8s[.]io/kubernetes", - "AllowedPrefixes": [ - "k8s.io/kubernetes/cmd/kubeadm" - ] - }, - { - "SelectorRegexp": "gopkg[.]in", - "AllowedPrefixes": [ - "gopkg.in/inf.v0", - "gopkg.in/square/go-jose.v2", - "gopkg.in/yaml.v2" - ] - } - ] -} +rules: + - selectorRegexp: k8s[.]io/(api/|apimachinery/|apiextensions-apiserver/|apiserver/) + allowedPrefixes: + - '' + - selectorRegexp: k8s[.]io/client-go/ + allowedPrefixes: + - '' + - selectorRegexp: k8s[.]io/kubelet/ + allowedPrefixes: + - k8s.io/kubelet/config/v1beta1 + - selectorRegexp: k8s[.]io/kube-openapi/ + allowedPrefixes: + - k8s.io/kube-openapi/pkg/util/proto + - selectorRegexp: k8s[.]io/kube-proxy/ + allowedPrefixes: + - k8s.io/kube-proxy/config/v1alpha1 + - selectorRegexp: k8s[.]io/kubernetes + allowedPrefixes: + - k8s.io/kubernetes/cmd/kubeadm + - selectorRegexp: gopkg[.]in + allowedPrefixes: + - gopkg.in/inf.v0 + - gopkg.in/square/go-jose.v2 + - gopkg.in/yaml.v2 diff --git a/pkg/.import-restrictions b/pkg/.import-restrictions index b40ad186143..db9e87a34e5 100644 --- a/pkg/.import-restrictions +++ b/pkg/.import-restrictions @@ -1,15 +1,12 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes", - "AllowedPrefixes": [ - "" - ], - "ForbiddenPrefixes": [ - "k8s.io/kubernetes/cmd", - "github.com/ghodss/yaml", - "github.com/ishidawataru/sctp" - ] - } - ] -} +rules: + - selectorRegexp: k8s[.]io/kubernetes + allowedPrefixes: + - '' + forbiddenPrefixes: + # prevent pkg/ from depending on cmd/ + # note: pkg/kubemark and pkg/api/testing override this + - k8s.io/kubernetes/cmd + # use sigs.k8s.io/yaml instead + - github.com/ghodss/yaml + # prevent kubernetes from opening sctp sockets (ref: https://github.com/kubernetes/kubernetes/pull/87926#discussion_r376642015) + - github.com/ishidawataru/sctp diff --git a/pkg/cloudprovider/providers/.import-restrictions b/pkg/cloudprovider/providers/.import-restrictions index 611ddf966d9..8259556e3af 100644 --- a/pkg/cloudprovider/providers/.import-restrictions +++ b/pkg/cloudprovider/providers/.import-restrictions @@ -1,11 +1,5 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes", - "AllowedPrefixes": [ - "k8s.io/kubernetes/pkg/cloudprovider/providers" - ], - "ForbiddenPrefixes": [] - } - ] -} +rules: + # prevent any k8s.io/kubernetes imports outside of this package + - selectorRegexp: k8s[.]io/kubernetes + allowedPrefixes: + - k8s.io/kubernetes/pkg/cloudprovider/providers diff --git a/pkg/controller/.import-restrictions b/pkg/controller/.import-restrictions index 67a6a8c068d..59f66927762 100644 --- a/pkg/controller/.import-restrictions +++ b/pkg/controller/.import-restrictions @@ -1,16 +1,9 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes/pkg/client/unversioned$", - "ForbiddenPrefixes": [ - "k8s.io/kubernetes/pkg/client/unversioned" - ] - }, - { - "SelectorRegexp": "k8s[.]io/kubernetes/pkg/client/unversioned/testclient$", - "ForbiddenPrefixes": [ - "k8s.io/kubernetes/pkg/client/unversioned/testclient" - ] - } - ] -} +rules: + # prevent use of pkg/client/unversioned (#34759) + - selectorRegexp: k8s[.]io/kubernetes/pkg/client/unversioned$ + forbiddenPrefixes: + - k8s.io/kubernetes/pkg/client/unversioned + # prevent use of pkg/client/unversioned (#34759) + - selectorRegexp: k8s[.]io/kubernetes/pkg/client/unversioned/testclient$ + forbiddenPrefixes: + - k8s.io/kubernetes/pkg/client/unversioned/testclient diff --git a/pkg/kubectl/.import-restrictions b/pkg/kubectl/.import-restrictions index 67002fcc8e5..29cb4c510d3 100644 --- a/pkg/kubectl/.import-restrictions +++ b/pkg/kubectl/.import-restrictions @@ -1,71 +1,67 @@ -{ - "Rules": [{ - "SelectorRegexp": "k8s[.]io/kubernetes/pkg", - "AllowedPrefixes": [ - "k8s.io/kubernetes/pkg/api", - "k8s.io/kubernetes/pkg/api/legacyscheme", - "k8s.io/kubernetes/pkg/apis/apps", - "k8s.io/kubernetes/pkg/apis/apps/install", - "k8s.io/kubernetes/pkg/apis/apps/v1", - "k8s.io/kubernetes/pkg/apis/apps/v1beta1", - "k8s.io/kubernetes/pkg/apis/apps/v1beta2", - "k8s.io/kubernetes/pkg/apis/authentication", - "k8s.io/kubernetes/pkg/apis/authentication/install", - "k8s.io/kubernetes/pkg/apis/authentication/v1", - "k8s.io/kubernetes/pkg/apis/authentication/v1beta1", - "k8s.io/kubernetes/pkg/apis/authorization", - "k8s.io/kubernetes/pkg/apis/authorization/install", - "k8s.io/kubernetes/pkg/apis/authorization/v1", - "k8s.io/kubernetes/pkg/apis/authorization/v1beta1", - "k8s.io/kubernetes/pkg/apis/autoscaling", - "k8s.io/kubernetes/pkg/apis/autoscaling/install", - "k8s.io/kubernetes/pkg/apis/autoscaling/v1", - "k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1", - "k8s.io/kubernetes/pkg/apis/batch", - "k8s.io/kubernetes/pkg/apis/batch/install", - "k8s.io/kubernetes/pkg/apis/batch/v1", - "k8s.io/kubernetes/pkg/apis/batch/v1beta1", - "k8s.io/kubernetes/pkg/apis/batch/v2alpha1", - "k8s.io/kubernetes/pkg/apis/certificates", - "k8s.io/kubernetes/pkg/apis/certificates/install", - "k8s.io/kubernetes/pkg/apis/certificates/v1beta1", - "k8s.io/kubernetes/pkg/apis/core", - "k8s.io/kubernetes/pkg/apis/core/helper", - "k8s.io/kubernetes/pkg/apis/core/install", - "k8s.io/kubernetes/pkg/apis/core/v1", - "k8s.io/kubernetes/pkg/apis/extensions", - "k8s.io/kubernetes/pkg/apis/extensions/install", - "k8s.io/kubernetes/pkg/apis/extensions/v1beta1", - "k8s.io/kubernetes/pkg/apis/networking", - "k8s.io/kubernetes/pkg/apis/policy", - "k8s.io/kubernetes/pkg/apis/policy/install", - "k8s.io/kubernetes/pkg/apis/policy/v1beta1", - "k8s.io/kubernetes/pkg/apis/rbac", - "k8s.io/kubernetes/pkg/apis/rbac/install", - "k8s.io/kubernetes/pkg/apis/rbac/v1", - "k8s.io/kubernetes/pkg/apis/rbac/v1alpha1", - "k8s.io/kubernetes/pkg/apis/rbac/v1beta1", - "k8s.io/kubernetes/pkg/apis/scheduling", - "k8s.io/kubernetes/pkg/apis/scheduling/install", - "k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1", - "k8s.io/kubernetes/pkg/apis/settings", - "k8s.io/kubernetes/pkg/apis/settings/install", - "k8s.io/kubernetes/pkg/apis/settings/v1alpha1", - "k8s.io/kubernetes/pkg/apis/storage", - "k8s.io/kubernetes/pkg/apis/storage/install", - "k8s.io/kubernetes/pkg/apis/storage/util", - "k8s.io/kubernetes/pkg/apis/storage/v1", - "k8s.io/kubernetes/pkg/apis/storage/v1beta1", - "k8s.io/kubernetes/pkg/features", - "k8s.io/kubernetes/pkg/kubectl", - "k8s.io/kubernetes/pkg/printers", - "k8s.io/kubernetes/pkg/registry/rbac/reconciliation", - "k8s.io/kubernetes/pkg/registry/rbac/validation", - "k8s.io/kubernetes/pkg/util/interrupt", - "k8s.io/kubernetes/pkg/util/node", - "k8s.io/kubernetes/pkg/util/parsers", - "k8s.io/utils/pointer" - ], - "ForbiddenPrefixes": [] - }] -} +rules: + - selectorRegexp: k8s[.]io/kubernetes/pkg + allowedPrefixes: + - k8s.io/kubernetes/pkg/api + - k8s.io/kubernetes/pkg/api/legacyscheme + - k8s.io/kubernetes/pkg/apis/apps + - k8s.io/kubernetes/pkg/apis/apps/install + - k8s.io/kubernetes/pkg/apis/apps/v1 + - k8s.io/kubernetes/pkg/apis/apps/v1beta1 + - k8s.io/kubernetes/pkg/apis/apps/v1beta2 + - k8s.io/kubernetes/pkg/apis/authentication + - k8s.io/kubernetes/pkg/apis/authentication/install + - k8s.io/kubernetes/pkg/apis/authentication/v1 + - k8s.io/kubernetes/pkg/apis/authentication/v1beta1 + - k8s.io/kubernetes/pkg/apis/authorization + - k8s.io/kubernetes/pkg/apis/authorization/install + - k8s.io/kubernetes/pkg/apis/authorization/v1 + - k8s.io/kubernetes/pkg/apis/authorization/v1beta1 + - k8s.io/kubernetes/pkg/apis/autoscaling + - k8s.io/kubernetes/pkg/apis/autoscaling/install + - k8s.io/kubernetes/pkg/apis/autoscaling/v1 + - k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1 + - k8s.io/kubernetes/pkg/apis/batch + - k8s.io/kubernetes/pkg/apis/batch/install + - k8s.io/kubernetes/pkg/apis/batch/v1 + - k8s.io/kubernetes/pkg/apis/batch/v1beta1 + - k8s.io/kubernetes/pkg/apis/batch/v2alpha1 + - k8s.io/kubernetes/pkg/apis/certificates + - k8s.io/kubernetes/pkg/apis/certificates/install + - k8s.io/kubernetes/pkg/apis/certificates/v1beta1 + - k8s.io/kubernetes/pkg/apis/core + - k8s.io/kubernetes/pkg/apis/core/helper + - k8s.io/kubernetes/pkg/apis/core/install + - k8s.io/kubernetes/pkg/apis/core/v1 + - k8s.io/kubernetes/pkg/apis/extensions + - k8s.io/kubernetes/pkg/apis/extensions/install + - k8s.io/kubernetes/pkg/apis/extensions/v1beta1 + - k8s.io/kubernetes/pkg/apis/networking + - k8s.io/kubernetes/pkg/apis/policy + - k8s.io/kubernetes/pkg/apis/policy/install + - k8s.io/kubernetes/pkg/apis/policy/v1beta1 + - k8s.io/kubernetes/pkg/apis/rbac + - k8s.io/kubernetes/pkg/apis/rbac/install + - k8s.io/kubernetes/pkg/apis/rbac/v1 + - k8s.io/kubernetes/pkg/apis/rbac/v1alpha1 + - k8s.io/kubernetes/pkg/apis/rbac/v1beta1 + - k8s.io/kubernetes/pkg/apis/scheduling + - k8s.io/kubernetes/pkg/apis/scheduling/install + - k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1 + - k8s.io/kubernetes/pkg/apis/settings + - k8s.io/kubernetes/pkg/apis/settings/install + - k8s.io/kubernetes/pkg/apis/settings/v1alpha1 + - k8s.io/kubernetes/pkg/apis/storage + - k8s.io/kubernetes/pkg/apis/storage/install + - k8s.io/kubernetes/pkg/apis/storage/util + - k8s.io/kubernetes/pkg/apis/storage/v1 + - k8s.io/kubernetes/pkg/apis/storage/v1beta1 + - k8s.io/kubernetes/pkg/features + - k8s.io/kubernetes/pkg/kubectl + - k8s.io/kubernetes/pkg/printers + - k8s.io/kubernetes/pkg/registry/rbac/reconciliation + - k8s.io/kubernetes/pkg/registry/rbac/validation + - k8s.io/kubernetes/pkg/util/interrupt + - k8s.io/kubernetes/pkg/util/node + - k8s.io/kubernetes/pkg/util/parsers + - k8s.io/utils/pointer + forbiddenPrefixes: [] diff --git a/pkg/kubelet/server/portforward/.import-restrictions b/pkg/kubelet/server/portforward/.import-restrictions index 0ead1c49530..1af732dabf4 100644 --- a/pkg/kubelet/server/portforward/.import-restrictions +++ b/pkg/kubelet/server/portforward/.import-restrictions @@ -1,9 +1,4 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes", - "AllowedPrefixes": [ - ] - } - ] -} +rules: + # prevent exposing internal api in streaming packages + - selectorRegexp: k8s[.]io/kubernetes + allowedPrefixes: [] diff --git a/pkg/kubelet/server/remotecommand/.import-restrictions b/pkg/kubelet/server/remotecommand/.import-restrictions index 0ead1c49530..1af732dabf4 100644 --- a/pkg/kubelet/server/remotecommand/.import-restrictions +++ b/pkg/kubelet/server/remotecommand/.import-restrictions @@ -1,9 +1,4 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes", - "AllowedPrefixes": [ - ] - } - ] -} +rules: + # prevent exposing internal api in streaming packages + - selectorRegexp: k8s[.]io/kubernetes + allowedPrefixes: [] diff --git a/pkg/kubelet/server/streaming/.import-restrictions b/pkg/kubelet/server/streaming/.import-restrictions index 6a0053a9620..de0b1e13135 100644 --- a/pkg/kubelet/server/streaming/.import-restrictions +++ b/pkg/kubelet/server/streaming/.import-restrictions @@ -1,11 +1,6 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes", - "AllowedPrefixes": [ - "k8s.io/kubernetes/pkg/kubelet/server/portforward", - "k8s.io/kubernetes/pkg/kubelet/server/remotecommand" - ] - } - ] -} +rules: + # prevent exposing internal api in streaming packages + - selectorRegexp: k8s[.]io/kubernetes + allowedPrefixes: + - k8s.io/kubernetes/pkg/kubelet/server/portforward + - k8s.io/kubernetes/pkg/kubelet/server/remotecommand diff --git a/pkg/kubemark/.import-restrictions b/pkg/kubemark/.import-restrictions index 79aca70ba8b..5bcdf7301be 100644 --- a/pkg/kubemark/.import-restrictions +++ b/pkg/kubemark/.import-restrictions @@ -1,13 +1,6 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes/cmd", - "AllowedPrefixes": [ - "k8s.io/kubernetes/cmd/kube-proxy/app", - "k8s.io/kubernetes/cmd/kubelet/app" - ], - "ForbiddenPrefixes": [ - ] - } - ] -} \ No newline at end of file +rules: + # override pkg/ import restriction on cmd/ for kubemark + - selectorRegexp: k8s[.]io/kubernetes/cmd + allowedPrefixes: + - k8s.io/kubernetes/cmd/kube-proxy/app + - k8s.io/kubernetes/cmd/kubelet/app diff --git a/staging/src/k8s.io/apiserver/.import-restrictions b/staging/src/k8s.io/apiserver/.import-restrictions index c80e742d557..87723dcfc80 100644 --- a/staging/src/k8s.io/apiserver/.import-restrictions +++ b/staging/src/k8s.io/apiserver/.import-restrictions @@ -1,10 +1,5 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes", - "ForbiddenPrefixes": [ - "" - ] - } - ] -} +rules: + # prevent import of k8s.io/kubernetes + - selectorRegexp: k8s[.]io/kubernetes + forbiddenPrefixes: + - '' diff --git a/test/e2e/framework/.import-restrictions b/test/e2e/framework/.import-restrictions index 30edc2d76fc..cf90df456cb 100644 --- a/test/e2e/framework/.import-restrictions +++ b/test/e2e/framework/.import-restrictions @@ -1,308 +1,290 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes/pkg/", - "AllowedPrefixes": [ - "k8s.io/kubernetes/pkg/api/legacyscheme", - "k8s.io/kubernetes/pkg/api/service", - "k8s.io/kubernetes/pkg/api/v1/pod", - "k8s.io/kubernetes/pkg/api/v1/resource", - "k8s.io/kubernetes/pkg/api/v1/service", - "k8s.io/kubernetes/pkg/apis/apps", - "k8s.io/kubernetes/pkg/apis/apps/validation", - "k8s.io/kubernetes/pkg/apis/autoscaling", - "k8s.io/kubernetes/pkg/apis/batch", - "k8s.io/kubernetes/pkg/apis/core", - "k8s.io/kubernetes/pkg/apis/core/helper", - "k8s.io/kubernetes/pkg/apis/core/install", - "k8s.io/kubernetes/pkg/apis/core/pods", - "k8s.io/kubernetes/pkg/apis/core/v1", - "k8s.io/kubernetes/pkg/apis/core/v1/helper", - "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos", - "k8s.io/kubernetes/pkg/apis/core/validation", - "k8s.io/kubernetes/pkg/apis/extensions", - "k8s.io/kubernetes/pkg/apis/networking", - "k8s.io/kubernetes/pkg/apis/policy", - "k8s.io/kubernetes/pkg/apis/policy/validation", - "k8s.io/kubernetes/pkg/apis/scheduling", - "k8s.io/kubernetes/pkg/apis/storage/v1/util", - "k8s.io/kubernetes/pkg/capabilities", - "k8s.io/kubernetes/pkg/client/conditions", - "k8s.io/kubernetes/pkg/cloudprovider/providers", - "k8s.io/kubernetes/pkg/controller", - "k8s.io/kubernetes/pkg/controller/deployment/util", - "k8s.io/kubernetes/pkg/controller/nodelifecycle", - "k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler", - "k8s.io/kubernetes/pkg/controller/service", - "k8s.io/kubernetes/pkg/controller/util/node", - "k8s.io/kubernetes/pkg/controller/volume/persistentvolume/util", - "k8s.io/kubernetes/pkg/controller/volume/scheduling", - "k8s.io/kubernetes/pkg/credentialprovider", - "k8s.io/kubernetes/pkg/credentialprovider/aws", - "k8s.io/kubernetes/pkg/credentialprovider/azure", - "k8s.io/kubernetes/pkg/credentialprovider/gcp", - "k8s.io/kubernetes/pkg/credentialprovider/secrets", - "k8s.io/kubernetes/pkg/features", - "k8s.io/kubernetes/pkg/fieldpath", - "k8s.io/kubernetes/pkg/kubectl", - "k8s.io/kubernetes/pkg/kubectl/apps", - "k8s.io/kubernetes/pkg/kubectl/describe", - "k8s.io/kubernetes/pkg/kubectl/describe/versioned", - "k8s.io/kubernetes/pkg/kubectl/scheme", - "k8s.io/kubernetes/pkg/kubectl/util", - "k8s.io/kubernetes/pkg/kubectl/util/certificate", - "k8s.io/kubernetes/pkg/kubectl/util/deployment", - "k8s.io/kubernetes/pkg/kubectl/util/event", - "k8s.io/kubernetes/pkg/kubectl/util/fieldpath", - "k8s.io/kubernetes/pkg/kubectl/util/podutils", - "k8s.io/kubernetes/pkg/kubectl/util/qos", - "k8s.io/kubernetes/pkg/kubectl/util/rbac", - "k8s.io/kubernetes/pkg/kubectl/util/resource", - "k8s.io/kubernetes/pkg/kubectl/util/slice", - "k8s.io/kubernetes/pkg/kubectl/util/storage", - "k8s.io/kubernetes/pkg/kubelet", - "k8s.io/kubernetes/pkg/kubelet/apis", - "k8s.io/kubernetes/pkg/kubelet/apis/config", - "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1", - "k8s.io/kubernetes/pkg/kubelet/cadvisor", - "k8s.io/kubernetes/pkg/kubelet/certificate", - "k8s.io/kubernetes/pkg/kubelet/certificate/bootstrap", - "k8s.io/kubernetes/pkg/kubelet/checkpoint", - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager", - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager/checksum", - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager/errors", - "k8s.io/kubernetes/pkg/kubelet/cloudresource", - "k8s.io/kubernetes/pkg/kubelet/cm", - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager", - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/containermap", - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state", - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology", - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset", - "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager", - "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/checkpoint", - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager", - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask", - "k8s.io/kubernetes/pkg/kubelet/cm/util", - "k8s.io/kubernetes/pkg/kubelet/config", - "k8s.io/kubernetes/pkg/kubelet/configmap", - "k8s.io/kubernetes/pkg/kubelet/container", - "k8s.io/kubernetes/pkg/kubelet/dockershim", - "k8s.io/kubernetes/pkg/kubelet/dockershim/cm", - "k8s.io/kubernetes/pkg/kubelet/dockershim/libdocker", - "k8s.io/kubernetes/pkg/kubelet/dockershim/metrics", - "k8s.io/kubernetes/pkg/kubelet/dockershim/network", - "k8s.io/kubernetes/pkg/kubelet/dockershim/network/cni", - "k8s.io/kubernetes/pkg/kubelet/dockershim/network/hostport", - "k8s.io/kubernetes/pkg/kubelet/dockershim/network/kubenet", - "k8s.io/kubernetes/pkg/kubelet/dockershim/network/metrics", - "k8s.io/kubernetes/pkg/kubelet/dockershim/remote", - "k8s.io/kubernetes/pkg/kubelet/envvars", - "k8s.io/kubernetes/pkg/kubelet/eviction", - "k8s.io/kubernetes/pkg/kubelet/eviction/api", - "k8s.io/kubernetes/pkg/kubelet/events", - "k8s.io/kubernetes/pkg/kubelet/images", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/checkpoint", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/checkpoint/store", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/configfiles", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/status", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/codec", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/files", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/log", - "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/panic", - "k8s.io/kubernetes/pkg/kubelet/kuberuntime", - "k8s.io/kubernetes/pkg/kubelet/kuberuntime/logs", - "k8s.io/kubernetes/pkg/kubelet/leaky", - "k8s.io/kubernetes/pkg/kubelet/lifecycle", - "k8s.io/kubernetes/pkg/kubelet/logs", - "k8s.io/kubernetes/pkg/kubelet/metrics", - "k8s.io/kubernetes/pkg/kubelet/network/dns", - "k8s.io/kubernetes/pkg/kubelet/nodelease", - "k8s.io/kubernetes/pkg/kubelet/nodestatus", - "k8s.io/kubernetes/pkg/kubelet/oom", - "k8s.io/kubernetes/pkg/kubelet/pleg", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager/cache", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager/metrics", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager/operationexecutor", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager/pluginwatcher", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager/pluginwatcher/example_plugin_apis/v1beta1", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager/pluginwatcher/example_plugin_apis/v1beta2", - "k8s.io/kubernetes/pkg/kubelet/pluginmanager/reconciler", - "k8s.io/kubernetes/pkg/kubelet/pod", - "k8s.io/kubernetes/pkg/kubelet/preemption", - "k8s.io/kubernetes/pkg/kubelet/prober", - "k8s.io/kubernetes/pkg/kubelet/prober/results", - "k8s.io/kubernetes/pkg/kubelet/qos", - "k8s.io/kubernetes/pkg/kubelet/remote", - "k8s.io/kubernetes/pkg/kubelet/runtimeclass", - "k8s.io/kubernetes/pkg/kubelet/server", - "k8s.io/kubernetes/pkg/kubelet/server/metrics", - "k8s.io/kubernetes/pkg/kubelet/server/portforward", - "k8s.io/kubernetes/pkg/kubelet/server/remotecommand", - "k8s.io/kubernetes/pkg/kubelet/server/stats", - "k8s.io/kubernetes/pkg/kubelet/server/streaming", - "k8s.io/kubernetes/pkg/kubelet/stats", - "k8s.io/kubernetes/pkg/kubelet/stats/pidlimit", - "k8s.io/kubernetes/pkg/kubelet/status", - "k8s.io/kubernetes/pkg/kubelet/secret", - "k8s.io/kubernetes/pkg/kubelet/sysctl", - "k8s.io/kubernetes/pkg/kubelet/types", - "k8s.io/kubernetes/pkg/kubelet/token", - "k8s.io/kubernetes/pkg/kubelet/util", - "k8s.io/kubernetes/pkg/kubelet/util/format", - "k8s.io/kubernetes/pkg/kubelet/util/manager", - "k8s.io/kubernetes/pkg/kubelet/util/store", - "k8s.io/kubernetes/pkg/kubelet/volumemanager", - "k8s.io/kubernetes/pkg/kubelet/volumemanager/cache", - "k8s.io/kubernetes/pkg/kubelet/volumemanager/metrics", - "k8s.io/kubernetes/pkg/kubelet/volumemanager/populator", - "k8s.io/kubernetes/pkg/kubelet/volumemanager/reconciler", - "k8s.io/kubernetes/pkg/kubemark", - "k8s.io/kubernetes/pkg/master/ports", - "k8s.io/kubernetes/pkg/probe", - "k8s.io/kubernetes/pkg/probe/exec", - "k8s.io/kubernetes/pkg/probe/http", - "k8s.io/kubernetes/pkg/probe/tcp", - "k8s.io/kubernetes/pkg/proxy", - "k8s.io/kubernetes/pkg/proxy/apis", - "k8s.io/kubernetes/pkg/proxy/apis/config", - "k8s.io/kubernetes/pkg/proxy/apis/config/scheme", - "k8s.io/kubernetes/pkg/proxy/apis/config/v1alpha1", - "k8s.io/kubernetes/pkg/proxy/apis/config/validation", - "k8s.io/kubernetes/pkg/proxy/config", - "k8s.io/kubernetes/pkg/proxy/healthcheck", - "k8s.io/kubernetes/pkg/proxy/iptables", - "k8s.io/kubernetes/pkg/proxy/ipvs", - "k8s.io/kubernetes/pkg/proxy/metaproxier", - "k8s.io/kubernetes/pkg/proxy/metrics", - "k8s.io/kubernetes/pkg/proxy/userspace", - "k8s.io/kubernetes/pkg/proxy/util", - "k8s.io/kubernetes/pkg/registry/core/service/allocator", - "k8s.io/kubernetes/pkg/registry/core/service/portallocator", - "k8s.io/kubernetes/pkg/scheduler/api", - "k8s.io/kubernetes/pkg/scheduler/framework/plugins/helper", - "k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodeaffinity", - "k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodename", - "k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodeports", - "k8s.io/kubernetes/pkg/scheduler/framework/plugins/noderesources", - "k8s.io/kubernetes/pkg/scheduler/framework/v1alpha1", - "k8s.io/kubernetes/pkg/scheduler/internal/parallelize", - "k8s.io/kubernetes/pkg/scheduler/metrics", - "k8s.io/kubernetes/pkg/scheduler/util", - "k8s.io/kubernetes/pkg/scheduler/volumebinder", - "k8s.io/kubernetes/pkg/security/apparmor", - "k8s.io/kubernetes/pkg/security/podsecuritypolicy/seccomp", - "k8s.io/kubernetes/pkg/security/podsecuritypolicy/sysctl", - "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util", - "k8s.io/kubernetes/pkg/securitycontext", - "k8s.io/kubernetes/pkg/serviceaccount", - "k8s.io/kubernetes/pkg/util/async", - "k8s.io/kubernetes/pkg/util/bandwidth", - "k8s.io/kubernetes/pkg/util/config", - "k8s.io/kubernetes/pkg/util/configz", - "k8s.io/kubernetes/pkg/util/conntrack", - "k8s.io/kubernetes/pkg/util/ebtables", - "k8s.io/kubernetes/pkg/util/env", - "k8s.io/kubernetes/pkg/util/filesystem", - "k8s.io/kubernetes/pkg/util/flag", - "k8s.io/kubernetes/pkg/util/flock", - "k8s.io/kubernetes/pkg/util/goroutinemap", - "k8s.io/kubernetes/pkg/util/goroutinemap/exponentialbackoff", - "k8s.io/kubernetes/pkg/util/hash", - "k8s.io/kubernetes/pkg/util/ipset", - "k8s.io/kubernetes/pkg/util/iptables", - "k8s.io/kubernetes/pkg/util/ipvs", - "k8s.io/kubernetes/pkg/util/labels", - "k8s.io/kubernetes/pkg/util/node", - "k8s.io/kubernetes/pkg/util/oom", - "k8s.io/kubernetes/pkg/util/parsers", - "k8s.io/kubernetes/pkg/util/pod", - "k8s.io/kubernetes/pkg/util/procfs", - "k8s.io/kubernetes/pkg/util/removeall", - "k8s.io/kubernetes/pkg/util/resizefs", - "k8s.io/kubernetes/pkg/util/rlimit", - "k8s.io/kubernetes/pkg/util/selinux", - "k8s.io/kubernetes/pkg/util/slice", - "k8s.io/kubernetes/pkg/util/sysctl", - "k8s.io/kubernetes/pkg/util/system", - "k8s.io/kubernetes/pkg/util/tail", - "k8s.io/kubernetes/pkg/util/taints", - "k8s.io/kubernetes/pkg/volume", - "k8s.io/kubernetes/pkg/volume/util", - "k8s.io/kubernetes/pkg/volume/util/fs", - "k8s.io/kubernetes/pkg/volume/util/fsquota", - "k8s.io/kubernetes/pkg/volume/util/recyclerclient", - "k8s.io/kubernetes/pkg/volume/util/subpath", - "k8s.io/kubernetes/pkg/volume/util/types", - "k8s.io/kubernetes/pkg/volume/util/volumepathhandler" - ], - "ForbiddenPrefixes": [] - }, - { - "SelectorRegexp": "k8s[.]io/kubernetes/test/", - "AllowedPrefixes": [ - "k8s.io/kubernetes/test/e2e/framework", - "k8s.io/kubernetes/test/e2e/framework/auth", - "k8s.io/kubernetes/test/e2e/framework/ginkgowrapper", - "k8s.io/kubernetes/test/e2e/framework/kubectl", - "k8s.io/kubernetes/test/e2e/framework/log", - "k8s.io/kubernetes/test/e2e/framework/metrics", - "k8s.io/kubernetes/test/e2e/framework/network", - "k8s.io/kubernetes/test/e2e/framework/node", - "k8s.io/kubernetes/test/e2e/framework/pod", - "k8s.io/kubernetes/test/e2e/framework/rc", - "k8s.io/kubernetes/test/e2e/framework/resource", - "k8s.io/kubernetes/test/e2e/framework/service", - "k8s.io/kubernetes/test/e2e/framework/ssh", - "k8s.io/kubernetes/test/e2e/framework/testfiles", - "k8s.io/kubernetes/test/e2e/framework/websocket", - "k8s.io/kubernetes/test/e2e/manifest", - "k8s.io/kubernetes/test/e2e/perftype", - "k8s.io/kubernetes/test/e2e/storage/utils", - "k8s.io/kubernetes/test/e2e/system", - "k8s.io/kubernetes/test/utils", - "k8s.io/kubernetes/test/utils/image" - ], - "ForbiddenPrefixes": [] - }, - { - "SelectorRegexp": "k8s[.]io/kubernetes/third_party/", - "AllowedPrefixes": [ - "k8s.io/kubernetes/third_party/forked/golang/expansion" - ], - "ForbiddenPrefixes": [] - }, - { - "SelectorRegexp": "k8s[.]io/utils/", - "AllowedPrefixes": [ - "k8s.io/utils/buffer", - "k8s.io/utils/exec", - "k8s.io/utils/inotify", - "k8s.io/utils/integer", - "k8s.io/utils/io", - "k8s.io/utils/keymutex", - "k8s.io/utils/mount", - "k8s.io/utils/net", - "k8s.io/utils/nsenter", - "k8s.io/utils/path", - "k8s.io/utils/pointer", - "k8s.io/utils/strings", - "k8s.io/utils/trace" - ], - "ForbiddenPrefixes": [] - }, - { - "SelectorRegexp": "k8s[.]io/(api/|apimachinery/|apiextensions-apiserver/|apiserver/)", - "AllowedPrefixes": [ - "" - ] - }, - { - "SelectorRegexp": "k8s[.]io/client-go/", - "AllowedPrefixes": [ - "" - ] - } - ] -} +rules: + - selectorRegexp: k8s[.]io/kubernetes/pkg/ + allowedPrefixes: + - k8s.io/kubernetes/pkg/api/legacyscheme + - k8s.io/kubernetes/pkg/api/service + - k8s.io/kubernetes/pkg/api/v1/pod + - k8s.io/kubernetes/pkg/api/v1/resource + - k8s.io/kubernetes/pkg/api/v1/service + - k8s.io/kubernetes/pkg/apis/apps + - k8s.io/kubernetes/pkg/apis/apps/validation + - k8s.io/kubernetes/pkg/apis/autoscaling + - k8s.io/kubernetes/pkg/apis/batch + - k8s.io/kubernetes/pkg/apis/core + - k8s.io/kubernetes/pkg/apis/core/helper + - k8s.io/kubernetes/pkg/apis/core/install + - k8s.io/kubernetes/pkg/apis/core/pods + - k8s.io/kubernetes/pkg/apis/core/v1 + - k8s.io/kubernetes/pkg/apis/core/v1/helper + - k8s.io/kubernetes/pkg/apis/core/v1/helper/qos + - k8s.io/kubernetes/pkg/apis/core/validation + - k8s.io/kubernetes/pkg/apis/extensions + - k8s.io/kubernetes/pkg/apis/networking + - k8s.io/kubernetes/pkg/apis/policy + - k8s.io/kubernetes/pkg/apis/policy/validation + - k8s.io/kubernetes/pkg/apis/scheduling + - k8s.io/kubernetes/pkg/apis/storage/v1/util + - k8s.io/kubernetes/pkg/capabilities + - k8s.io/kubernetes/pkg/client/conditions + - k8s.io/kubernetes/pkg/cloudprovider/providers + - k8s.io/kubernetes/pkg/controller + - k8s.io/kubernetes/pkg/controller/deployment/util + - k8s.io/kubernetes/pkg/controller/nodelifecycle + - k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler + - k8s.io/kubernetes/pkg/controller/service + - k8s.io/kubernetes/pkg/controller/util/node + - k8s.io/kubernetes/pkg/controller/volume/persistentvolume/util + - k8s.io/kubernetes/pkg/controller/volume/scheduling + - k8s.io/kubernetes/pkg/credentialprovider + - k8s.io/kubernetes/pkg/credentialprovider/aws + - k8s.io/kubernetes/pkg/credentialprovider/azure + - k8s.io/kubernetes/pkg/credentialprovider/gcp + - k8s.io/kubernetes/pkg/credentialprovider/secrets + - k8s.io/kubernetes/pkg/features + - k8s.io/kubernetes/pkg/fieldpath + - k8s.io/kubernetes/pkg/kubectl + - k8s.io/kubernetes/pkg/kubectl/apps + - k8s.io/kubernetes/pkg/kubectl/describe + - k8s.io/kubernetes/pkg/kubectl/describe/versioned + - k8s.io/kubernetes/pkg/kubectl/scheme + - k8s.io/kubernetes/pkg/kubectl/util + - k8s.io/kubernetes/pkg/kubectl/util/certificate + - k8s.io/kubernetes/pkg/kubectl/util/deployment + - k8s.io/kubernetes/pkg/kubectl/util/event + - k8s.io/kubernetes/pkg/kubectl/util/fieldpath + - k8s.io/kubernetes/pkg/kubectl/util/podutils + - k8s.io/kubernetes/pkg/kubectl/util/qos + - k8s.io/kubernetes/pkg/kubectl/util/rbac + - k8s.io/kubernetes/pkg/kubectl/util/resource + - k8s.io/kubernetes/pkg/kubectl/util/slice + - k8s.io/kubernetes/pkg/kubectl/util/storage + - k8s.io/kubernetes/pkg/kubelet + - k8s.io/kubernetes/pkg/kubelet/apis + - k8s.io/kubernetes/pkg/kubelet/apis/config + - k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1 + - k8s.io/kubernetes/pkg/kubelet/cadvisor + - k8s.io/kubernetes/pkg/kubelet/certificate + - k8s.io/kubernetes/pkg/kubelet/certificate/bootstrap + - k8s.io/kubernetes/pkg/kubelet/checkpoint + - k8s.io/kubernetes/pkg/kubelet/checkpointmanager + - k8s.io/kubernetes/pkg/kubelet/checkpointmanager/checksum + - k8s.io/kubernetes/pkg/kubelet/checkpointmanager/errors + - k8s.io/kubernetes/pkg/kubelet/cloudresource + - k8s.io/kubernetes/pkg/kubelet/cm + - k8s.io/kubernetes/pkg/kubelet/cm/cpumanager + - k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/containermap + - k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state + - k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology + - k8s.io/kubernetes/pkg/kubelet/cm/cpuset + - k8s.io/kubernetes/pkg/kubelet/cm/devicemanager + - k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/checkpoint + - k8s.io/kubernetes/pkg/kubelet/cm/topologymanager + - k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask + - k8s.io/kubernetes/pkg/kubelet/cm/util + - k8s.io/kubernetes/pkg/kubelet/config + - k8s.io/kubernetes/pkg/kubelet/configmap + - k8s.io/kubernetes/pkg/kubelet/container + - k8s.io/kubernetes/pkg/kubelet/dockershim + - k8s.io/kubernetes/pkg/kubelet/dockershim/cm + - k8s.io/kubernetes/pkg/kubelet/dockershim/libdocker + - k8s.io/kubernetes/pkg/kubelet/dockershim/metrics + - k8s.io/kubernetes/pkg/kubelet/dockershim/network + - k8s.io/kubernetes/pkg/kubelet/dockershim/network/cni + - k8s.io/kubernetes/pkg/kubelet/dockershim/network/hostport + - k8s.io/kubernetes/pkg/kubelet/dockershim/network/kubenet + - k8s.io/kubernetes/pkg/kubelet/dockershim/network/metrics + - k8s.io/kubernetes/pkg/kubelet/dockershim/remote + - k8s.io/kubernetes/pkg/kubelet/envvars + - k8s.io/kubernetes/pkg/kubelet/eviction + - k8s.io/kubernetes/pkg/kubelet/eviction/api + - k8s.io/kubernetes/pkg/kubelet/events + - k8s.io/kubernetes/pkg/kubelet/images + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/checkpoint + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/checkpoint/store + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/configfiles + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/status + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/codec + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/files + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/log + - k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/panic + - k8s.io/kubernetes/pkg/kubelet/kuberuntime + - k8s.io/kubernetes/pkg/kubelet/kuberuntime/logs + - k8s.io/kubernetes/pkg/kubelet/leaky + - k8s.io/kubernetes/pkg/kubelet/lifecycle + - k8s.io/kubernetes/pkg/kubelet/logs + - k8s.io/kubernetes/pkg/kubelet/metrics + - k8s.io/kubernetes/pkg/kubelet/network/dns + - k8s.io/kubernetes/pkg/kubelet/nodelease + - k8s.io/kubernetes/pkg/kubelet/nodestatus + - k8s.io/kubernetes/pkg/kubelet/oom + - k8s.io/kubernetes/pkg/kubelet/pleg + - k8s.io/kubernetes/pkg/kubelet/pluginmanager + - k8s.io/kubernetes/pkg/kubelet/pluginmanager/cache + - k8s.io/kubernetes/pkg/kubelet/pluginmanager/metrics + - k8s.io/kubernetes/pkg/kubelet/pluginmanager/operationexecutor + - k8s.io/kubernetes/pkg/kubelet/pluginmanager/pluginwatcher + - k8s.io/kubernetes/pkg/kubelet/pluginmanager/pluginwatcher/example_plugin_apis/v1beta1 + - k8s.io/kubernetes/pkg/kubelet/pluginmanager/pluginwatcher/example_plugin_apis/v1beta2 + - k8s.io/kubernetes/pkg/kubelet/pluginmanager/reconciler + - k8s.io/kubernetes/pkg/kubelet/pod + - k8s.io/kubernetes/pkg/kubelet/preemption + - k8s.io/kubernetes/pkg/kubelet/prober + - k8s.io/kubernetes/pkg/kubelet/prober/results + - k8s.io/kubernetes/pkg/kubelet/qos + - k8s.io/kubernetes/pkg/kubelet/remote + - k8s.io/kubernetes/pkg/kubelet/runtimeclass + - k8s.io/kubernetes/pkg/kubelet/server + - k8s.io/kubernetes/pkg/kubelet/server/metrics + - k8s.io/kubernetes/pkg/kubelet/server/portforward + - k8s.io/kubernetes/pkg/kubelet/server/remotecommand + - k8s.io/kubernetes/pkg/kubelet/server/stats + - k8s.io/kubernetes/pkg/kubelet/server/streaming + - k8s.io/kubernetes/pkg/kubelet/stats + - k8s.io/kubernetes/pkg/kubelet/stats/pidlimit + - k8s.io/kubernetes/pkg/kubelet/status + - k8s.io/kubernetes/pkg/kubelet/secret + - k8s.io/kubernetes/pkg/kubelet/sysctl + - k8s.io/kubernetes/pkg/kubelet/types + - k8s.io/kubernetes/pkg/kubelet/token + - k8s.io/kubernetes/pkg/kubelet/util + - k8s.io/kubernetes/pkg/kubelet/util/format + - k8s.io/kubernetes/pkg/kubelet/util/manager + - k8s.io/kubernetes/pkg/kubelet/util/store + - k8s.io/kubernetes/pkg/kubelet/volumemanager + - k8s.io/kubernetes/pkg/kubelet/volumemanager/cache + - k8s.io/kubernetes/pkg/kubelet/volumemanager/metrics + - k8s.io/kubernetes/pkg/kubelet/volumemanager/populator + - k8s.io/kubernetes/pkg/kubelet/volumemanager/reconciler + - k8s.io/kubernetes/pkg/kubemark + - k8s.io/kubernetes/pkg/master/ports + - k8s.io/kubernetes/pkg/probe + - k8s.io/kubernetes/pkg/probe/exec + - k8s.io/kubernetes/pkg/probe/http + - k8s.io/kubernetes/pkg/probe/tcp + - k8s.io/kubernetes/pkg/proxy + - k8s.io/kubernetes/pkg/proxy/apis + - k8s.io/kubernetes/pkg/proxy/apis/config + - k8s.io/kubernetes/pkg/proxy/apis/config/scheme + - k8s.io/kubernetes/pkg/proxy/apis/config/v1alpha1 + - k8s.io/kubernetes/pkg/proxy/apis/config/validation + - k8s.io/kubernetes/pkg/proxy/config + - k8s.io/kubernetes/pkg/proxy/healthcheck + - k8s.io/kubernetes/pkg/proxy/iptables + - k8s.io/kubernetes/pkg/proxy/ipvs + - k8s.io/kubernetes/pkg/proxy/metaproxier + - k8s.io/kubernetes/pkg/proxy/metrics + - k8s.io/kubernetes/pkg/proxy/userspace + - k8s.io/kubernetes/pkg/proxy/util + - k8s.io/kubernetes/pkg/registry/core/service/allocator + - k8s.io/kubernetes/pkg/registry/core/service/portallocator + - k8s.io/kubernetes/pkg/scheduler/api + - k8s.io/kubernetes/pkg/scheduler/framework/plugins/helper + - k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodeaffinity + - k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodename + - k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodeports + - k8s.io/kubernetes/pkg/scheduler/framework/plugins/noderesources + - k8s.io/kubernetes/pkg/scheduler/framework/v1alpha1 + - k8s.io/kubernetes/pkg/scheduler/internal/parallelize + - k8s.io/kubernetes/pkg/scheduler/listers + - k8s.io/kubernetes/pkg/scheduler/metrics + - k8s.io/kubernetes/pkg/scheduler/nodeinfo + - k8s.io/kubernetes/pkg/scheduler/util + - k8s.io/kubernetes/pkg/scheduler/volumebinder + - k8s.io/kubernetes/pkg/security/apparmor + - k8s.io/kubernetes/pkg/security/podsecuritypolicy/seccomp + - k8s.io/kubernetes/pkg/security/podsecuritypolicy/sysctl + - k8s.io/kubernetes/pkg/security/podsecuritypolicy/util + - k8s.io/kubernetes/pkg/securitycontext + - k8s.io/kubernetes/pkg/serviceaccount + - k8s.io/kubernetes/pkg/util/async + - k8s.io/kubernetes/pkg/util/bandwidth + - k8s.io/kubernetes/pkg/util/config + - k8s.io/kubernetes/pkg/util/configz + - k8s.io/kubernetes/pkg/util/conntrack + - k8s.io/kubernetes/pkg/util/ebtables + - k8s.io/kubernetes/pkg/util/env + - k8s.io/kubernetes/pkg/util/filesystem + - k8s.io/kubernetes/pkg/util/flag + - k8s.io/kubernetes/pkg/util/flock + - k8s.io/kubernetes/pkg/util/goroutinemap + - k8s.io/kubernetes/pkg/util/goroutinemap/exponentialbackoff + - k8s.io/kubernetes/pkg/util/hash + - k8s.io/kubernetes/pkg/util/ipset + - k8s.io/kubernetes/pkg/util/iptables + - k8s.io/kubernetes/pkg/util/ipvs + - k8s.io/kubernetes/pkg/util/labels + - k8s.io/kubernetes/pkg/util/node + - k8s.io/kubernetes/pkg/util/oom + - k8s.io/kubernetes/pkg/util/parsers + - k8s.io/kubernetes/pkg/util/pod + - k8s.io/kubernetes/pkg/util/procfs + - k8s.io/kubernetes/pkg/util/removeall + - k8s.io/kubernetes/pkg/util/resizefs + - k8s.io/kubernetes/pkg/util/rlimit + - k8s.io/kubernetes/pkg/util/selinux + - k8s.io/kubernetes/pkg/util/slice + - k8s.io/kubernetes/pkg/util/sysctl + - k8s.io/kubernetes/pkg/util/system + - k8s.io/kubernetes/pkg/util/tail + - k8s.io/kubernetes/pkg/util/taints + - k8s.io/kubernetes/pkg/volume + - k8s.io/kubernetes/pkg/volume/util + - k8s.io/kubernetes/pkg/volume/util/fs + - k8s.io/kubernetes/pkg/volume/util/fsquota + - k8s.io/kubernetes/pkg/volume/util/recyclerclient + - k8s.io/kubernetes/pkg/volume/util/subpath + - k8s.io/kubernetes/pkg/volume/util/types + - k8s.io/kubernetes/pkg/volume/util/volumepathhandler + - selectorRegexp: k8s[.]io/kubernetes/test/ + allowedPrefixes: + - k8s.io/kubernetes/test/e2e/framework + - k8s.io/kubernetes/test/e2e/framework/auth + - k8s.io/kubernetes/test/e2e/framework/ginkgowrapper + - k8s.io/kubernetes/test/e2e/framework/kubectl + - k8s.io/kubernetes/test/e2e/framework/log + - k8s.io/kubernetes/test/e2e/framework/metrics + - k8s.io/kubernetes/test/e2e/framework/network + - k8s.io/kubernetes/test/e2e/framework/node + - k8s.io/kubernetes/test/e2e/framework/pod + - k8s.io/kubernetes/test/e2e/framework/rc + - k8s.io/kubernetes/test/e2e/framework/resource + - k8s.io/kubernetes/test/e2e/framework/service + - k8s.io/kubernetes/test/e2e/framework/ssh + - k8s.io/kubernetes/test/e2e/framework/testfiles + - k8s.io/kubernetes/test/e2e/framework/websocket + - k8s.io/kubernetes/test/e2e/manifest + - k8s.io/kubernetes/test/e2e/perftype + - k8s.io/kubernetes/test/e2e/storage/utils + - k8s.io/kubernetes/test/e2e/system + - k8s.io/kubernetes/test/utils + - k8s.io/kubernetes/test/utils/image + # TODO: why is this here? + - selectorRegexp: k8s[.]io/kubernetes/third_party/ + allowedPrefixes: + - k8s.io/kubernetes/third_party/forked/golang/expansion + # Allow import of specific parts of k8s.io/utils + # TODO: why wouldn't we just allow all of k8s.io/utils + - selectorRegexp: k8s[.]io/utils/ + allowedPrefixes: + - k8s.io/utils/buffer + - k8s.io/utils/exec + - k8s.io/utils/inotify + - k8s.io/utils/integer + - k8s.io/utils/io + - k8s.io/utils/keymutex + - k8s.io/utils/mount + - k8s.io/utils/net + - k8s.io/utils/nsenter + - k8s.io/utils/path + - k8s.io/utils/pointer + - k8s.io/utils/strings + - k8s.io/utils/trace + # Allow import of k8.io/(api|apimachinery|apiextensions-apiserver|apiserver) + - selectorRegexp: k8s[.]io/(api/|apimachinery/|apiextensions-apiserver/|apiserver/) + allowedPrefixes: + - '' + # Allow import of ks.io/client-go + - selectorRegexp: k8s[.]io/client-go/ + allowedPrefixes: + - '' diff --git a/test/integration/.import-restrictions b/test/integration/.import-restrictions index 20d0d03384f..1f01942b700 100644 --- a/test/integration/.import-restrictions +++ b/test/integration/.import-restrictions @@ -1,8 +1,5 @@ -{ - "Rules": [ - { - "SelectorRegexp": "k8s[.]io/kubernetes/test/e2e", - "AllowedPrefixes": [] - } - ] -} +rules: + # Prevent import of k8s.io/kubernetes/test/e2e + - selectorRegexp: k8s[.]io/kubernetes/test/e2e + allowedPrefixes: + - ''