Docs
Blog
Kubevious.io places cookies on your computer or device to make the site work better and to help us understand how you use our site. Further use of this site (by clicking, navigating or scrolling) will be considered consent. Please visit our privacy policy for more information.
Guard
Features
Application Centric UI
Health Monitoring
Cloud Native Tools
Search Engine
Time Machine
Rules Engine
Concepts
Target Script Syntax
Resource Name Filters
Labels Filters
Annotation Filters
Custom Code Filters
Synthetic Property Filters
Hierarchy Traversal
Rule Script Syntax
Contributing
Slack Bot
Built-in Validators
Container
Compute
Configuration
Networking
Storage
RBAC
Security
Traefik Proxy
Docs
Features
Rules Engine

Target Script Syntax

The purpose of the target script is to select items from the diagram that matches the required criteria. The selected items are passed along to the rule script for validation.

The target script starts with a select statement that takes the kind as an input. That statement selects all nodes of the given kind. The best place to discover item kinds is the diagram viewer, but the most commonly used ones are:

Kind Description
Namespace Kubernetes namespace.
Application An abstraction that represents a workload and associated configurations like Services, Ingresses, ConfigMaps, Volumes, Pods, etc.
Launcher A controller that launches the application. It represents either a Deployment, StatefulSet or a DaemonSet.
Container An individual container spec from Deployment, StatefulSet or a DaemonSet.
Init Container An individual init container spec from Deployment, StatefulSet or a DaemonSet.
Image A synthetic item representing a container image used inside the Container or Init Container.
Volume A volume spec from Container or Init Container.
ConfigMap A ConfigMap which is associated to Container. Can be directly under the Container if used as environment variables, or under Volume if mounted.
Port A container port definition.
Service A Kubernetes Service. Can be present directly under the Application or under the Port.
Ingress A Kubernetes Ingress. Can be present directly under the Application or under the Service.
Service Account A Kubernetes ServiceAccount. Present under the Application.
Cluster Role Binding A Kubernetes ClusterRoleBinding. Present under the Service Account.
Role Binding A Kubernetes RoleBinding. Present under the Service Account.
Cluster Role A Kubernetes ClusterRole. Present under the Cluster Role Binding or Role Binding.
Pod Security Policy A Kubernetes PodSecurityPolicy. Present under Cluster Role.
Role A Kubernetes Role. Present under the Role Binding.
Replicaset A Kubernetes ReplicaSet. Present under Launcher.
Pod A Kubernetes Pod. Present under ReplicaSet for Deployment and DaemonSet. Directly under Launcher for StatefulSet.
Persistent Volume Claim A Kubernetes PVC. Present under Pod.
Persistent Volume A Kubernetes Persistent Volume. Present under Persistent Volume Claim.
Infra A placeholder item for infrastructure related items.
Nodes A group for Kubernetes nodes. Present under Infra item.
Node A Kubernetes Node. Present under Nodes.

Selecting resources of a given kind

Every target script should start with a select statement. In the example below, all Pods are passed to the rule script for validation.

select('Pod')

Other examples could be selecting container images:

select('Image')

or PodSecurityPolicies:

select('Pod Security Policy')

Filtering Resources

Resource Name Filters
Labels Filters
Annotation Filters
Custom Code Filters
Synthetic Property Filters
Hierarchy Traversal
Prev
Concepts
Next
Resource Name Filters
Share this article on:
message
PRODUCTGet StartedDemoOpen-Source
COMPANYContactPrivacy PolicyTerms and Conditions
KNOWLEDGE BASEDocumentationKubernetes Best PracticesBlog