commit 18a9c0775a1c4f9e8b4b487194a9dadb872e9797 Author: yannh Date: Sun Dec 19 21:55:29 2021 +0000 deploy: b3bd3fa3371fccb7e725b9dedca5627db9098740 diff --git a/.nojekyll b/.nojekyll new file mode 100644 index 0000000..e69de29 diff --git a/about/index.html b/about/index.html new file mode 100644 index 0000000..f5ccdb4 --- /dev/null +++ b/about/index.html @@ -0,0 +1,7 @@ +Kubeconform - Fast Kubernetes manifests validation! | About

About

Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes +configuration!

It is inspired by, contains code from and is designed to stay close to +Kubeval, but with the following improvements:

  • high performance: will validate & download manifests over multiple routines, caching +downloaded files in memory
  • configurable list of remote, or local schemas locations, enabling validating Kubernetes +custom resources (CRDs) and offline validation capabilities
  • uses by default a self-updating fork of the schemas registry maintained +by the kubernetes-json-schema project - which guarantees +up-to-date schemas for all recent versions of Kubernetes.
\ No newline at end of file diff --git a/categories/index.xml b/categories/index.xml new file mode 100644 index 0000000..1277089 --- /dev/null +++ b/categories/index.xml @@ -0,0 +1 @@ +Categories on Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/categories/Recent content in Categories on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-us \ No newline at end of file diff --git a/css/prism.css b/css/prism.css new file mode 100644 index 0000000..627fd64 --- /dev/null +++ b/css/prism.css @@ -0,0 +1,122 @@ +/** + * okaidia theme for JavaScript, CSS and HTML + * Loosely based on Monokai textmate theme by http://www.monokai.nl/ + * @author ocodia + */ + +code[class*="language-"], +pre[class*="language-"] { + color: #f8f8f2; + background: none; + text-shadow: 0 1px rgba(0, 0, 0, 0.3); + font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace; + text-align: left; + white-space: pre; + word-spacing: normal; + word-break: normal; + word-wrap: normal; + line-height: 1.5; + + -moz-tab-size: 4; + -o-tab-size: 4; + tab-size: 4; + + -webkit-hyphens: none; + -moz-hyphens: none; + -ms-hyphens: none; + hyphens: none; +} + +/* Code blocks */ +pre[class*="language-"] { + padding: 1em; + margin: .5em 0; + overflow: auto; + border-radius: 0.3em; +} + +:not(pre) > code[class*="language-"], +pre[class*="language-"] { + background: #272822; +} + +/* Inline code */ +:not(pre) > code[class*="language-"] { + padding: .1em; + border-radius: .3em; + white-space: normal; +} + +.token.comment, +.token.prolog, +.token.doctype, +.token.cdata { + color: slategray; +} + +.token.punctuation { + color: #f8f8f2; +} + +.namespace { + opacity: .7; +} + +.token.property, +.token.tag, +.token.constant, +.token.symbol, +.token.deleted { + color: #f92672; +} + +.token.boolean, +.token.number { + color: #ae81ff; +} + +.token.selector, +.token.attr-name, +.token.string, +.token.char, +.token.builtin, +.token.inserted { + color: #a6e22e; +} + +.token.operator, +.token.entity, +.token.url, +.language-css .token.string, +.style .token.string, +.token.variable { + color: #f8f8f2; +} + +.token.atrule, +.token.attr-value, +.token.function, +.token.class-name { + color: #e6db74; +} + +.token.keyword { + color: #66d9ef; +} + +.token.regex, +.token.important { + color: #fd971f; +} + +.token.important, +.token.bold { + font-weight: bold; +} +.token.italic { + font-style: italic; +} + +.token.entity { + cursor: help; +} \ No newline at end of file diff --git a/css/style.css b/css/style.css new file mode 100644 index 0000000..5ffd3bc --- /dev/null +++ b/css/style.css @@ -0,0 +1,204 @@ + +/* Colors */ +body { background-color: white; } +a { color: black } +hr { border-color: #ddd; } +#header, #footer { background-color: #002036; color: white } + +@media (prefers-color-scheme: dark) { +} + +/* Font sizes */ +body { font-size: 1.2rem; line-height: 1.7rem; text-size-adjust: 100%; } +h1 { font-size: 2.3rem; line-height: 3.2rem; font-weight: 400 } +h2 { font-size: 1.8rem; line-height: 2.3rem; font-weight: 400 } +h3 { font-size: 1.5rem; line-height: 1.8rem; font-weight: 300 } + +#header h1 { font-size: 3rem; line-height: 3.3rem; font-weight: 500; margin-top: 0.2em; margin-left: 30px } +#header h2 { font-size: 1.3rem; line-height: 1.5rem; font-weight: 300; font-style: italic; margin: 0 0 0.5em 30px} + +/* We default all margins/paddings to 0 */ +* { margin: 0; padding: 0 } +a { text-decoration: none } +#content-text a { text-decoration: underline } +#content-text a:hover { text-decoration: none } +p { + font-weight: 400; + margin-bottom: 16px; +} + +h2 { + font-weight: 500; + margin: 3rem 0 0.8rem 0; +} + +h3 { + font-weight: 500; + margin: 1.5rem 0 1.5rem 0; +} +pre { + margin: 1rem 0 1rem 0 +} + +#main-container { + padding: 0; + font-family: "Roboto", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-feature-settings: "kern", "liga"; + width: 100%; + background-color: white; +} + +hr { + height: 1px; + margin: 3rem 0 3rem 0; + clear: both; +} + +#header, #footer { + width: 100%; + clear: both; +} + +#header { + padding: 0.5em 0 0.5em 0em; +} + +#menu { + background-color: #ddd; + padding: 1em +} + +#content { + display:flex; +} + +#menu { + flex: 15; + min-width: 15%; + padding: 2em +} + +#main { + flex: 85; + min-width: 0; +} + +#main h1 { + padding-bottom: 1em; +} + +pre { + overflow: scroll; + min-width: 0 +} + +#footer { + padding: 0.5em 0; + text-align: center; + color: white; + font-size: smaller; +} + +#footer a { + font-style: italic; + color: white; + text-decoration: underline; +} + +#navigation { + float: right; + padding-right: 2em; +} + +#navigation li { + display: block; + width: 100px; + float: right; + padding-top: 0.2em; + text-align: center; + font-weight: bold; + font-size: smaller; +} + +#navigation li a{ + color: white +} + +#navigation li a:hover{ + text-decoration: underline; +} + +#motto { + text-align: center; + font-style: italic; + font-size: 1.1em; + margin: 2em auto 2em auto; +} + +#demo{ + font-size: smaller; + margin: 2em auto 2em auto; + border-radius: 1em; + display: table; + overflow: scroll; +} + +#kc-pros { + display: flex; + flex-flow: row wrap; + margin: 0 auto; + width: 60%; +} + +#kc-pros > div { + flex-basis: 50%; +} + +#kc-pros h2 { + font-size: 1.2em; + line-height: 1.2em; + padding: 0 5% 0.3em 5%; +} + +#kc-pros p { + font-size: 0.9em; + padding: 0 5% 2em 5%; +} + +#get { + display: table; + border: 1px solid black; + padding: 0.5em 2em; + border-radius: 0.8em; + clear: both; + margin: 3em auto 5em auto; + background-color: #0594cb; + color: white; + text-align: center; +} + +#get:active { + background-color: #002036; +} + +.navig { + display: flex; + flex-flow: row wrap; + margin: 0 auto; +} + +.navig > a { + flex-basis: 50%; + text-align: center; + background-color: #eee; + padding: 0.4em 0; + font-size: smaller +} + +#content-text { + padding: 2em; +} + +#main ul { + margin: 1em 0 2em 3em; +} \ No newline at end of file diff --git a/docs/crd-support/index.html b/docs/crd-support/index.html new file mode 100644 index 0000000..ac678a2 --- /dev/null +++ b/docs/crd-support/index.html @@ -0,0 +1,18 @@ +Kubeconform - Fast Kubernetes manifests validation! | Custom Resources support
+

Custom Resources support

When the -schema-location parameter is not used, or set to “default”, kubeconform will default to downloading +schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, +schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions +in each of them, in order, stopping as soon as a matching file is found.

  • If the -schema-location value does not end with ‘.json’, Kubeconform will assume filenames / a file +structure identical to that of kubernetesjsonschema.dev or github.com/yannh/kubernetes-json-schema.
  • if the -schema-location value ends with ‘.json’ - Kubeconform assumes the value is a Go templated +string that indicates how to search for JSON schemas.
  • the -schema-location value of “default” is an alias for https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json. +Both following command lines are equivalent:
$ ./bin/kubeconform fixtures/valid.yaml
+$ ./bin/kubeconform -schema-location default fixtures/valid.yaml
+$ ./bin/kubeconform -schema-location 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/valid.yaml
+

To support validating CRDs, we need to convert OpenAPI files to JSON schema, storing the JSON schemas +in a local folder - for example schemas. Then we specify this folder as an additional registry to lookup:

# If the resource Kind is not found in kubernetesjsonschema.dev, also lookup in the schemas/ folder for a matching file
+$ ./bin/kubeconform -schema-location default -schema-location 'schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/custom-resource.yaml
+

You can validate Openshift manifests using a custom schema location. Set the OpenShift version to validate +against using -kubernetes-version.

$ ./bin/kubeconform -kubernetes-version 3.8.0  -schema-location 'https://raw.githubusercontent.com/garethr/openshift-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}.json'  -summary fixtures/valid.yaml
+Summary: 1 resource found in 1 file - Valid: 1, Invalid: 0, Errors: 0 Skipped: 0
+

Here are the variables you can use in -schema-location:

  • NormalizedKubernetesVersion - Kubernetes Version, prefixed by v
  • StrictSuffix - “-strict” or "" depending on whether validation is running in strict mode or not
  • ResourceKind - Kind of the Kubernetes Resource
  • ResourceAPIVersion - Version of API used for the resource - “v1” in “apiVersion: monitoring.coreos.com/v1”
  • KindSuffix - suffix computed from apiVersion - for compatibility with Kubeval schema registries
+
\ No newline at end of file diff --git a/docs/index.xml b/docs/index.xml new file mode 100644 index 0000000..1203a03 --- /dev/null +++ b/docs/index.xml @@ -0,0 +1,10 @@ +Docs on Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/docs/Recent content in Docs on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-usFri, 02 Jul 2021 00:00:00 +0000Installationhttp://kubeconform.mandragor.org/docs/installation/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/installation/Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page.Usagehttp://kubeconform.mandragor.org/docs/usage/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage/$ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate.Custom Resources supporthttp://kubeconform.mandragor.org/docs/crd-support/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/crd-support/When the -schema-location parameter is not used, or set to “default”, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. +If the -schema-location value does not end with ‘.json’, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema.Github Actionhttp://kubeconform.mandragor.org/docs/usage-as-github-action/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage-as-github-action/Kubeconform is publishes Docker Images to Github’s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta.Kubeconform as a Go modulehttp://kubeconform.mandragor.org/docs/using-as-a-go-module/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/using-as-a-go-module/Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.devConversion of CRD to JSON Schemahttp://kubeconform.mandragor.org/docs/json-schema-conversion/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/json-schema-conversion/Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). \ No newline at end of file diff --git a/docs/installation/index.html b/docs/installation/index.html new file mode 100644 index 0000000..048fd65 --- /dev/null +++ b/docs/installation/index.html @@ -0,0 +1,4 @@ +Kubeconform - Fast Kubernetes manifests validation! | Installation

Installation

Linux

Download the latest release from our release page.

For example, for Linux on x86_64 architecture:

curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \
+sudo mv kubeconform /usr/local/bin/
+

MacOs

Kubeconform is available to install using Homebrew:

$ brew install kubeconform
+

Windows

Download the latest release from our release page.

You can also download the latest version from the release page.

\ No newline at end of file diff --git a/docs/json-schema-conversion/index.html b/docs/json-schema-conversion/index.html new file mode 100644 index 0000000..083229c --- /dev/null +++ b/docs/json-schema-conversion/index.html @@ -0,0 +1,9 @@ +Kubeconform - Fast Kubernetes manifests validation! | Conversion of CRD to JSON Schema

Conversion of CRD to JSON Schema

Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition +first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions +to JSON schema. Here is an example how to use it:

#!/bin/bash
+$ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml
+JSON schema written to trainingjob_v1.json
+

The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}).

$ export FILENAME_FORMAT='{kind}-{group}-{version}'
+$ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml
+JSON schema written to trainingjob-sagemaker-v1.json
+

Some CRD schemas do not have explicit validation for fields implicitly validated by the Kubernetes API like apiVersion, kind, and metadata, thus additional properties are allowed at the root of the JSON schema by default, if this is not desired the DENY_ROOT_ADDITIONAL_PROPERTIES environment variable can be set to any non-empty value.

\ No newline at end of file diff --git a/docs/usage-as-github-action/index.html b/docs/usage-as-github-action/index.html new file mode 100644 index 0000000..99fe4e9 --- /dev/null +++ b/docs/usage-as-github-action/index.html @@ -0,0 +1,21 @@ +Kubeconform - Fast Kubernetes manifests validation! | Github Action
+

Github Action

Kubeconform is publishes Docker Images to Github’s new Container Registry, ghcr.io. These images +can be used directly in a Github Action, once logged in using a Github Token.

name: kubeconform
+on: push
+jobs:
+  kubeconform:
+    runs-on: ubuntu-latest
+    steps:
+      - name: login to Github Packages
+        run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
+      - uses: actions/checkout@v2
+      - uses: docker://ghcr.io/yannh/kubeconform:master
+        with:
+          entrypoint: '/kubeconform'
+          args: "-summary -output json kubeconfigs/"
+

Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta. During that period, +bandwidth is free. After that period, +bandwidth costs might be applicable. Since bandwidth from Github Packages within Github Actions is free, I expect +Github Container Registry to also be usable for free within Github Actions in the future. If that were not to be the +case, I might publish the Docker image to a different platform.

+
\ No newline at end of file diff --git a/docs/usage/index.html b/docs/usage/index.html new file mode 100644 index 0000000..8bfffcf --- /dev/null +++ b/docs/usage/index.html @@ -0,0 +1,67 @@ +Kubeconform - Fast Kubernetes manifests validation! | Usage
+

Usage

$ ./bin/kubeconform -h
+Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]...
+  -cache string
+        cache schemas downloaded via HTTP to this folder
+  -cpu-prof string
+        debug - log CPU profiling to file
+  -exit-on-error
+        immediately stop execution when the first error is encountered
+  -h    show help information
+  -ignore-filename-pattern value
+        regular expression specifying paths to ignore (can be specified multiple times)
+  -ignore-missing-schemas
+        skip files with missing schemas instead of failing
+  -insecure-skip-tls-verify
+        disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
+  -kubernetes-version string
+        version of Kubernetes to validate against, e.g.: 1.18.0 (default "master")
+  -n int
+        number of goroutines to run concurrently (default 4)
+  -output string
+        output format - json, junit, tap, text (default "text")
+  -reject string
+        comma-separated list of kinds to reject
+  -schema-location value
+        override schemas location search path (can be specified multiple times)
+  -skip string
+        comma-separated list of kinds to ignore
+  -strict
+        disallow additional properties not in schema
+  -summary
+        print a summary at the end (ignored for junit output)
+  -v	show version information
+  -verbose
+        print results for all resources (ignored for tap and junit output)
+

Validating a single, valid file

$ ./bin/kubeconform fixtures/valid.yaml
+$ echo $?
+0
+

Validating a single invalid file, setting output to json, and printing a summary

$ ./bin/kubeconform -summary -output json fixtures/invalid.yaml
+{
+  "resources": [
+    {
+      "filename": "fixtures/invalid.yaml",
+      "kind": "ReplicationController",
+      "version": "v1",
+      "status": "INVALID",
+      "msg": "Additional property templates is not allowed - Invalid type. Expected: [integer,null], given: string"
+    }
+  ],
+  "summary": {
+    "valid": 0,
+    "invalid": 1,
+    "errors": 0,
+    "skipped": 0
+  }
+}
+$ echo $?
+1
+

Passing manifests via Stdin

cat fixtures/valid.yaml  | ./bin/kubeconform -summary
+Summary: 1 resource found parsing stdin - Valid: 1, Invalid: 0, Errors: 0 Skipped: 0
+

Validating a folder, increasing the number of parallel workers

$ ./bin/kubeconform -summary -n 16 fixtures
+fixtures/crd_schema.yaml - CustomResourceDefinition trainingjobs.sagemaker.aws.amazon.com failed validation: could not find schema for CustomResourceDefinition
+fixtures/invalid.yaml - ReplicationController bob is invalid: Invalid type. Expected: [integer,null], given: string
+[...]
+Summary: 65 resources found in 34 files - Valid: 55, Invalid: 2, Errors: 8 Skipped: 0
+
+
\ No newline at end of file diff --git a/docs/using-as-a-go-module/index.html b/docs/using-as-a-go-module/index.html new file mode 100644 index 0000000..61a6b73 --- /dev/null +++ b/docs/using-as-a-go-module/index.html @@ -0,0 +1,4 @@ +Kubeconform - Fast Kubernetes manifests validation! | Kubeconform as a Go module
+

Kubeconform as a Go module

Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged.

Kubeconform contains a package that can be used as a library. +An example of usage can be found in examples/main.go

Additional documentation on pkg.go.dev

+
\ No newline at end of file diff --git a/index.html b/index.html new file mode 100644 index 0000000..e38ef55 --- /dev/null +++ b/index.html @@ -0,0 +1,3 @@ +Kubeconform - Fast Kubernetes manifests validation!

Validate your Kubernetes manifests instead of deploying broken configuration

$ kubeconform -summary myapp/deployment.yaml
+Summary: 5 resources found in 1 file - Valid: 5, Invalid: 0, Errors: 0, Skipped: 0
+
Get Started!

Easy-to-use

Single binary, super-easy installation for Windows, Mac & Linux. It takes seconds to get started.

Lightning fast

Kubeconform makes heavy use of Golang's concurrency capabilities, and will spread its workload across multiple cores.

Support for Kubernetes CRDs

Validate ALL your Kubernetes resources with Kubeconform's CRD support

Flexible

With support for JSON, Junit, TAP output, and leveraging the easy-to-use Docker image, you can run Kubeconform in any CI system.

\ No newline at end of file diff --git a/index.xml b/index.xml new file mode 100644 index 0000000..3cdd7aa --- /dev/null +++ b/index.xml @@ -0,0 +1,12 @@ +Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/Recent content on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-usFri, 02 Jul 2021 00:00:00 +0000Installationhttp://kubeconform.mandragor.org/docs/installation/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/installation/Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page.Usagehttp://kubeconform.mandragor.org/docs/usage/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage/$ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate.Custom Resources supporthttp://kubeconform.mandragor.org/docs/crd-support/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/crd-support/When the -schema-location parameter is not used, or set to “default”, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. +If the -schema-location value does not end with ‘.json’, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema.Github Actionhttp://kubeconform.mandragor.org/docs/usage-as-github-action/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage-as-github-action/Kubeconform is publishes Docker Images to Github’s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta.Kubeconform as a Go modulehttp://kubeconform.mandragor.org/docs/using-as-a-go-module/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/using-as-a-go-module/Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.devAbouthttp://kubeconform.mandragor.org/about/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/about/Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration! +It is inspired by, contains code from and is designed to stay close to Kubeval, but with the following improvements: +high performance: will validate & download manifests over multiple routines, caching downloaded files in memory configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes.Conversion of CRD to JSON Schemahttp://kubeconform.mandragor.org/docs/json-schema-conversion/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/json-schema-conversion/Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). \ No newline at end of file diff --git a/installation/index.html b/installation/index.html new file mode 100644 index 0000000..e3affec --- /dev/null +++ b/installation/index.html @@ -0,0 +1,31 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture + +
+

Kubeconform

+

A FAST Kubernetes manifests validator

+
+
+ +
+ +← Back +

The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture
July 2, 2021

+ +

Installation

+ + + + + +
+ +
+ + diff --git a/js/prism.js b/js/prism.js new file mode 100644 index 0000000..2220755 --- /dev/null +++ b/js/prism.js @@ -0,0 +1,4 @@ +/* PrismJS 1.23.0 +https://prismjs.com/download.html#themes=prism&languages=bash */ +var _self="undefined"!=typeof window?window:"undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?self:{},Prism=function(u){var c=/\blang(?:uage)?-([\w-]+)\b/i,n=0,e={},M={manual:u.Prism&&u.Prism.manual,disableWorkerMessageHandler:u.Prism&&u.Prism.disableWorkerMessageHandler,util:{encode:function e(n){return n instanceof W?new W(n.type,e(n.content),n.alias):Array.isArray(n)?n.map(e):n.replace(/&/g,"&").replace(/=l.reach);y+=m.value.length,m=m.next){var b=m.value;if(t.length>n.length)return;if(!(b instanceof W)){var k,x=1;if(h){if(!(k=z(v,y,n,f)))break;var w=k.index,A=k.index+k[0].length,P=y;for(P+=m.value.length;P<=w;)m=m.next,P+=m.value.length;if(P-=m.value.length,y=P,m.value instanceof W)continue;for(var E=m;E!==t.tail&&(Pl.reach&&(l.reach=N);var j=m.prev;O&&(j=I(t,j,O),y+=O.length),q(t,j,x);var C=new W(o,g?M.tokenize(S,g):S,d,S);if(m=I(t,j,C),L&&I(t,m,L),1l.reach&&(l.reach=_.reach)}}}}}}(e,a,n,a.head,0),function(e){var n=[],t=e.head.next;for(;t!==e.tail;)n.push(t.value),t=t.next;return n}(a)},hooks:{all:{},add:function(e,n){var t=M.hooks.all;t[e]=t[e]||[],t[e].push(n)},run:function(e,n){var t=M.hooks.all[e];if(t&&t.length)for(var r,a=0;r=t[a++];)r(n)}},Token:W};function W(e,n,t,r){this.type=e,this.content=n,this.alias=t,this.length=0|(r||"").length}function z(e,n,t,r){e.lastIndex=n;var a=e.exec(t);if(a&&r&&a[1]){var i=a[1].length;a.index+=i,a[0]=a[0].slice(i)}return a}function i(){var e={value:null,prev:null,next:null},n={value:null,prev:e,next:null};e.next=n,this.head=e,this.tail=n,this.length=0}function I(e,n,t){var r=n.next,a={value:t,prev:n,next:r};return n.next=a,r.prev=a,e.length++,a}function q(e,n,t){for(var r=n.next,a=0;a"+a.content+""},!u.document)return u.addEventListener&&(M.disableWorkerMessageHandler||u.addEventListener("message",function(e){var n=JSON.parse(e.data),t=n.language,r=n.code,a=n.immediateClose;u.postMessage(M.highlight(r,M.languages[t],t)),a&&u.close()},!1)),M;var t=M.util.currentScript();function r(){M.manual||M.highlightAll()}if(t&&(M.filename=t.src,t.hasAttribute("data-manual")&&(M.manual=!0)),!M.manual){var a=document.readyState;"loading"===a||"interactive"===a&&t&&t.defer?document.addEventListener("DOMContentLoaded",r):window.requestAnimationFrame?window.requestAnimationFrame(r):window.setTimeout(r,16)}return M}(_self);"undefined"!=typeof module&&module.exports&&(module.exports=Prism),"undefined"!=typeof global&&(global.Prism=Prism); +!function(e){var t="\\b(?:BASH|BASHOPTS|BASH_ALIASES|BASH_ARGC|BASH_ARGV|BASH_CMDS|BASH_COMPLETION_COMPAT_DIR|BASH_LINENO|BASH_REMATCH|BASH_SOURCE|BASH_VERSINFO|BASH_VERSION|COLORTERM|COLUMNS|COMP_WORDBREAKS|DBUS_SESSION_BUS_ADDRESS|DEFAULTS_PATH|DESKTOP_SESSION|DIRSTACK|DISPLAY|EUID|GDMSESSION|GDM_LANG|GNOME_KEYRING_CONTROL|GNOME_KEYRING_PID|GPG_AGENT_INFO|GROUPS|HISTCONTROL|HISTFILE|HISTFILESIZE|HISTSIZE|HOME|HOSTNAME|HOSTTYPE|IFS|INSTANCE|JOB|LANG|LANGUAGE|LC_ADDRESS|LC_ALL|LC_IDENTIFICATION|LC_MEASUREMENT|LC_MONETARY|LC_NAME|LC_NUMERIC|LC_PAPER|LC_TELEPHONE|LC_TIME|LESSCLOSE|LESSOPEN|LINES|LOGNAME|LS_COLORS|MACHTYPE|MAILCHECK|MANDATORY_PATH|NO_AT_BRIDGE|OLDPWD|OPTERR|OPTIND|ORBIT_SOCKETDIR|OSTYPE|PAPERSIZE|PATH|PIPESTATUS|PPID|PS1|PS2|PS3|PS4|PWD|RANDOM|REPLY|SECONDS|SELINUX_INIT|SESSION|SESSIONTYPE|SESSION_MANAGER|SHELL|SHELLOPTS|SHLVL|SSH_AUTH_SOCK|TERM|UID|UPSTART_EVENTS|UPSTART_INSTANCE|UPSTART_JOB|UPSTART_SESSION|USER|WINDOWID|XAUTHORITY|XDG_CONFIG_DIRS|XDG_CURRENT_DESKTOP|XDG_DATA_DIRS|XDG_GREETER_DATA_DIR|XDG_MENU_PREFIX|XDG_RUNTIME_DIR|XDG_SEAT|XDG_SEAT_PATH|XDG_SESSION_DESKTOP|XDG_SESSION_ID|XDG_SESSION_PATH|XDG_SESSION_TYPE|XDG_VTNR|XMODIFIERS)\\b",n={pattern:/(^(["']?)\w+\2)[ \t]+\S.*/,lookbehind:!0,alias:"punctuation",inside:null},a={bash:n,environment:{pattern:RegExp("\\$"+t),alias:"constant"},variable:[{pattern:/\$?\(\([\s\S]+?\)\)/,greedy:!0,inside:{variable:[{pattern:/(^\$\(\([\s\S]+)\)\)/,lookbehind:!0},/^\$\(\(/],number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee]-?\d+)?/,operator:/--|\+\+|\*\*=?|<<=?|>>=?|&&|\|\||[=!+\-*/%<>^&|]=?|[?~:]/,punctuation:/\(\(?|\)\)?|,|;/}},{pattern:/\$\((?:\([^)]+\)|[^()])+\)|`[^`]+`/,greedy:!0,inside:{variable:/^\$\(|^`|\)$|`$/}},{pattern:/\$\{[^}]+\}/,greedy:!0,inside:{operator:/:[-=?+]?|[!\/]|##?|%%?|\^\^?|,,?/,punctuation:/[\[\]]/,environment:{pattern:RegExp("(\\{)"+t),lookbehind:!0,alias:"constant"}}},/\$(?:\w+|[#?*!@$])/],entity:/\\(?:[abceEfnrtv\\"]|O?[0-7]{1,3}|x[0-9a-fA-F]{1,2}|u[0-9a-fA-F]{4}|U[0-9a-fA-F]{8})/};e.languages.bash={shebang:{pattern:/^#!\s*\/.*/,alias:"important"},comment:{pattern:/(^|[^"{\\$])#.*/,lookbehind:!0},"function-name":[{pattern:/(\bfunction\s+)[\w-]+(?=(?:\s*\(?:\s*\))?\s*\{)/,lookbehind:!0,alias:"function"},{pattern:/\b[\w-]+(?=\s*\(\s*\)\s*\{)/,alias:"function"}],"for-or-select":{pattern:/(\b(?:for|select)\s+)\w+(?=\s+in\s)/,alias:"variable",lookbehind:!0},"assign-left":{pattern:/(^|[\s;|&]|[<>]\()\w+(?=\+?=)/,inside:{environment:{pattern:RegExp("(^|[\\s;|&]|[<>]\\()"+t),lookbehind:!0,alias:"constant"}},alias:"variable",lookbehind:!0},string:[{pattern:/((?:^|[^<])<<-?\s*)(\w+)\s[\s\S]*?(?:\r?\n|\r)\2/,lookbehind:!0,greedy:!0,inside:a},{pattern:/((?:^|[^<])<<-?\s*)(["'])(\w+)\2\s[\s\S]*?(?:\r?\n|\r)\3/,lookbehind:!0,greedy:!0,inside:{bash:n}},{pattern:/(^|[^\\](?:\\\\)*)"(?:\\[\s\S]|\$\([^)]+\)|\$(?!\()|`[^`]+`|[^"\\`$])*"/,lookbehind:!0,greedy:!0,inside:a},{pattern:/(^|[^$\\])'[^']*'/,lookbehind:!0,greedy:!0},{pattern:/\$'(?:[^'\\]|\\[\s\S])*'/,greedy:!0,inside:{entity:a.entity}}],environment:{pattern:RegExp("\\$?"+t),alias:"constant"},variable:a.variable,function:{pattern:/(^|[\s;|&]|[<>]\()(?:add|apropos|apt|aptitude|apt-cache|apt-get|aspell|automysqlbackup|awk|basename|bash|bc|bconsole|bg|bzip2|cal|cat|cfdisk|chgrp|chkconfig|chmod|chown|chroot|cksum|clear|cmp|column|comm|composer|cp|cron|crontab|csplit|curl|cut|date|dc|dd|ddrescue|debootstrap|df|diff|diff3|dig|dir|dircolors|dirname|dirs|dmesg|du|egrep|eject|env|ethtool|expand|expect|expr|fdformat|fdisk|fg|fgrep|file|find|fmt|fold|format|free|fsck|ftp|fuser|gawk|git|gparted|grep|groupadd|groupdel|groupmod|groups|grub-mkconfig|gzip|halt|head|hg|history|host|hostname|htop|iconv|id|ifconfig|ifdown|ifup|import|install|ip|jobs|join|kill|killall|less|link|ln|locate|logname|logrotate|look|lpc|lpr|lprint|lprintd|lprintq|lprm|ls|lsof|lynx|make|man|mc|mdadm|mkconfig|mkdir|mke2fs|mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh|shellcheck|shuf|shutdown|sleep|slocate|sort|split|ssh|stat|strace|su|sudo|sum|suspend|swapon|sync|tac|tail|tar|tee|time|timeout|top|touch|tr|traceroute|tsort|tty|umount|uname|unexpand|uniq|units|unrar|unshar|unzip|update-grub|uptime|useradd|userdel|usermod|users|uudecode|uuencode|v|vdir|vi|vim|virsh|vmstat|wait|watch|wc|wget|whereis|which|who|whoami|write|xargs|xdg-open|yarn|yes|zenity|zip|zsh|zypper)(?=$|[)\s;|&])/,lookbehind:!0},keyword:{pattern:/(^|[\s;|&]|[<>]\()(?:if|then|else|elif|fi|for|while|in|case|esac|function|select|do|done|until)(?=$|[)\s;|&])/,lookbehind:!0},builtin:{pattern:/(^|[\s;|&]|[<>]\()(?:\.|:|break|cd|continue|eval|exec|exit|export|getopts|hash|pwd|readonly|return|shift|test|times|trap|umask|unset|alias|bind|builtin|caller|command|declare|echo|enable|help|let|local|logout|mapfile|printf|read|readarray|source|type|typeset|ulimit|unalias|set|shopt)(?=$|[)\s;|&])/,lookbehind:!0,alias:"class-name"},boolean:{pattern:/(^|[\s;|&]|[<>]\()(?:true|false)(?=$|[)\s;|&])/,lookbehind:!0},"file-descriptor":{pattern:/\B&\d\b/,alias:"important"},operator:{pattern:/\d?<>|>\||\+=|=[=~]?|!=?|<<[<-]?|[&\d]?>>|\d[<>]&?|[<>][&=]?|&[>&]?|\|[&|]?/,inside:{"file-descriptor":{pattern:/^\d/,alias:"important"}}},punctuation:/\$?\(\(?|\)\)?|\.\.|[{}[\];\\]/,number:{pattern:/(^|\s)(?:[1-9]\d*|0)(?:[.,]\d+)?\b/,lookbehind:!0}},n.inside=e.languages.bash;for(var s=["comment","function-name","for-or-select","assign-left","string","environment","function","keyword","builtin","boolean","file-descriptor","operator","punctuation","number"],i=a.variable[1].inside,o=0;ohttp://kubeconform.mandragor.org/docs/installation/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/docs/usage/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/docs/crd-support/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/docs/usage-as-github-action/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/docs/using-as-a-go-module/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/tags/about/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/about/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/docs/json-schema-conversion/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/docs/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/tags/installation/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/tags/kubeconform/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/tags/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/tags/usage/2021-07-02T00:00:00+00:00http://kubeconform.mandragor.org/categories/ \ No newline at end of file diff --git a/tags/about/index.xml b/tags/about/index.xml new file mode 100644 index 0000000..5fc16e3 --- /dev/null +++ b/tags/about/index.xml @@ -0,0 +1,3 @@ +About on Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/tags/about/Recent content in About on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-usFri, 02 Jul 2021 00:00:00 +0000Abouthttp://kubeconform.mandragor.org/about/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/about/Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration! +It is inspired by, contains code from and is designed to stay close to Kubeval, but with the following improvements: +high performance: will validate &amp; download manifests over multiple routines, caching downloaded files in memory configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes. \ No newline at end of file diff --git a/tags/cloudfront/index.xml b/tags/cloudfront/index.xml new file mode 100644 index 0000000..ca3e886 --- /dev/null +++ b/tags/cloudfront/index.xml @@ -0,0 +1,20 @@ + + + + Cloudfront on Kubeconform - Fast Kubernetes manifests validation! + http://localhost/tags/cloudfront/ + Recent content in Cloudfront on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture + http://localhost/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://localhost/installation/ + Installation + + + + diff --git a/tags/index.xml b/tags/index.xml new file mode 100644 index 0000000..f70054a --- /dev/null +++ b/tags/index.xml @@ -0,0 +1 @@ +Tags on Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/tags/Recent content in Tags on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-usFri, 02 Jul 2021 00:00:00 +0000Abouthttp://kubeconform.mandragor.org/tags/about/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/tags/about/Installationhttp://kubeconform.mandragor.org/tags/installation/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/tags/installation/Kubeconformhttp://kubeconform.mandragor.org/tags/kubeconform/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/tags/kubeconform/Usagehttp://kubeconform.mandragor.org/tags/usage/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/tags/usage/ \ No newline at end of file diff --git a/tags/installation/index.xml b/tags/installation/index.xml new file mode 100644 index 0000000..41e7d6c --- /dev/null +++ b/tags/installation/index.xml @@ -0,0 +1,5 @@ +Installation on Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/tags/installation/Recent content in Installation on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-usFri, 02 Jul 2021 00:00:00 +0000Installationhttp://kubeconform.mandragor.org/docs/installation/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/installation/Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page. \ No newline at end of file diff --git a/tags/kubeconform/index.xml b/tags/kubeconform/index.xml new file mode 100644 index 0000000..4b066f6 --- /dev/null +++ b/tags/kubeconform/index.xml @@ -0,0 +1,12 @@ +Kubeconform on Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/tags/kubeconform/Recent content in Kubeconform on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-usFri, 02 Jul 2021 00:00:00 +0000Installationhttp://kubeconform.mandragor.org/docs/installation/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/installation/Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page.Usagehttp://kubeconform.mandragor.org/docs/usage/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage/$ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate.Custom Resources supporthttp://kubeconform.mandragor.org/docs/crd-support/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/crd-support/When the -schema-location parameter is not used, or set to &ldquo;default&rdquo;, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. +If the -schema-location value does not end with &lsquo;.json&rsquo;, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema.Github Actionhttp://kubeconform.mandragor.org/docs/usage-as-github-action/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage-as-github-action/Kubeconform is publishes Docker Images to Github&rsquo;s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta.Kubeconform as a Go modulehttp://kubeconform.mandragor.org/docs/using-as-a-go-module/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/using-as-a-go-module/Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.devAbouthttp://kubeconform.mandragor.org/about/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/about/Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration! +It is inspired by, contains code from and is designed to stay close to Kubeval, but with the following improvements: +high performance: will validate &amp; download manifests over multiple routines, caching downloaded files in memory configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes.Conversion of CRD to JSON Schemahttp://kubeconform.mandragor.org/docs/json-schema-conversion/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/json-schema-conversion/Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). \ No newline at end of file diff --git a/tags/lambdaedge/index.xml b/tags/lambdaedge/index.xml new file mode 100644 index 0000000..50869f4 --- /dev/null +++ b/tags/lambdaedge/index.xml @@ -0,0 +1,20 @@ + + + + Lambda@edge on Kubeconform - Fast Kubernetes manifests validation! + http://localhost/tags/lambdaedge/ + Recent content in Lambda@edge on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture + http://localhost/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://localhost/installation/ + Installation + + + + diff --git a/tags/usage/index.xml b/tags/usage/index.xml new file mode 100644 index 0000000..1de5b8d --- /dev/null +++ b/tags/usage/index.xml @@ -0,0 +1,6 @@ +Usage on Kubeconform - Fast Kubernetes manifests validation!http://kubeconform.mandragor.org/tags/usage/Recent content in Usage on Kubeconform - Fast Kubernetes manifests validation!Hugo -- gohugo.ioen-usFri, 02 Jul 2021 00:00:00 +0000Usagehttp://kubeconform.mandragor.org/docs/usage/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage/$ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate.Custom Resources supporthttp://kubeconform.mandragor.org/docs/crd-support/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/crd-support/When the -schema-location parameter is not used, or set to &ldquo;default&rdquo;, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. +If the -schema-location value does not end with &lsquo;.json&rsquo;, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema.Github Actionhttp://kubeconform.mandragor.org/docs/usage-as-github-action/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/usage-as-github-action/Kubeconform is publishes Docker Images to Github&rsquo;s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta.Kubeconform as a Go modulehttp://kubeconform.mandragor.org/docs/using-as-a-go-module/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/using-as-a-go-module/Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.devConversion of CRD to JSON Schemahttp://kubeconform.mandragor.org/docs/json-schema-conversion/Fri, 02 Jul 2021 00:00:00 +0000http://kubeconform.mandragor.org/docs/json-schema-conversion/Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). \ No newline at end of file