From 3a3d05b27cae7c216703d47f0783910fee02dd7f Mon Sep 17 00:00:00 2001 From: Yann Hamon Date: Sun, 19 Dec 2021 17:06:46 +0100 Subject: [PATCH] Publish site --- .github/workflows/site.yml | 27 +++ site/archetypes/default.md | 6 + site/config.toml | 6 + site/content/about.md | 19 ++ site/content/docs/crd-support.md | 45 ++++ site/content/docs/installation.md | 32 +++ site/content/docs/json-schema-conversion.md | 24 +++ site/content/docs/usage-as-github-action.md | 31 +++ site/content/docs/usage.md | 86 ++++++++ site/content/docs/using-as-a-go-module.md | 14 ++ site/public/about/index.html | 57 +++++ site/public/categories/index.xml | 10 + site/public/css/prism.css | 122 +++++++++++ site/public/css/style.css | 204 ++++++++++++++++++ site/public/docs/crd-support/index.html | 104 +++++++++ site/public/docs/index.xml | 74 +++++++ site/public/docs/installation/index.html | 78 +++++++ .../docs/json-schema-conversion/index.html | 78 +++++++ .../docs/usage-as-github-action/index.html | 89 ++++++++ site/public/docs/usage/index.html | 145 +++++++++++++ .../docs/using-as-a-go-module/index.html | 71 ++++++ site/public/index.html | 58 +++++ site/public/index.xml | 85 ++++++++ site/public/installation/index.html | 31 +++ site/public/js/prism.js | 4 + site/public/sitemap.xml | 49 +++++ site/public/tags/about/index.xml | 22 ++ site/public/tags/cloudfront/index.xml | 20 ++ site/public/tags/index.xml | 47 ++++ site/public/tags/installation/index.xml | 24 +++ site/public/tags/kubeconform/index.xml | 85 ++++++++ site/public/tags/lambdaedge/index.xml | 20 ++ site/public/tags/usage/index.xml | 61 ++++++ site/themes/kubeconform/LICENSE | 20 ++ site/themes/kubeconform/archetypes/default.md | 3 + site/themes/kubeconform/layouts/404.html | 0 .../kubeconform/layouts/_default/baseof.html | 19 ++ .../kubeconform/layouts/_default/list.html | 0 .../kubeconform/layouts/_default/single.html | 27 +++ site/themes/kubeconform/layouts/index.html | 32 +++ .../kubeconform/layouts/partials/footer.html | 3 + .../kubeconform/layouts/partials/head.html | 9 + .../kubeconform/layouts/partials/header.html | 9 + .../kubeconform/layouts/partials/menu.html | 5 + .../kubeconform/layouts/shortcodes/prism.html | 2 + .../layouts/shortcodes/rawhtml.html | 2 + site/themes/kubeconform/static/css/prism.css | 122 +++++++++++ site/themes/kubeconform/static/css/style.css | 204 ++++++++++++++++++ site/themes/kubeconform/static/js/prism.js | 4 + site/themes/kubeconform/theme.toml | 21 ++ 50 files changed, 2310 insertions(+) create mode 100644 .github/workflows/site.yml create mode 100644 site/archetypes/default.md create mode 100644 site/config.toml create mode 100644 site/content/about.md create mode 100644 site/content/docs/crd-support.md create mode 100644 site/content/docs/installation.md create mode 100644 site/content/docs/json-schema-conversion.md create mode 100644 site/content/docs/usage-as-github-action.md create mode 100644 site/content/docs/usage.md create mode 100644 site/content/docs/using-as-a-go-module.md create mode 100644 site/public/about/index.html create mode 100644 site/public/categories/index.xml create mode 100644 site/public/css/prism.css create mode 100644 site/public/css/style.css create mode 100644 site/public/docs/crd-support/index.html create mode 100644 site/public/docs/index.xml create mode 100644 site/public/docs/installation/index.html create mode 100644 site/public/docs/json-schema-conversion/index.html create mode 100644 site/public/docs/usage-as-github-action/index.html create mode 100644 site/public/docs/usage/index.html create mode 100644 site/public/docs/using-as-a-go-module/index.html create mode 100644 site/public/index.html create mode 100644 site/public/index.xml create mode 100644 site/public/installation/index.html create mode 100644 site/public/js/prism.js create mode 100644 site/public/sitemap.xml create mode 100644 site/public/tags/about/index.xml create mode 100644 site/public/tags/cloudfront/index.xml create mode 100644 site/public/tags/index.xml create mode 100644 site/public/tags/installation/index.xml create mode 100644 site/public/tags/kubeconform/index.xml create mode 100644 site/public/tags/lambdaedge/index.xml create mode 100644 site/public/tags/usage/index.xml create mode 100644 site/themes/kubeconform/LICENSE create mode 100644 site/themes/kubeconform/archetypes/default.md create mode 100644 site/themes/kubeconform/layouts/404.html create mode 100644 site/themes/kubeconform/layouts/_default/baseof.html create mode 100644 site/themes/kubeconform/layouts/_default/list.html create mode 100644 site/themes/kubeconform/layouts/_default/single.html create mode 100644 site/themes/kubeconform/layouts/index.html create mode 100644 site/themes/kubeconform/layouts/partials/footer.html create mode 100644 site/themes/kubeconform/layouts/partials/head.html create mode 100644 site/themes/kubeconform/layouts/partials/header.html create mode 100644 site/themes/kubeconform/layouts/partials/menu.html create mode 100644 site/themes/kubeconform/layouts/shortcodes/prism.html create mode 100644 site/themes/kubeconform/layouts/shortcodes/rawhtml.html create mode 100644 site/themes/kubeconform/static/css/prism.css create mode 100644 site/themes/kubeconform/static/css/style.css create mode 100644 site/themes/kubeconform/static/js/prism.js create mode 100644 site/themes/kubeconform/theme.toml diff --git a/.github/workflows/site.yml b/.github/workflows/site.yml new file mode 100644 index 0000000..3187121 --- /dev/null +++ b/.github/workflows/site.yml @@ -0,0 +1,27 @@ +on: + workflow_dispatch: + push: + branches: + - master + +jobs: + deploy: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + + - name: Setup Hugo + uses: peaceiris/actions-hugo@v2 + with: + hugo-version: '0.83.1' + + - name: Build + run: hugo --minify + working-directory: site + + - name: Deploy + uses: peaceiris/actions-gh-pages@v3 + if: github.ref == 'refs/heads/master' + with: + publish_dir: ./site/public + github_token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/site/archetypes/default.md b/site/archetypes/default.md new file mode 100644 index 0000000..00e77bd --- /dev/null +++ b/site/archetypes/default.md @@ -0,0 +1,6 @@ +--- +title: "{{ replace .Name "-" " " | title }}" +date: {{ .Date }} +draft: true +--- + diff --git a/site/config.toml b/site/config.toml new file mode 100644 index 0000000..dc2bdd4 --- /dev/null +++ b/site/config.toml @@ -0,0 +1,6 @@ +baseURL = 'http://kubeconform.mandragor.org/' +languageCode = 'en-us' +title = 'Kubeconform - Fast Kubernetes manifests validation!' +theme = 'kubeconform' +contentDir = "content" +staticDir = ["static"] \ No newline at end of file diff --git a/site/content/about.md b/site/content/about.md new file mode 100644 index 0000000..bdd06b6 --- /dev/null +++ b/site/content/about.md @@ -0,0 +1,19 @@ +--- +title: "About" +date: 2021-07-02T00:00:00Z +draft: false +tags: ["Kubeconform", "About"] +--- + +Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes +configuration! + +It is inspired by, contains code from and is designed to stay close to +[Kubeval](https://github.com/instrumenta/kubeval), but with the following improvements: +* **high performance**: will validate & download manifests over multiple routines, caching + downloaded files in memory +* configurable list of **remote, or local schemas locations**, enabling validating Kubernetes + custom resources (CRDs) and offline validation capabilities +* uses by default a [self-updating fork](https://github.com/yannh/kubernetes-json-schema) of the schemas registry maintained + by the [kubernetes-json-schema](https://github.com/instrumenta/kubernetes-json-schema) project - which guarantees + up-to-date **schemas for all recent versions of Kubernetes**. \ No newline at end of file diff --git a/site/content/docs/crd-support.md b/site/content/docs/crd-support.md new file mode 100644 index 0000000..85074e7 --- /dev/null +++ b/site/content/docs/crd-support.md @@ -0,0 +1,45 @@ +--- +title: "Custom Resources support" +date: 2021-07-02T00:00:00Z +draft: false +tags: ["Kubeconform", "Usage"] +weight: 3 +--- + +When the `-schema-location` parameter is not used, or set to "default", kubeconform will default to downloading +schemas from `https://github.com/yannh/kubernetes-json-schema`. Kubeconform however supports passing one, or multiple, +schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions +in each of them, in order, stopping as soon as a matching file is found. + +* If the -schema-location value does not end with '.json', Kubeconform will assume filenames / a file + structure identical to that of kubernetesjsonschema.dev or github.com/yannh/kubernetes-json-schema. +* if the -schema-location value ends with '.json' - Kubeconform assumes the value is a Go templated + string that indicates how to search for JSON schemas. +* the -schema-location value of "default" is an alias for https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json. + Both following command lines are equivalent: + +{{< prism >}}$ ./bin/kubeconform fixtures/valid.yaml +$ ./bin/kubeconform -schema-location default fixtures/valid.yaml +$ ./bin/kubeconform -schema-location 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/valid.yaml +{{< /prism >}} + +To support validating CRDs, we need to convert OpenAPI files to JSON schema, storing the JSON schemas +in a local folder - for example schemas. Then we specify this folder as an additional registry to lookup: + +{{< prism >}}# If the resource Kind is not found in kubernetesjsonschema.dev, also lookup in the schemas/ folder for a matching file +$ ./bin/kubeconform -schema-location default -schema-location 'schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/custom-resource.yaml +{{< /prism >}} + +You can validate Openshift manifests using a custom schema location. Set the OpenShift version to validate +against using -kubernetes-version. + +{{< prism >}}$ ./bin/kubeconform -kubernetes-version 3.8.0 -schema-location 'https://raw.githubusercontent.com/garethr/openshift-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}.json' -summary fixtures/valid.yaml +Summary: 1 resource found in 1 file - Valid: 1, Invalid: 0, Errors: 0 Skipped: 0 +{{< /prism >}} + +Here are the variables you can use in -schema-location: +* *NormalizedKubernetesVersion* - Kubernetes Version, prefixed by v +* *StrictSuffix* - "-strict" or "" depending on whether validation is running in strict mode or not +* *ResourceKind* - Kind of the Kubernetes Resource +* *ResourceAPIVersion* - Version of API used for the resource - "v1" in "apiVersion: monitoring.coreos.com/v1" +* *KindSuffix* - suffix computed from apiVersion - for compatibility with Kubeval schema registries diff --git a/site/content/docs/installation.md b/site/content/docs/installation.md new file mode 100644 index 0000000..b34382d --- /dev/null +++ b/site/content/docs/installation.md @@ -0,0 +1,32 @@ +--- +title: "Installation" +date: 2021-07-02T00:00:00Z +draft: false +tags: ["Kubeconform", "Installation"] +weight: 1 +--- + +## Linux + +Download the latest release from our [release page](https://github.com/yannh/kubeconform/releases). + +For example, for Linux on x86_64 architecture: + +{{< prism >}}curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ +sudo mv kubeconform /usr/local/bin/ +{{< /prism >}} + + +## MacOs + +Kubeconform is available to install using [Homebrew](https://brew.sh/): +{{< prism >}}$ brew install kubeconform +{{< /prism >}} + +## Windows + +Download the latest release from our [release page](https://github.com/yannh/kubeconform/releases). + + + +You can also download the latest version from the [release page](https://github.com/yannh/kubeconform/releases). \ No newline at end of file diff --git a/site/content/docs/json-schema-conversion.md b/site/content/docs/json-schema-conversion.md new file mode 100644 index 0000000..53884d9 --- /dev/null +++ b/site/content/docs/json-schema-conversion.md @@ -0,0 +1,24 @@ +--- +title: "Conversion of CRD to JSON Schema" +date: 2021-07-02T00:00:00Z +draft: false +tags: ["Kubeconform", "Usage"] +--- + +Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition +first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions +to JSON schema. Here is an example how to use it: + +{{< prism >}}#!/bin/bash +$ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml +JSON schema written to trainingjob_v1.json +{{< /prism >}} + +The `FILENAME_FORMAT` environment variable can be used to change the output file name (Available variables: `kind`, `group`, `version`) (Default: `{kind}_{version}`). + +{{< prism >}}$ export FILENAME_FORMAT='{kind}-{group}-{version}' +$ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml +JSON schema written to trainingjob-sagemaker-v1.json +{{< /prism >}} + +Some CRD schemas do not have explicit validation for fields implicitly validated by the Kubernetes API like `apiVersion`, `kind`, and `metadata`, thus additional properties are allowed at the root of the JSON schema by default, if this is not desired the `DENY_ROOT_ADDITIONAL_PROPERTIES` environment variable can be set to any non-empty value. \ No newline at end of file diff --git a/site/content/docs/usage-as-github-action.md b/site/content/docs/usage-as-github-action.md new file mode 100644 index 0000000..7f341dc --- /dev/null +++ b/site/content/docs/usage-as-github-action.md @@ -0,0 +1,31 @@ +--- +title: "Github Action" +date: 2021-07-02T00:00:00Z +draft: false +tags: ["Kubeconform", "Usage"] +weight: 4 +--- + +Kubeconform is publishes Docker Images to Github's new Container Registry, ghcr.io. These images +can be used directly in a Github Action, once logged in using a [_Github Token_](https://github.blog/changelog/2021-03-24-packages-container-registry-now-supports-github_token/). + +{{< prism >}}name: kubeconform +on: push +jobs: + kubeconform: + runs-on: ubuntu-latest + steps: + - name: login to Github Packages + run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin + - uses: actions/checkout@v2 + - uses: docker://ghcr.io/yannh/kubeconform:master + with: + entrypoint: '/kubeconform' + args: "-summary -output json kubeconfigs/" +{{< /prism >}} + +_Note on pricing_: Kubeconform relies on Github Container Registry which is currently in Beta. During that period, +[bandwidth is free](https://docs.github.com/en/packages/guides/about-github-container-registry). After that period, +bandwidth costs might be applicable. Since bandwidth from Github Packages within Github Actions is free, I expect +Github Container Registry to also be usable for free within Github Actions in the future. If that were not to be the +case, I might publish the Docker image to a different platform. \ No newline at end of file diff --git a/site/content/docs/usage.md b/site/content/docs/usage.md new file mode 100644 index 0000000..122dab5 --- /dev/null +++ b/site/content/docs/usage.md @@ -0,0 +1,86 @@ +--- +title: "Usage" +date: 2021-07-02T00:00:00Z +draft: false +tags: ["Kubeconform", "Usage"] +weight: 2 +--- + +{{< prism >}}$ ./bin/kubeconform -h +Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... + -cache string + cache schemas downloaded via HTTP to this folder + -cpu-prof string + debug - log CPU profiling to file + -exit-on-error + immediately stop execution when the first error is encountered + -h show help information + -ignore-filename-pattern value + regular expression specifying paths to ignore (can be specified multiple times) + -ignore-missing-schemas + skip files with missing schemas instead of failing + -insecure-skip-tls-verify + disable verification of the server's SSL certificate. This will make your HTTPS connections insecure + -kubernetes-version string + version of Kubernetes to validate against, e.g.: 1.18.0 (default "master") + -n int + number of goroutines to run concurrently (default 4) + -output string + output format - json, junit, tap, text (default "text") + -reject string + comma-separated list of kinds to reject + -schema-location value + override schemas location search path (can be specified multiple times) + -skip string + comma-separated list of kinds to ignore + -strict + disallow additional properties not in schema + -summary + print a summary at the end (ignored for junit output) + -v show version information + -verbose + print results for all resources (ignored for tap and junit output) +{{< /prism >}} + +### Validating a single, valid file + +{{< prism >}}$ ./bin/kubeconform fixtures/valid.yaml +$ echo $? +0 +{{< /prism >}} + +### Validating a single invalid file, setting output to json, and printing a summary +{{< prism >}}$ ./bin/kubeconform -summary -output json fixtures/invalid.yaml +{ + "resources": [ + { + "filename": "fixtures/invalid.yaml", + "kind": "ReplicationController", + "version": "v1", + "status": "INVALID", + "msg": "Additional property templates is not allowed - Invalid type. Expected: [integer,null], given: string" + } + ], + "summary": { + "valid": 0, + "invalid": 1, + "errors": 0, + "skipped": 0 + } +} +$ echo $? +1 +{{< /prism >}} + +### Passing manifests via Stdin +{{< prism >}}cat fixtures/valid.yaml | ./bin/kubeconform -summary +Summary: 1 resource found parsing stdin - Valid: 1, Invalid: 0, Errors: 0 Skipped: 0 +{{< /prism >}} + +### Validating a folder, increasing the number of parallel workers +{{< prism >}}$ ./bin/kubeconform -summary -n 16 fixtures +fixtures/crd_schema.yaml - CustomResourceDefinition trainingjobs.sagemaker.aws.amazon.com failed validation: could not find schema for CustomResourceDefinition +fixtures/invalid.yaml - ReplicationController bob is invalid: Invalid type. Expected: [integer,null], given: string +[...] +Summary: 65 resources found in 34 files - Valid: 55, Invalid: 2, Errors: 8 Skipped: 0 +{{< /prism >}} \ No newline at end of file diff --git a/site/content/docs/using-as-a-go-module.md b/site/content/docs/using-as-a-go-module.md new file mode 100644 index 0000000..1bf7f47 --- /dev/null +++ b/site/content/docs/using-as-a-go-module.md @@ -0,0 +1,14 @@ +--- +title: "Kubeconform as a Go module" +date: 2021-07-02T00:00:00Z +draft: false +tags: ["Kubeconform", "Usage"] +weight: 5 +--- + +**Warning**: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. + +Kubeconform contains a package that can be used as a library. +An example of usage can be found in [examples/main.go](https://github.com/yannh/kubeconform/tree/master/examples/main.go) + +Additional documentation on [pkg.go.dev](https://pkg.go.dev/github.com/yannh/kubeconform/pkg/validator) \ No newline at end of file diff --git a/site/public/about/index.html b/site/public/about/index.html new file mode 100644 index 0000000..5e93164 --- /dev/null +++ b/site/public/about/index.html @@ -0,0 +1,57 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | About + + +
+
+ +
+ + +
+ +
+

About

+

Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes +configuration!

+

It is inspired by, contains code from and is designed to stay close to +Kubeval, but with the following improvements:

+
    +
  • high performance: will validate & download manifests over multiple routines, caching +downloaded files in memory
    • +
  • configurable list of remote, or local schemas locations, enabling validating Kubernetes +custom resources (CRDs) and offline validation capabilities
    • +
  • uses by default a self-updating fork of the schemas registry maintained +by the kubernetes-json-schema project - which guarantees +up-to-date schemas for all recent versions of Kubernetes.
    • +
+ +
+ +
+ + +
+ + + +
+
+
+ + + diff --git a/site/public/categories/index.xml b/site/public/categories/index.xml new file mode 100644 index 0000000..65038ec --- /dev/null +++ b/site/public/categories/index.xml @@ -0,0 +1,10 @@ + + + + Categories on Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/categories/ + Recent content in Categories on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + + diff --git a/site/public/css/prism.css b/site/public/css/prism.css new file mode 100644 index 0000000..627fd64 --- /dev/null +++ b/site/public/css/prism.css @@ -0,0 +1,122 @@ +/** + * okaidia theme for JavaScript, CSS and HTML + * Loosely based on Monokai textmate theme by http://www.monokai.nl/ + * @author ocodia + */ + +code[class*="language-"], +pre[class*="language-"] { + color: #f8f8f2; + background: none; + text-shadow: 0 1px rgba(0, 0, 0, 0.3); + font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace; + text-align: left; + white-space: pre; + word-spacing: normal; + word-break: normal; + word-wrap: normal; + line-height: 1.5; + + -moz-tab-size: 4; + -o-tab-size: 4; + tab-size: 4; + + -webkit-hyphens: none; + -moz-hyphens: none; + -ms-hyphens: none; + hyphens: none; +} + +/* Code blocks */ +pre[class*="language-"] { + padding: 1em; + margin: .5em 0; + overflow: auto; + border-radius: 0.3em; +} + +:not(pre) > code[class*="language-"], +pre[class*="language-"] { + background: #272822; +} + +/* Inline code */ +:not(pre) > code[class*="language-"] { + padding: .1em; + border-radius: .3em; + white-space: normal; +} + +.token.comment, +.token.prolog, +.token.doctype, +.token.cdata { + color: slategray; +} + +.token.punctuation { + color: #f8f8f2; +} + +.namespace { + opacity: .7; +} + +.token.property, +.token.tag, +.token.constant, +.token.symbol, +.token.deleted { + color: #f92672; +} + +.token.boolean, +.token.number { + color: #ae81ff; +} + +.token.selector, +.token.attr-name, +.token.string, +.token.char, +.token.builtin, +.token.inserted { + color: #a6e22e; +} + +.token.operator, +.token.entity, +.token.url, +.language-css .token.string, +.style .token.string, +.token.variable { + color: #f8f8f2; +} + +.token.atrule, +.token.attr-value, +.token.function, +.token.class-name { + color: #e6db74; +} + +.token.keyword { + color: #66d9ef; +} + +.token.regex, +.token.important { + color: #fd971f; +} + +.token.important, +.token.bold { + font-weight: bold; +} +.token.italic { + font-style: italic; +} + +.token.entity { + cursor: help; +} \ No newline at end of file diff --git a/site/public/css/style.css b/site/public/css/style.css new file mode 100644 index 0000000..5ffd3bc --- /dev/null +++ b/site/public/css/style.css @@ -0,0 +1,204 @@ + +/* Colors */ +body { background-color: white; } +a { color: black } +hr { border-color: #ddd; } +#header, #footer { background-color: #002036; color: white } + +@media (prefers-color-scheme: dark) { +} + +/* Font sizes */ +body { font-size: 1.2rem; line-height: 1.7rem; text-size-adjust: 100%; } +h1 { font-size: 2.3rem; line-height: 3.2rem; font-weight: 400 } +h2 { font-size: 1.8rem; line-height: 2.3rem; font-weight: 400 } +h3 { font-size: 1.5rem; line-height: 1.8rem; font-weight: 300 } + +#header h1 { font-size: 3rem; line-height: 3.3rem; font-weight: 500; margin-top: 0.2em; margin-left: 30px } +#header h2 { font-size: 1.3rem; line-height: 1.5rem; font-weight: 300; font-style: italic; margin: 0 0 0.5em 30px} + +/* We default all margins/paddings to 0 */ +* { margin: 0; padding: 0 } +a { text-decoration: none } +#content-text a { text-decoration: underline } +#content-text a:hover { text-decoration: none } +p { + font-weight: 400; + margin-bottom: 16px; +} + +h2 { + font-weight: 500; + margin: 3rem 0 0.8rem 0; +} + +h3 { + font-weight: 500; + margin: 1.5rem 0 1.5rem 0; +} +pre { + margin: 1rem 0 1rem 0 +} + +#main-container { + padding: 0; + font-family: "Roboto", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-feature-settings: "kern", "liga"; + width: 100%; + background-color: white; +} + +hr { + height: 1px; + margin: 3rem 0 3rem 0; + clear: both; +} + +#header, #footer { + width: 100%; + clear: both; +} + +#header { + padding: 0.5em 0 0.5em 0em; +} + +#menu { + background-color: #ddd; + padding: 1em +} + +#content { + display:flex; +} + +#menu { + flex: 15; + min-width: 15%; + padding: 2em +} + +#main { + flex: 85; + min-width: 0; +} + +#main h1 { + padding-bottom: 1em; +} + +pre { + overflow: scroll; + min-width: 0 +} + +#footer { + padding: 0.5em 0; + text-align: center; + color: white; + font-size: smaller; +} + +#footer a { + font-style: italic; + color: white; + text-decoration: underline; +} + +#navigation { + float: right; + padding-right: 2em; +} + +#navigation li { + display: block; + width: 100px; + float: right; + padding-top: 0.2em; + text-align: center; + font-weight: bold; + font-size: smaller; +} + +#navigation li a{ + color: white +} + +#navigation li a:hover{ + text-decoration: underline; +} + +#motto { + text-align: center; + font-style: italic; + font-size: 1.1em; + margin: 2em auto 2em auto; +} + +#demo{ + font-size: smaller; + margin: 2em auto 2em auto; + border-radius: 1em; + display: table; + overflow: scroll; +} + +#kc-pros { + display: flex; + flex-flow: row wrap; + margin: 0 auto; + width: 60%; +} + +#kc-pros > div { + flex-basis: 50%; +} + +#kc-pros h2 { + font-size: 1.2em; + line-height: 1.2em; + padding: 0 5% 0.3em 5%; +} + +#kc-pros p { + font-size: 0.9em; + padding: 0 5% 2em 5%; +} + +#get { + display: table; + border: 1px solid black; + padding: 0.5em 2em; + border-radius: 0.8em; + clear: both; + margin: 3em auto 5em auto; + background-color: #0594cb; + color: white; + text-align: center; +} + +#get:active { + background-color: #002036; +} + +.navig { + display: flex; + flex-flow: row wrap; + margin: 0 auto; +} + +.navig > a { + flex-basis: 50%; + text-align: center; + background-color: #eee; + padding: 0.4em 0; + font-size: smaller +} + +#content-text { + padding: 2em; +} + +#main ul { + margin: 1em 0 2em 3em; +} \ No newline at end of file diff --git a/site/public/docs/crd-support/index.html b/site/public/docs/crd-support/index.html new file mode 100644 index 0000000..89123e7 --- /dev/null +++ b/site/public/docs/crd-support/index.html @@ -0,0 +1,104 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | Custom Resources support + + +
+
+
+ +
+ + + + + + +
+ +
+

Custom Resources support

+

When the -schema-location parameter is not used, or set to “default”, kubeconform will default to downloading +schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, +schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions +in each of them, in order, stopping as soon as a matching file is found.

+
    +
  • If the -schema-location value does not end with ‘.json’, Kubeconform will assume filenames / a file +structure identical to that of kubernetesjsonschema.dev or github.com/yannh/kubernetes-json-schema.
    • +
  • if the -schema-location value ends with ‘.json’ - Kubeconform assumes the value is a Go templated +string that indicates how to search for JSON schemas.
    • +
  • the -schema-location value of “default” is an alias for https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json. +Both following command lines are equivalent:
    • +
+ +
$ ./bin/kubeconform fixtures/valid.yaml
+$ ./bin/kubeconform -schema-location default fixtures/valid.yaml
+$ ./bin/kubeconform -schema-location 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/valid.yaml
+
+

To support validating CRDs, we need to convert OpenAPI files to JSON schema, storing the JSON schemas +in a local folder - for example schemas. Then we specify this folder as an additional registry to lookup:

+ +
# If the resource Kind is not found in kubernetesjsonschema.dev, also lookup in the schemas/ folder for a matching file
+$ ./bin/kubeconform -schema-location default -schema-location 'schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/custom-resource.yaml
+
+

You can validate Openshift manifests using a custom schema location. Set the OpenShift version to validate +against using -kubernetes-version.

+ +
$ ./bin/kubeconform -kubernetes-version 3.8.0  -schema-location 'https://raw.githubusercontent.com/garethr/openshift-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}.json'  -summary fixtures/valid.yaml
+Summary: 1 resource found in 1 file - Valid: 1, Invalid: 0, Errors: 0 Skipped: 0
+
+

Here are the variables you can use in -schema-location:

+
    +
  • NormalizedKubernetesVersion - Kubernetes Version, prefixed by v
    • +
  • StrictSuffix - “-strict” or "" depending on whether validation is running in strict mode or not
    • +
  • ResourceKind - Kind of the Kubernetes Resource
    • +
  • ResourceAPIVersion - Version of API used for the resource - “v1” in “apiVersion: monitoring.coreos.com/v1”
    • +
  • KindSuffix - suffix computed from apiVersion - for compatibility with Kubeval schema registries
    • +
+ +
+ +
+ + + + + + +
+ + + +
+
+
+ + + diff --git a/site/public/docs/index.xml b/site/public/docs/index.xml new file mode 100644 index 0000000..3e920bc --- /dev/null +++ b/site/public/docs/index.xml @@ -0,0 +1,74 @@ + + + + Docs on Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/docs/ + Recent content in Docs on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + Installation + http://kubeconform.mandragor.org/docs/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/installation/ + Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page. + + + + Usage + http://kubeconform.mandragor.org/docs/usage/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage/ + $ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate. + + + + Custom Resources support + http://kubeconform.mandragor.org/docs/crd-support/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/crd-support/ + When the -schema-location parameter is not used, or set to &ldquo;default&rdquo;, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. + If the -schema-location value does not end with &lsquo;.json&rsquo;, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema. + + + + Github Action + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Kubeconform is publishes Docker Images to Github&rsquo;s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta. + + + + Kubeconform as a Go module + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.dev + + + + Conversion of CRD to JSON Schema + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). + + + + diff --git a/site/public/docs/installation/index.html b/site/public/docs/installation/index.html new file mode 100644 index 0000000..748883e --- /dev/null +++ b/site/public/docs/installation/index.html @@ -0,0 +1,78 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | Installation + + +
+
+
+ +
+ + + + +
+ +
+

Installation

+

Linux

+

Download the latest release from our release page.

+

For example, for Linux on x86_64 architecture:

+ +
curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \
+sudo mv kubeconform /usr/local/bin/
+
+

MacOs

+

Kubeconform is available to install using Homebrew: + +

$ brew install kubeconform
+

+

Windows

+

Download the latest release from our release page.

+

You can also download the latest version from the release page.

+ +
+ +
+ + + + +
+ + + +
+
+
+ + + diff --git a/site/public/docs/json-schema-conversion/index.html b/site/public/docs/json-schema-conversion/index.html new file mode 100644 index 0000000..01c261a --- /dev/null +++ b/site/public/docs/json-schema-conversion/index.html @@ -0,0 +1,78 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | Conversion of CRD to JSON Schema + + +
+
+
+ +
+ + + + +
+ +
+

Conversion of CRD to JSON Schema

+

Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition +first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions +to JSON schema. Here is an example how to use it:

+ +
#!/bin/bash
+$ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml
+JSON schema written to trainingjob_v1.json
+
+

The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}).

+ +
$ export FILENAME_FORMAT='{kind}-{group}-{version}'
+$ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml
+JSON schema written to trainingjob-sagemaker-v1.json
+
+

Some CRD schemas do not have explicit validation for fields implicitly validated by the Kubernetes API like apiVersion, kind, and metadata, thus additional properties are allowed at the root of the JSON schema by default, if this is not desired the DENY_ROOT_ADDITIONAL_PROPERTIES environment variable can be set to any non-empty value.

+ +
+ +
+ + + + +
+ + + +
+
+
+ + + diff --git a/site/public/docs/usage-as-github-action/index.html b/site/public/docs/usage-as-github-action/index.html new file mode 100644 index 0000000..437cbd0 --- /dev/null +++ b/site/public/docs/usage-as-github-action/index.html @@ -0,0 +1,89 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | Github Action + + +
+
+
+ +
+ + + + + + +
+ +
+

Github Action

+

Kubeconform is publishes Docker Images to Github’s new Container Registry, ghcr.io. These images +can be used directly in a Github Action, once logged in using a Github Token.

+ +
name: kubeconform
+on: push
+jobs:
+  kubeconform:
+    runs-on: ubuntu-latest
+    steps:
+      - name: login to Github Packages
+        run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
+      - uses: actions/checkout@v2
+      - uses: docker://ghcr.io/yannh/kubeconform:master
+        with:
+          entrypoint: '/kubeconform'
+          args: "-summary -output json kubeconfigs/"
+
+

Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta. During that period, +bandwidth is free. After that period, +bandwidth costs might be applicable. Since bandwidth from Github Packages within Github Actions is free, I expect +Github Container Registry to also be usable for free within Github Actions in the future. If that were not to be the +case, I might publish the Docker image to a different platform.

+ +
+ +
+ + + + + + +
+ + + +
+
+
+ + + diff --git a/site/public/docs/usage/index.html b/site/public/docs/usage/index.html new file mode 100644 index 0000000..b5c411c --- /dev/null +++ b/site/public/docs/usage/index.html @@ -0,0 +1,145 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | Usage + + +
+
+
+ +
+ + + + + + +
+ +
+

Usage

+ +
$ ./bin/kubeconform -h
+Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]...
+  -cache string
+        cache schemas downloaded via HTTP to this folder
+  -cpu-prof string
+        debug - log CPU profiling to file
+  -exit-on-error
+        immediately stop execution when the first error is encountered
+  -h    show help information
+  -ignore-filename-pattern value
+        regular expression specifying paths to ignore (can be specified multiple times)
+  -ignore-missing-schemas
+        skip files with missing schemas instead of failing
+  -insecure-skip-tls-verify
+        disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
+  -kubernetes-version string
+        version of Kubernetes to validate against, e.g.: 1.18.0 (default "master")
+  -n int
+        number of goroutines to run concurrently (default 4)
+  -output string
+        output format - json, junit, tap, text (default "text")
+  -reject string
+        comma-separated list of kinds to reject
+  -schema-location value
+        override schemas location search path (can be specified multiple times)
+  -skip string
+        comma-separated list of kinds to ignore
+  -strict
+        disallow additional properties not in schema
+  -summary
+        print a summary at the end (ignored for junit output)
+  -v	show version information
+  -verbose
+        print results for all resources (ignored for tap and junit output)
+
+

Validating a single, valid file

+ +
$ ./bin/kubeconform fixtures/valid.yaml
+$ echo $?
+0
+
+

Validating a single invalid file, setting output to json, and printing a summary

+ +
$ ./bin/kubeconform -summary -output json fixtures/invalid.yaml
+{
+  "resources": [
+    {
+      "filename": "fixtures/invalid.yaml",
+      "kind": "ReplicationController",
+      "version": "v1",
+      "status": "INVALID",
+      "msg": "Additional property templates is not allowed - Invalid type. Expected: [integer,null], given: string"
+    }
+  ],
+  "summary": {
+    "valid": 0,
+    "invalid": 1,
+    "errors": 0,
+    "skipped": 0
+  }
+}
+$ echo $?
+1
+
+

Passing manifests via Stdin

+ +
cat fixtures/valid.yaml  | ./bin/kubeconform -summary
+Summary: 1 resource found parsing stdin - Valid: 1, Invalid: 0, Errors: 0 Skipped: 0
+
+

Validating a folder, increasing the number of parallel workers

+ +
$ ./bin/kubeconform -summary -n 16 fixtures
+fixtures/crd_schema.yaml - CustomResourceDefinition trainingjobs.sagemaker.aws.amazon.com failed validation: could not find schema for CustomResourceDefinition
+fixtures/invalid.yaml - ReplicationController bob is invalid: Invalid type. Expected: [integer,null], given: string
+[...]
+Summary: 65 resources found in 34 files - Valid: 55, Invalid: 2, Errors: 8 Skipped: 0
+
+ +
+ +
+ + + + + + +
+ + + +
+
+
+ + + diff --git a/site/public/docs/using-as-a-go-module/index.html b/site/public/docs/using-as-a-go-module/index.html new file mode 100644 index 0000000..1763ee2 --- /dev/null +++ b/site/public/docs/using-as-a-go-module/index.html @@ -0,0 +1,71 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | Kubeconform as a Go module + + +
+
+
+ +
+ + + + + + +
+ +
+

Kubeconform as a Go module

+

Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged.

+

Kubeconform contains a package that can be used as a library. +An example of usage can be found in examples/main.go

+

Additional documentation on pkg.go.dev

+ +
+ +
+ + + + + + +
+ + + +
+
+
+ + + diff --git a/site/public/index.html b/site/public/index.html new file mode 100644 index 0000000..6027a53 --- /dev/null +++ b/site/public/index.html @@ -0,0 +1,58 @@ + + + + + + + Kubeconform - Fast Kubernetes manifests validation! + + +
+
+ +

Validate your Kubernetes manifests instead of deploying broken configuration

+ +
$ kubeconform -summary myapp/deployment.yaml
+Summary: 5 resources found in 1 file - Valid: 5, Invalid: 0, Errors: 0, Skipped: 0
+
+ + + Get Started! + + +
+
+

Easy-to-use

+

Single binary, super-easy installation for Windows, Mac & Linux. It takes seconds to get started.

+
+
+

Lightning fast

+

Kubeconform makes heavy use of Golang's concurrency capabilities, and will spread its workload across multiple cores. +

+
+

Support for Kubernetes CRDs

+

Validate ALL your Kubernetes resources with Kubeconform's CRD support

+
+
+

Flexible

+

With support for JSON, Junit, TAP output, and leveraging the easy-to-use Docker image, you can run Kubeconform in any CI system.

+
+
+ + +
+
+
+ + + diff --git a/site/public/index.xml b/site/public/index.xml new file mode 100644 index 0000000..1a54798 --- /dev/null +++ b/site/public/index.xml @@ -0,0 +1,85 @@ + + + + Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/ + Recent content on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + Installation + http://kubeconform.mandragor.org/docs/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/installation/ + Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page. + + + + Usage + http://kubeconform.mandragor.org/docs/usage/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage/ + $ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate. + + + + Custom Resources support + http://kubeconform.mandragor.org/docs/crd-support/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/crd-support/ + When the -schema-location parameter is not used, or set to &ldquo;default&rdquo;, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. + If the -schema-location value does not end with &lsquo;.json&rsquo;, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema. + + + + Github Action + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Kubeconform is publishes Docker Images to Github&rsquo;s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta. + + + + Kubeconform as a Go module + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.dev + + + + About + http://kubeconform.mandragor.org/about/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/about/ + Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration! +It is inspired by, contains code from and is designed to stay close to Kubeval, but with the following improvements: + high performance: will validate &amp; download manifests over multiple routines, caching downloaded files in memory configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes. + + + + Conversion of CRD to JSON Schema + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). + + + + diff --git a/site/public/installation/index.html b/site/public/installation/index.html new file mode 100644 index 0000000..e3affec --- /dev/null +++ b/site/public/installation/index.html @@ -0,0 +1,31 @@ + + + + + + Kubeconform - Fast Kubernetes manifests validation! | The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture + +
+

Kubeconform

+

A FAST Kubernetes manifests validator

+
+
+ +
+ +← Back +

The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture
July 2, 2021

+ +

Installation

+ + + + + +
+ +
+ + diff --git a/site/public/js/prism.js b/site/public/js/prism.js new file mode 100644 index 0000000..2220755 --- /dev/null +++ b/site/public/js/prism.js @@ -0,0 +1,4 @@ +/* PrismJS 1.23.0 +https://prismjs.com/download.html#themes=prism&languages=bash */ +var _self="undefined"!=typeof window?window:"undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?self:{},Prism=function(u){var c=/\blang(?:uage)?-([\w-]+)\b/i,n=0,e={},M={manual:u.Prism&&u.Prism.manual,disableWorkerMessageHandler:u.Prism&&u.Prism.disableWorkerMessageHandler,util:{encode:function e(n){return n instanceof W?new W(n.type,e(n.content),n.alias):Array.isArray(n)?n.map(e):n.replace(/&/g,"&").replace(/=l.reach);y+=m.value.length,m=m.next){var b=m.value;if(t.length>n.length)return;if(!(b instanceof W)){var k,x=1;if(h){if(!(k=z(v,y,n,f)))break;var w=k.index,A=k.index+k[0].length,P=y;for(P+=m.value.length;P<=w;)m=m.next,P+=m.value.length;if(P-=m.value.length,y=P,m.value instanceof W)continue;for(var E=m;E!==t.tail&&(Pl.reach&&(l.reach=N);var j=m.prev;O&&(j=I(t,j,O),y+=O.length),q(t,j,x);var C=new W(o,g?M.tokenize(S,g):S,d,S);if(m=I(t,j,C),L&&I(t,m,L),1l.reach&&(l.reach=_.reach)}}}}}}(e,a,n,a.head,0),function(e){var n=[],t=e.head.next;for(;t!==e.tail;)n.push(t.value),t=t.next;return n}(a)},hooks:{all:{},add:function(e,n){var t=M.hooks.all;t[e]=t[e]||[],t[e].push(n)},run:function(e,n){var t=M.hooks.all[e];if(t&&t.length)for(var r,a=0;r=t[a++];)r(n)}},Token:W};function W(e,n,t,r){this.type=e,this.content=n,this.alias=t,this.length=0|(r||"").length}function z(e,n,t,r){e.lastIndex=n;var a=e.exec(t);if(a&&r&&a[1]){var i=a[1].length;a.index+=i,a[0]=a[0].slice(i)}return a}function i(){var e={value:null,prev:null,next:null},n={value:null,prev:e,next:null};e.next=n,this.head=e,this.tail=n,this.length=0}function I(e,n,t){var r=n.next,a={value:t,prev:n,next:r};return n.next=a,r.prev=a,e.length++,a}function q(e,n,t){for(var r=n.next,a=0;a"+a.content+""},!u.document)return u.addEventListener&&(M.disableWorkerMessageHandler||u.addEventListener("message",function(e){var n=JSON.parse(e.data),t=n.language,r=n.code,a=n.immediateClose;u.postMessage(M.highlight(r,M.languages[t],t)),a&&u.close()},!1)),M;var t=M.util.currentScript();function r(){M.manual||M.highlightAll()}if(t&&(M.filename=t.src,t.hasAttribute("data-manual")&&(M.manual=!0)),!M.manual){var a=document.readyState;"loading"===a||"interactive"===a&&t&&t.defer?document.addEventListener("DOMContentLoaded",r):window.requestAnimationFrame?window.requestAnimationFrame(r):window.setTimeout(r,16)}return M}(_self);"undefined"!=typeof module&&module.exports&&(module.exports=Prism),"undefined"!=typeof global&&(global.Prism=Prism); +!function(e){var t="\\b(?:BASH|BASHOPTS|BASH_ALIASES|BASH_ARGC|BASH_ARGV|BASH_CMDS|BASH_COMPLETION_COMPAT_DIR|BASH_LINENO|BASH_REMATCH|BASH_SOURCE|BASH_VERSINFO|BASH_VERSION|COLORTERM|COLUMNS|COMP_WORDBREAKS|DBUS_SESSION_BUS_ADDRESS|DEFAULTS_PATH|DESKTOP_SESSION|DIRSTACK|DISPLAY|EUID|GDMSESSION|GDM_LANG|GNOME_KEYRING_CONTROL|GNOME_KEYRING_PID|GPG_AGENT_INFO|GROUPS|HISTCONTROL|HISTFILE|HISTFILESIZE|HISTSIZE|HOME|HOSTNAME|HOSTTYPE|IFS|INSTANCE|JOB|LANG|LANGUAGE|LC_ADDRESS|LC_ALL|LC_IDENTIFICATION|LC_MEASUREMENT|LC_MONETARY|LC_NAME|LC_NUMERIC|LC_PAPER|LC_TELEPHONE|LC_TIME|LESSCLOSE|LESSOPEN|LINES|LOGNAME|LS_COLORS|MACHTYPE|MAILCHECK|MANDATORY_PATH|NO_AT_BRIDGE|OLDPWD|OPTERR|OPTIND|ORBIT_SOCKETDIR|OSTYPE|PAPERSIZE|PATH|PIPESTATUS|PPID|PS1|PS2|PS3|PS4|PWD|RANDOM|REPLY|SECONDS|SELINUX_INIT|SESSION|SESSIONTYPE|SESSION_MANAGER|SHELL|SHELLOPTS|SHLVL|SSH_AUTH_SOCK|TERM|UID|UPSTART_EVENTS|UPSTART_INSTANCE|UPSTART_JOB|UPSTART_SESSION|USER|WINDOWID|XAUTHORITY|XDG_CONFIG_DIRS|XDG_CURRENT_DESKTOP|XDG_DATA_DIRS|XDG_GREETER_DATA_DIR|XDG_MENU_PREFIX|XDG_RUNTIME_DIR|XDG_SEAT|XDG_SEAT_PATH|XDG_SESSION_DESKTOP|XDG_SESSION_ID|XDG_SESSION_PATH|XDG_SESSION_TYPE|XDG_VTNR|XMODIFIERS)\\b",n={pattern:/(^(["']?)\w+\2)[ \t]+\S.*/,lookbehind:!0,alias:"punctuation",inside:null},a={bash:n,environment:{pattern:RegExp("\\$"+t),alias:"constant"},variable:[{pattern:/\$?\(\([\s\S]+?\)\)/,greedy:!0,inside:{variable:[{pattern:/(^\$\(\([\s\S]+)\)\)/,lookbehind:!0},/^\$\(\(/],number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee]-?\d+)?/,operator:/--|\+\+|\*\*=?|<<=?|>>=?|&&|\|\||[=!+\-*/%<>^&|]=?|[?~:]/,punctuation:/\(\(?|\)\)?|,|;/}},{pattern:/\$\((?:\([^)]+\)|[^()])+\)|`[^`]+`/,greedy:!0,inside:{variable:/^\$\(|^`|\)$|`$/}},{pattern:/\$\{[^}]+\}/,greedy:!0,inside:{operator:/:[-=?+]?|[!\/]|##?|%%?|\^\^?|,,?/,punctuation:/[\[\]]/,environment:{pattern:RegExp("(\\{)"+t),lookbehind:!0,alias:"constant"}}},/\$(?:\w+|[#?*!@$])/],entity:/\\(?:[abceEfnrtv\\"]|O?[0-7]{1,3}|x[0-9a-fA-F]{1,2}|u[0-9a-fA-F]{4}|U[0-9a-fA-F]{8})/};e.languages.bash={shebang:{pattern:/^#!\s*\/.*/,alias:"important"},comment:{pattern:/(^|[^"{\\$])#.*/,lookbehind:!0},"function-name":[{pattern:/(\bfunction\s+)[\w-]+(?=(?:\s*\(?:\s*\))?\s*\{)/,lookbehind:!0,alias:"function"},{pattern:/\b[\w-]+(?=\s*\(\s*\)\s*\{)/,alias:"function"}],"for-or-select":{pattern:/(\b(?:for|select)\s+)\w+(?=\s+in\s)/,alias:"variable",lookbehind:!0},"assign-left":{pattern:/(^|[\s;|&]|[<>]\()\w+(?=\+?=)/,inside:{environment:{pattern:RegExp("(^|[\\s;|&]|[<>]\\()"+t),lookbehind:!0,alias:"constant"}},alias:"variable",lookbehind:!0},string:[{pattern:/((?:^|[^<])<<-?\s*)(\w+)\s[\s\S]*?(?:\r?\n|\r)\2/,lookbehind:!0,greedy:!0,inside:a},{pattern:/((?:^|[^<])<<-?\s*)(["'])(\w+)\2\s[\s\S]*?(?:\r?\n|\r)\3/,lookbehind:!0,greedy:!0,inside:{bash:n}},{pattern:/(^|[^\\](?:\\\\)*)"(?:\\[\s\S]|\$\([^)]+\)|\$(?!\()|`[^`]+`|[^"\\`$])*"/,lookbehind:!0,greedy:!0,inside:a},{pattern:/(^|[^$\\])'[^']*'/,lookbehind:!0,greedy:!0},{pattern:/\$'(?:[^'\\]|\\[\s\S])*'/,greedy:!0,inside:{entity:a.entity}}],environment:{pattern:RegExp("\\$?"+t),alias:"constant"},variable:a.variable,function:{pattern:/(^|[\s;|&]|[<>]\()(?:add|apropos|apt|aptitude|apt-cache|apt-get|aspell|automysqlbackup|awk|basename|bash|bc|bconsole|bg|bzip2|cal|cat|cfdisk|chgrp|chkconfig|chmod|chown|chroot|cksum|clear|cmp|column|comm|composer|cp|cron|crontab|csplit|curl|cut|date|dc|dd|ddrescue|debootstrap|df|diff|diff3|dig|dir|dircolors|dirname|dirs|dmesg|du|egrep|eject|env|ethtool|expand|expect|expr|fdformat|fdisk|fg|fgrep|file|find|fmt|fold|format|free|fsck|ftp|fuser|gawk|git|gparted|grep|groupadd|groupdel|groupmod|groups|grub-mkconfig|gzip|halt|head|hg|history|host|hostname|htop|iconv|id|ifconfig|ifdown|ifup|import|install|ip|jobs|join|kill|killall|less|link|ln|locate|logname|logrotate|look|lpc|lpr|lprint|lprintd|lprintq|lprm|ls|lsof|lynx|make|man|mc|mdadm|mkconfig|mkdir|mke2fs|mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh|shellcheck|shuf|shutdown|sleep|slocate|sort|split|ssh|stat|strace|su|sudo|sum|suspend|swapon|sync|tac|tail|tar|tee|time|timeout|top|touch|tr|traceroute|tsort|tty|umount|uname|unexpand|uniq|units|unrar|unshar|unzip|update-grub|uptime|useradd|userdel|usermod|users|uudecode|uuencode|v|vdir|vi|vim|virsh|vmstat|wait|watch|wc|wget|whereis|which|who|whoami|write|xargs|xdg-open|yarn|yes|zenity|zip|zsh|zypper)(?=$|[)\s;|&])/,lookbehind:!0},keyword:{pattern:/(^|[\s;|&]|[<>]\()(?:if|then|else|elif|fi|for|while|in|case|esac|function|select|do|done|until)(?=$|[)\s;|&])/,lookbehind:!0},builtin:{pattern:/(^|[\s;|&]|[<>]\()(?:\.|:|break|cd|continue|eval|exec|exit|export|getopts|hash|pwd|readonly|return|shift|test|times|trap|umask|unset|alias|bind|builtin|caller|command|declare|echo|enable|help|let|local|logout|mapfile|printf|read|readarray|source|type|typeset|ulimit|unalias|set|shopt)(?=$|[)\s;|&])/,lookbehind:!0,alias:"class-name"},boolean:{pattern:/(^|[\s;|&]|[<>]\()(?:true|false)(?=$|[)\s;|&])/,lookbehind:!0},"file-descriptor":{pattern:/\B&\d\b/,alias:"important"},operator:{pattern:/\d?<>|>\||\+=|=[=~]?|!=?|<<[<-]?|[&\d]?>>|\d[<>]&?|[<>][&=]?|&[>&]?|\|[&|]?/,inside:{"file-descriptor":{pattern:/^\d/,alias:"important"}}},punctuation:/\$?\(\(?|\)\)?|\.\.|[{}[\];\\]/,number:{pattern:/(^|\s)(?:[1-9]\d*|0)(?:[.,]\d+)?\b/,lookbehind:!0}},n.inside=e.languages.bash;for(var s=["comment","function-name","for-or-select","assign-left","string","environment","function","keyword","builtin","boolean","file-descriptor","operator","punctuation","number"],i=a.variable[1].inside,o=0;o + + + http://kubeconform.mandragor.org/docs/installation/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/docs/usage/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/docs/crd-support/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/tags/about/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/about/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/docs/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/tags/installation/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/tags/kubeconform/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/tags/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/tags/usage/ + 2021-07-02T00:00:00+00:00 + + http://kubeconform.mandragor.org/categories/ + + diff --git a/site/public/tags/about/index.xml b/site/public/tags/about/index.xml new file mode 100644 index 0000000..8c15a60 --- /dev/null +++ b/site/public/tags/about/index.xml @@ -0,0 +1,22 @@ + + + + About on Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/tags/about/ + Recent content in About on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + About + http://kubeconform.mandragor.org/about/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/about/ + Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration! +It is inspired by, contains code from and is designed to stay close to Kubeval, but with the following improvements: + high performance: will validate &amp; download manifests over multiple routines, caching downloaded files in memory configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes. + + + + diff --git a/site/public/tags/cloudfront/index.xml b/site/public/tags/cloudfront/index.xml new file mode 100644 index 0000000..ca3e886 --- /dev/null +++ b/site/public/tags/cloudfront/index.xml @@ -0,0 +1,20 @@ + + + + Cloudfront on Kubeconform - Fast Kubernetes manifests validation! + http://localhost/tags/cloudfront/ + Recent content in Cloudfront on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture + http://localhost/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://localhost/installation/ + Installation + + + + diff --git a/site/public/tags/index.xml b/site/public/tags/index.xml new file mode 100644 index 0000000..b276b36 --- /dev/null +++ b/site/public/tags/index.xml @@ -0,0 +1,47 @@ + + + + Tags on Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/tags/ + Recent content in Tags on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + About + http://kubeconform.mandragor.org/tags/about/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/tags/about/ + + + + + Installation + http://kubeconform.mandragor.org/tags/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/tags/installation/ + + + + + Kubeconform + http://kubeconform.mandragor.org/tags/kubeconform/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/tags/kubeconform/ + + + + + Usage + http://kubeconform.mandragor.org/tags/usage/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/tags/usage/ + + + + + diff --git a/site/public/tags/installation/index.xml b/site/public/tags/installation/index.xml new file mode 100644 index 0000000..68a95d7 --- /dev/null +++ b/site/public/tags/installation/index.xml @@ -0,0 +1,24 @@ + + + + Installation on Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/tags/installation/ + Recent content in Installation on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + Installation + http://kubeconform.mandragor.org/docs/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/installation/ + Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page. + + + + diff --git a/site/public/tags/kubeconform/index.xml b/site/public/tags/kubeconform/index.xml new file mode 100644 index 0000000..1e248cc --- /dev/null +++ b/site/public/tags/kubeconform/index.xml @@ -0,0 +1,85 @@ + + + + Kubeconform on Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/tags/kubeconform/ + Recent content in Kubeconform on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + Installation + http://kubeconform.mandragor.org/docs/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/installation/ + Linux Download the latest release from our release page. +For example, for Linux on x86_64 architecture: +curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xvzf - && \ sudo mv kubeconform /usr/local/bin/ MacOs Kubeconform is available to install using Homebrew: $ brew install kubeconform +Windows Download the latest release from our release page. +You can also download the latest version from the release page. + + + + Usage + http://kubeconform.mandragor.org/docs/usage/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage/ + $ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate. + + + + Custom Resources support + http://kubeconform.mandragor.org/docs/crd-support/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/crd-support/ + When the -schema-location parameter is not used, or set to &ldquo;default&rdquo;, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. + If the -schema-location value does not end with &lsquo;.json&rsquo;, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema. + + + + Github Action + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Kubeconform is publishes Docker Images to Github&rsquo;s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta. + + + + Kubeconform as a Go module + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.dev + + + + About + http://kubeconform.mandragor.org/about/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/about/ + Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration! +It is inspired by, contains code from and is designed to stay close to Kubeval, but with the following improvements: + high performance: will validate &amp; download manifests over multiple routines, caching downloaded files in memory configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes. + + + + Conversion of CRD to JSON Schema + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). + + + + diff --git a/site/public/tags/lambdaedge/index.xml b/site/public/tags/lambdaedge/index.xml new file mode 100644 index 0000000..50869f4 --- /dev/null +++ b/site/public/tags/lambdaedge/index.xml @@ -0,0 +1,20 @@ + + + + Lambda@edge on Kubeconform - Fast Kubernetes manifests validation! + http://localhost/tags/lambdaedge/ + Recent content in Lambda@edge on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + The execution model of AWS Lambda@edge with Cloudfront's two- and three-tiered architecture + http://localhost/installation/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://localhost/installation/ + Installation + + + + diff --git a/site/public/tags/usage/index.xml b/site/public/tags/usage/index.xml new file mode 100644 index 0000000..508a98a --- /dev/null +++ b/site/public/tags/usage/index.xml @@ -0,0 +1,61 @@ + + + + Usage on Kubeconform - Fast Kubernetes manifests validation! + http://kubeconform.mandragor.org/tags/usage/ + Recent content in Usage on Kubeconform - Fast Kubernetes manifests validation! + Hugo -- gohugo.io + en-us + Fri, 02 Jul 2021 00:00:00 +0000 + + Usage + http://kubeconform.mandragor.org/docs/usage/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage/ + $ ./bin/kubeconform -h Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -cache string cache schemas downloaded via HTTP to this folder -cpu-prof string debug - log CPU profiling to file -exit-on-error immediately stop execution when the first error is encountered -h show help information -ignore-filename-pattern value regular expression specifying paths to ignore (can be specified multiple times) -ignore-missing-schemas skip files with missing schemas instead of failing -insecure-skip-tls-verify disable verification of the server's SSL certificate. + + + + Custom Resources support + http://kubeconform.mandragor.org/docs/crd-support/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/crd-support/ + When the -schema-location parameter is not used, or set to &ldquo;default&rdquo;, kubeconform will default to downloading schemas from https://github.com/yannh/kubernetes-json-schema. Kubeconform however supports passing one, or multiple, schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions in each of them, in order, stopping as soon as a matching file is found. + If the -schema-location value does not end with &lsquo;.json&rsquo;, Kubeconform will assume filenames / a file structure identical to that of kubernetesjsonschema. + + + + Github Action + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/usage-as-github-action/ + Kubeconform is publishes Docker Images to Github&rsquo;s new Container Registry, ghcr.io. These images can be used directly in a Github Action, once logged in using a Github Token. +name: kubeconform on: push jobs: kubeconform: runs-on: ubuntu-latest steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@v2 - uses: docker://ghcr.io/yannh/kubeconform:master with: entrypoint: '/kubeconform' args: "-summary -output json kubeconfigs/" Note on pricing: Kubeconform relies on Github Container Registry which is currently in Beta. + + + + Kubeconform as a Go module + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/using-as-a-go-module/ + Warning: This is a work-in-progress, the interface is not yet considered stable. Feedback is encouraged. +Kubeconform contains a package that can be used as a library. An example of usage can be found in examples/main.go +Additional documentation on pkg.go.dev + + + + Conversion of CRD to JSON Schema + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Fri, 02 Jul 2021 00:00:00 +0000 + + http://kubeconform.mandragor.org/docs/json-schema-conversion/ + Kubeconform uses JSON schemas to validate Kubernetes resources. For custom resources, the CustomResourceDefinition first needs to be converted to JSON Schema. A script is provided to convert these CustomResourceDefinitions to JSON schema. Here is an example how to use it: +#!/bin/bash $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-sagemaker-operator-for-k8s/master/config/crd/bases/sagemaker.aws.amazon.com_trainingjobs.yaml JSON schema written to trainingjob_v1.json The FILENAME_FORMAT environment variable can be used to change the output file name (Available variables: kind, group, version) (Default: {kind}_{version}). + + + + diff --git a/site/themes/kubeconform/LICENSE b/site/themes/kubeconform/LICENSE new file mode 100644 index 0000000..6e4314d --- /dev/null +++ b/site/themes/kubeconform/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2021 Yann Hamon + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/site/themes/kubeconform/archetypes/default.md b/site/themes/kubeconform/archetypes/default.md new file mode 100644 index 0000000..3b793e3 --- /dev/null +++ b/site/themes/kubeconform/archetypes/default.md @@ -0,0 +1,3 @@ ++++ + ++++ diff --git a/site/themes/kubeconform/layouts/404.html b/site/themes/kubeconform/layouts/404.html new file mode 100644 index 0000000..e69de29 diff --git a/site/themes/kubeconform/layouts/_default/baseof.html b/site/themes/kubeconform/layouts/_default/baseof.html new file mode 100644 index 0000000..67ad970 --- /dev/null +++ b/site/themes/kubeconform/layouts/_default/baseof.html @@ -0,0 +1,19 @@ + + + {{- partial "head.html" . -}} + +
+ {{- partial "header.html" . -}} +
+ {{- if eq .Section "docs" -}} + {{- partial "menu.html" . -}} + {{- end -}} +
+ {{- block "main" . }}{{- end }} +
+
+ {{- partial "footer.html" . -}} +
+ + + diff --git a/site/themes/kubeconform/layouts/_default/list.html b/site/themes/kubeconform/layouts/_default/list.html new file mode 100644 index 0000000..e69de29 diff --git a/site/themes/kubeconform/layouts/_default/single.html b/site/themes/kubeconform/layouts/_default/single.html new file mode 100644 index 0000000..cd9b31d --- /dev/null +++ b/site/themes/kubeconform/layouts/_default/single.html @@ -0,0 +1,27 @@ +{{ define "main" }} + +
+ {{ with .PrevInSection }} + + {{ end }} + {{ with .NextInSection }} + + {{ end }} +
+ +
+

{{ .Title }}

+{{ .Content }} +
+ +
+ {{ with .PrevInSection }} + + {{ end }} + {{ with .NextInSection }} + + {{ end }} +
+ + +{{ end }} \ No newline at end of file diff --git a/site/themes/kubeconform/layouts/index.html b/site/themes/kubeconform/layouts/index.html new file mode 100644 index 0000000..11abc6b --- /dev/null +++ b/site/themes/kubeconform/layouts/index.html @@ -0,0 +1,32 @@ +{{ define "main" }} + +

Validate your Kubernetes manifests instead of deploying broken configuration

+ +
$ kubeconform -summary myapp/deployment.yaml
+Summary: 5 resources found in 1 file - Valid: 5, Invalid: 0, Errors: 0, Skipped: 0
+
+ + + Get Started! + + +
+
+

Easy-to-use

+

Single binary, super-easy installation for Windows, Mac & Linux. It takes seconds to get started.

+
+
+

Lightning fast

+

Kubeconform makes heavy use of Golang's concurrency capabilities, and will spread its workload across multiple cores. +

+
+

Support for Kubernetes CRDs

+

Validate ALL your Kubernetes resources with Kubeconform's CRD support

+
+
+

Flexible

+

With support for JSON, Junit, TAP output, and leveraging the easy-to-use Docker image, you can run Kubeconform in any CI system.

+
+
+ +{{ end }} diff --git a/site/themes/kubeconform/layouts/partials/footer.html b/site/themes/kubeconform/layouts/partials/footer.html new file mode 100644 index 0000000..3bb8d79 --- /dev/null +++ b/site/themes/kubeconform/layouts/partials/footer.html @@ -0,0 +1,3 @@ + diff --git a/site/themes/kubeconform/layouts/partials/head.html b/site/themes/kubeconform/layouts/partials/head.html new file mode 100644 index 0000000..45326a1 --- /dev/null +++ b/site/themes/kubeconform/layouts/partials/head.html @@ -0,0 +1,9 @@ + + + + + {{- $title := print .Site.Title " | " .Title -}} + {{- if .IsHome }}{{ $title = .Site.Title }}{{ end -}} + + {{ $title }} + diff --git a/site/themes/kubeconform/layouts/partials/header.html b/site/themes/kubeconform/layouts/partials/header.html new file mode 100644 index 0000000..73c15e9 --- /dev/null +++ b/site/themes/kubeconform/layouts/partials/header.html @@ -0,0 +1,9 @@ + diff --git a/site/themes/kubeconform/layouts/partials/menu.html b/site/themes/kubeconform/layouts/partials/menu.html new file mode 100644 index 0000000..8716fea --- /dev/null +++ b/site/themes/kubeconform/layouts/partials/menu.html @@ -0,0 +1,5 @@ + diff --git a/site/themes/kubeconform/layouts/shortcodes/prism.html b/site/themes/kubeconform/layouts/shortcodes/prism.html new file mode 100644 index 0000000..f994872 --- /dev/null +++ b/site/themes/kubeconform/layouts/shortcodes/prism.html @@ -0,0 +1,2 @@ + +
{{.Inner}}
\ No newline at end of file diff --git a/site/themes/kubeconform/layouts/shortcodes/rawhtml.html b/site/themes/kubeconform/layouts/shortcodes/rawhtml.html new file mode 100644 index 0000000..b90bea2 --- /dev/null +++ b/site/themes/kubeconform/layouts/shortcodes/rawhtml.html @@ -0,0 +1,2 @@ + +{{.Inner}} diff --git a/site/themes/kubeconform/static/css/prism.css b/site/themes/kubeconform/static/css/prism.css new file mode 100644 index 0000000..627fd64 --- /dev/null +++ b/site/themes/kubeconform/static/css/prism.css @@ -0,0 +1,122 @@ +/** + * okaidia theme for JavaScript, CSS and HTML + * Loosely based on Monokai textmate theme by http://www.monokai.nl/ + * @author ocodia + */ + +code[class*="language-"], +pre[class*="language-"] { + color: #f8f8f2; + background: none; + text-shadow: 0 1px rgba(0, 0, 0, 0.3); + font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace; + text-align: left; + white-space: pre; + word-spacing: normal; + word-break: normal; + word-wrap: normal; + line-height: 1.5; + + -moz-tab-size: 4; + -o-tab-size: 4; + tab-size: 4; + + -webkit-hyphens: none; + -moz-hyphens: none; + -ms-hyphens: none; + hyphens: none; +} + +/* Code blocks */ +pre[class*="language-"] { + padding: 1em; + margin: .5em 0; + overflow: auto; + border-radius: 0.3em; +} + +:not(pre) > code[class*="language-"], +pre[class*="language-"] { + background: #272822; +} + +/* Inline code */ +:not(pre) > code[class*="language-"] { + padding: .1em; + border-radius: .3em; + white-space: normal; +} + +.token.comment, +.token.prolog, +.token.doctype, +.token.cdata { + color: slategray; +} + +.token.punctuation { + color: #f8f8f2; +} + +.namespace { + opacity: .7; +} + +.token.property, +.token.tag, +.token.constant, +.token.symbol, +.token.deleted { + color: #f92672; +} + +.token.boolean, +.token.number { + color: #ae81ff; +} + +.token.selector, +.token.attr-name, +.token.string, +.token.char, +.token.builtin, +.token.inserted { + color: #a6e22e; +} + +.token.operator, +.token.entity, +.token.url, +.language-css .token.string, +.style .token.string, +.token.variable { + color: #f8f8f2; +} + +.token.atrule, +.token.attr-value, +.token.function, +.token.class-name { + color: #e6db74; +} + +.token.keyword { + color: #66d9ef; +} + +.token.regex, +.token.important { + color: #fd971f; +} + +.token.important, +.token.bold { + font-weight: bold; +} +.token.italic { + font-style: italic; +} + +.token.entity { + cursor: help; +} \ No newline at end of file diff --git a/site/themes/kubeconform/static/css/style.css b/site/themes/kubeconform/static/css/style.css new file mode 100644 index 0000000..5ffd3bc --- /dev/null +++ b/site/themes/kubeconform/static/css/style.css @@ -0,0 +1,204 @@ + +/* Colors */ +body { background-color: white; } +a { color: black } +hr { border-color: #ddd; } +#header, #footer { background-color: #002036; color: white } + +@media (prefers-color-scheme: dark) { +} + +/* Font sizes */ +body { font-size: 1.2rem; line-height: 1.7rem; text-size-adjust: 100%; } +h1 { font-size: 2.3rem; line-height: 3.2rem; font-weight: 400 } +h2 { font-size: 1.8rem; line-height: 2.3rem; font-weight: 400 } +h3 { font-size: 1.5rem; line-height: 1.8rem; font-weight: 300 } + +#header h1 { font-size: 3rem; line-height: 3.3rem; font-weight: 500; margin-top: 0.2em; margin-left: 30px } +#header h2 { font-size: 1.3rem; line-height: 1.5rem; font-weight: 300; font-style: italic; margin: 0 0 0.5em 30px} + +/* We default all margins/paddings to 0 */ +* { margin: 0; padding: 0 } +a { text-decoration: none } +#content-text a { text-decoration: underline } +#content-text a:hover { text-decoration: none } +p { + font-weight: 400; + margin-bottom: 16px; +} + +h2 { + font-weight: 500; + margin: 3rem 0 0.8rem 0; +} + +h3 { + font-weight: 500; + margin: 1.5rem 0 1.5rem 0; +} +pre { + margin: 1rem 0 1rem 0 +} + +#main-container { + padding: 0; + font-family: "Roboto", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-feature-settings: "kern", "liga"; + width: 100%; + background-color: white; +} + +hr { + height: 1px; + margin: 3rem 0 3rem 0; + clear: both; +} + +#header, #footer { + width: 100%; + clear: both; +} + +#header { + padding: 0.5em 0 0.5em 0em; +} + +#menu { + background-color: #ddd; + padding: 1em +} + +#content { + display:flex; +} + +#menu { + flex: 15; + min-width: 15%; + padding: 2em +} + +#main { + flex: 85; + min-width: 0; +} + +#main h1 { + padding-bottom: 1em; +} + +pre { + overflow: scroll; + min-width: 0 +} + +#footer { + padding: 0.5em 0; + text-align: center; + color: white; + font-size: smaller; +} + +#footer a { + font-style: italic; + color: white; + text-decoration: underline; +} + +#navigation { + float: right; + padding-right: 2em; +} + +#navigation li { + display: block; + width: 100px; + float: right; + padding-top: 0.2em; + text-align: center; + font-weight: bold; + font-size: smaller; +} + +#navigation li a{ + color: white +} + +#navigation li a:hover{ + text-decoration: underline; +} + +#motto { + text-align: center; + font-style: italic; + font-size: 1.1em; + margin: 2em auto 2em auto; +} + +#demo{ + font-size: smaller; + margin: 2em auto 2em auto; + border-radius: 1em; + display: table; + overflow: scroll; +} + +#kc-pros { + display: flex; + flex-flow: row wrap; + margin: 0 auto; + width: 60%; +} + +#kc-pros > div { + flex-basis: 50%; +} + +#kc-pros h2 { + font-size: 1.2em; + line-height: 1.2em; + padding: 0 5% 0.3em 5%; +} + +#kc-pros p { + font-size: 0.9em; + padding: 0 5% 2em 5%; +} + +#get { + display: table; + border: 1px solid black; + padding: 0.5em 2em; + border-radius: 0.8em; + clear: both; + margin: 3em auto 5em auto; + background-color: #0594cb; + color: white; + text-align: center; +} + +#get:active { + background-color: #002036; +} + +.navig { + display: flex; + flex-flow: row wrap; + margin: 0 auto; +} + +.navig > a { + flex-basis: 50%; + text-align: center; + background-color: #eee; + padding: 0.4em 0; + font-size: smaller +} + +#content-text { + padding: 2em; +} + +#main ul { + margin: 1em 0 2em 3em; +} \ No newline at end of file diff --git a/site/themes/kubeconform/static/js/prism.js b/site/themes/kubeconform/static/js/prism.js new file mode 100644 index 0000000..2220755 --- /dev/null +++ b/site/themes/kubeconform/static/js/prism.js @@ -0,0 +1,4 @@ +/* PrismJS 1.23.0 +https://prismjs.com/download.html#themes=prism&languages=bash */ +var _self="undefined"!=typeof window?window:"undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?self:{},Prism=function(u){var c=/\blang(?:uage)?-([\w-]+)\b/i,n=0,e={},M={manual:u.Prism&&u.Prism.manual,disableWorkerMessageHandler:u.Prism&&u.Prism.disableWorkerMessageHandler,util:{encode:function e(n){return n instanceof W?new W(n.type,e(n.content),n.alias):Array.isArray(n)?n.map(e):n.replace(/&/g,"&").replace(/=l.reach);y+=m.value.length,m=m.next){var b=m.value;if(t.length>n.length)return;if(!(b instanceof W)){var k,x=1;if(h){if(!(k=z(v,y,n,f)))break;var w=k.index,A=k.index+k[0].length,P=y;for(P+=m.value.length;P<=w;)m=m.next,P+=m.value.length;if(P-=m.value.length,y=P,m.value instanceof W)continue;for(var E=m;E!==t.tail&&(Pl.reach&&(l.reach=N);var j=m.prev;O&&(j=I(t,j,O),y+=O.length),q(t,j,x);var C=new W(o,g?M.tokenize(S,g):S,d,S);if(m=I(t,j,C),L&&I(t,m,L),1l.reach&&(l.reach=_.reach)}}}}}}(e,a,n,a.head,0),function(e){var n=[],t=e.head.next;for(;t!==e.tail;)n.push(t.value),t=t.next;return n}(a)},hooks:{all:{},add:function(e,n){var t=M.hooks.all;t[e]=t[e]||[],t[e].push(n)},run:function(e,n){var t=M.hooks.all[e];if(t&&t.length)for(var r,a=0;r=t[a++];)r(n)}},Token:W};function W(e,n,t,r){this.type=e,this.content=n,this.alias=t,this.length=0|(r||"").length}function z(e,n,t,r){e.lastIndex=n;var a=e.exec(t);if(a&&r&&a[1]){var i=a[1].length;a.index+=i,a[0]=a[0].slice(i)}return a}function i(){var e={value:null,prev:null,next:null},n={value:null,prev:e,next:null};e.next=n,this.head=e,this.tail=n,this.length=0}function I(e,n,t){var r=n.next,a={value:t,prev:n,next:r};return n.next=a,r.prev=a,e.length++,a}function q(e,n,t){for(var r=n.next,a=0;a"+a.content+""},!u.document)return u.addEventListener&&(M.disableWorkerMessageHandler||u.addEventListener("message",function(e){var n=JSON.parse(e.data),t=n.language,r=n.code,a=n.immediateClose;u.postMessage(M.highlight(r,M.languages[t],t)),a&&u.close()},!1)),M;var t=M.util.currentScript();function r(){M.manual||M.highlightAll()}if(t&&(M.filename=t.src,t.hasAttribute("data-manual")&&(M.manual=!0)),!M.manual){var a=document.readyState;"loading"===a||"interactive"===a&&t&&t.defer?document.addEventListener("DOMContentLoaded",r):window.requestAnimationFrame?window.requestAnimationFrame(r):window.setTimeout(r,16)}return M}(_self);"undefined"!=typeof module&&module.exports&&(module.exports=Prism),"undefined"!=typeof global&&(global.Prism=Prism); +!function(e){var t="\\b(?:BASH|BASHOPTS|BASH_ALIASES|BASH_ARGC|BASH_ARGV|BASH_CMDS|BASH_COMPLETION_COMPAT_DIR|BASH_LINENO|BASH_REMATCH|BASH_SOURCE|BASH_VERSINFO|BASH_VERSION|COLORTERM|COLUMNS|COMP_WORDBREAKS|DBUS_SESSION_BUS_ADDRESS|DEFAULTS_PATH|DESKTOP_SESSION|DIRSTACK|DISPLAY|EUID|GDMSESSION|GDM_LANG|GNOME_KEYRING_CONTROL|GNOME_KEYRING_PID|GPG_AGENT_INFO|GROUPS|HISTCONTROL|HISTFILE|HISTFILESIZE|HISTSIZE|HOME|HOSTNAME|HOSTTYPE|IFS|INSTANCE|JOB|LANG|LANGUAGE|LC_ADDRESS|LC_ALL|LC_IDENTIFICATION|LC_MEASUREMENT|LC_MONETARY|LC_NAME|LC_NUMERIC|LC_PAPER|LC_TELEPHONE|LC_TIME|LESSCLOSE|LESSOPEN|LINES|LOGNAME|LS_COLORS|MACHTYPE|MAILCHECK|MANDATORY_PATH|NO_AT_BRIDGE|OLDPWD|OPTERR|OPTIND|ORBIT_SOCKETDIR|OSTYPE|PAPERSIZE|PATH|PIPESTATUS|PPID|PS1|PS2|PS3|PS4|PWD|RANDOM|REPLY|SECONDS|SELINUX_INIT|SESSION|SESSIONTYPE|SESSION_MANAGER|SHELL|SHELLOPTS|SHLVL|SSH_AUTH_SOCK|TERM|UID|UPSTART_EVENTS|UPSTART_INSTANCE|UPSTART_JOB|UPSTART_SESSION|USER|WINDOWID|XAUTHORITY|XDG_CONFIG_DIRS|XDG_CURRENT_DESKTOP|XDG_DATA_DIRS|XDG_GREETER_DATA_DIR|XDG_MENU_PREFIX|XDG_RUNTIME_DIR|XDG_SEAT|XDG_SEAT_PATH|XDG_SESSION_DESKTOP|XDG_SESSION_ID|XDG_SESSION_PATH|XDG_SESSION_TYPE|XDG_VTNR|XMODIFIERS)\\b",n={pattern:/(^(["']?)\w+\2)[ \t]+\S.*/,lookbehind:!0,alias:"punctuation",inside:null},a={bash:n,environment:{pattern:RegExp("\\$"+t),alias:"constant"},variable:[{pattern:/\$?\(\([\s\S]+?\)\)/,greedy:!0,inside:{variable:[{pattern:/(^\$\(\([\s\S]+)\)\)/,lookbehind:!0},/^\$\(\(/],number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee]-?\d+)?/,operator:/--|\+\+|\*\*=?|<<=?|>>=?|&&|\|\||[=!+\-*/%<>^&|]=?|[?~:]/,punctuation:/\(\(?|\)\)?|,|;/}},{pattern:/\$\((?:\([^)]+\)|[^()])+\)|`[^`]+`/,greedy:!0,inside:{variable:/^\$\(|^`|\)$|`$/}},{pattern:/\$\{[^}]+\}/,greedy:!0,inside:{operator:/:[-=?+]?|[!\/]|##?|%%?|\^\^?|,,?/,punctuation:/[\[\]]/,environment:{pattern:RegExp("(\\{)"+t),lookbehind:!0,alias:"constant"}}},/\$(?:\w+|[#?*!@$])/],entity:/\\(?:[abceEfnrtv\\"]|O?[0-7]{1,3}|x[0-9a-fA-F]{1,2}|u[0-9a-fA-F]{4}|U[0-9a-fA-F]{8})/};e.languages.bash={shebang:{pattern:/^#!\s*\/.*/,alias:"important"},comment:{pattern:/(^|[^"{\\$])#.*/,lookbehind:!0},"function-name":[{pattern:/(\bfunction\s+)[\w-]+(?=(?:\s*\(?:\s*\))?\s*\{)/,lookbehind:!0,alias:"function"},{pattern:/\b[\w-]+(?=\s*\(\s*\)\s*\{)/,alias:"function"}],"for-or-select":{pattern:/(\b(?:for|select)\s+)\w+(?=\s+in\s)/,alias:"variable",lookbehind:!0},"assign-left":{pattern:/(^|[\s;|&]|[<>]\()\w+(?=\+?=)/,inside:{environment:{pattern:RegExp("(^|[\\s;|&]|[<>]\\()"+t),lookbehind:!0,alias:"constant"}},alias:"variable",lookbehind:!0},string:[{pattern:/((?:^|[^<])<<-?\s*)(\w+)\s[\s\S]*?(?:\r?\n|\r)\2/,lookbehind:!0,greedy:!0,inside:a},{pattern:/((?:^|[^<])<<-?\s*)(["'])(\w+)\2\s[\s\S]*?(?:\r?\n|\r)\3/,lookbehind:!0,greedy:!0,inside:{bash:n}},{pattern:/(^|[^\\](?:\\\\)*)"(?:\\[\s\S]|\$\([^)]+\)|\$(?!\()|`[^`]+`|[^"\\`$])*"/,lookbehind:!0,greedy:!0,inside:a},{pattern:/(^|[^$\\])'[^']*'/,lookbehind:!0,greedy:!0},{pattern:/\$'(?:[^'\\]|\\[\s\S])*'/,greedy:!0,inside:{entity:a.entity}}],environment:{pattern:RegExp("\\$?"+t),alias:"constant"},variable:a.variable,function:{pattern:/(^|[\s;|&]|[<>]\()(?:add|apropos|apt|aptitude|apt-cache|apt-get|aspell|automysqlbackup|awk|basename|bash|bc|bconsole|bg|bzip2|cal|cat|cfdisk|chgrp|chkconfig|chmod|chown|chroot|cksum|clear|cmp|column|comm|composer|cp|cron|crontab|csplit|curl|cut|date|dc|dd|ddrescue|debootstrap|df|diff|diff3|dig|dir|dircolors|dirname|dirs|dmesg|du|egrep|eject|env|ethtool|expand|expect|expr|fdformat|fdisk|fg|fgrep|file|find|fmt|fold|format|free|fsck|ftp|fuser|gawk|git|gparted|grep|groupadd|groupdel|groupmod|groups|grub-mkconfig|gzip|halt|head|hg|history|host|hostname|htop|iconv|id|ifconfig|ifdown|ifup|import|install|ip|jobs|join|kill|killall|less|link|ln|locate|logname|logrotate|look|lpc|lpr|lprint|lprintd|lprintq|lprm|ls|lsof|lynx|make|man|mc|mdadm|mkconfig|mkdir|mke2fs|mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh|shellcheck|shuf|shutdown|sleep|slocate|sort|split|ssh|stat|strace|su|sudo|sum|suspend|swapon|sync|tac|tail|tar|tee|time|timeout|top|touch|tr|traceroute|tsort|tty|umount|uname|unexpand|uniq|units|unrar|unshar|unzip|update-grub|uptime|useradd|userdel|usermod|users|uudecode|uuencode|v|vdir|vi|vim|virsh|vmstat|wait|watch|wc|wget|whereis|which|who|whoami|write|xargs|xdg-open|yarn|yes|zenity|zip|zsh|zypper)(?=$|[)\s;|&])/,lookbehind:!0},keyword:{pattern:/(^|[\s;|&]|[<>]\()(?:if|then|else|elif|fi|for|while|in|case|esac|function|select|do|done|until)(?=$|[)\s;|&])/,lookbehind:!0},builtin:{pattern:/(^|[\s;|&]|[<>]\()(?:\.|:|break|cd|continue|eval|exec|exit|export|getopts|hash|pwd|readonly|return|shift|test|times|trap|umask|unset|alias|bind|builtin|caller|command|declare|echo|enable|help|let|local|logout|mapfile|printf|read|readarray|source|type|typeset|ulimit|unalias|set|shopt)(?=$|[)\s;|&])/,lookbehind:!0,alias:"class-name"},boolean:{pattern:/(^|[\s;|&]|[<>]\()(?:true|false)(?=$|[)\s;|&])/,lookbehind:!0},"file-descriptor":{pattern:/\B&\d\b/,alias:"important"},operator:{pattern:/\d?<>|>\||\+=|=[=~]?|!=?|<<[<-]?|[&\d]?>>|\d[<>]&?|[<>][&=]?|&[>&]?|\|[&|]?/,inside:{"file-descriptor":{pattern:/^\d/,alias:"important"}}},punctuation:/\$?\(\(?|\)\)?|\.\.|[{}[\];\\]/,number:{pattern:/(^|\s)(?:[1-9]\d*|0)(?:[.,]\d+)?\b/,lookbehind:!0}},n.inside=e.languages.bash;for(var s=["comment","function-name","for-or-select","assign-left","string","environment","function","keyword","builtin","boolean","file-descriptor","operator","punctuation","number"],i=a.variable[1].inside,o=0;o