actions/kubeconform
9
0
Fork 0
mirror of https://github.com/yannh/kubeconform.git synced 2026-02-24 20:27:02 +00:00
Code Issues Projects Releases 1 Packages Wiki Activity Actions

Update Readme, add 'default' value for -schema-location parameter

Browse source
This commit is contained in:
Yann Hamon 2021-02-27 16:37:24 +01:00
parent 171d894752
commit b10927a052
3 changed files with 18 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
Readme.md
View file

@ -5,15 +5,17 @@
[![PkgGoDev](https://pkg.go.dev/badge/github.com/yannh/kubeconform/pkg/validator)](https://pkg.go.dev/github.com/yannh/kubeconform/pkg/validator) [![PkgGoDev](https://pkg.go.dev/badge/github.com/yannh/kubeconform/pkg/validator)](https://pkg.go.dev/github.com/yannh/kubeconform/pkg/validator)
Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes
configuration using the schemas from the registry maintained by the configuration!
[kubernetes-json-schema](https://github.com/instrumenta/kubernetes-json-schema) project!
It is inspired by, contains code from and is designed to stay close to It is inspired by, contains code from and is designed to stay close to
[Kubeval](https://github.com/instrumenta/kubeval), but with the following improvements: [Kubeval](https://github.com/instrumenta/kubeval), but with the following improvements:
* **high performance**: will validate & download manifests over multiple routines, caching * **high performance**: will validate & download manifests over multiple routines, caching
downloaded files in memory downloaded files in memory
* configurable list of **remote, or local schemas locations**, enabling validating Kubernetes * configurable list of **remote, or local schemas locations**, enabling validating Kubernetes
custom resources (CRDs) and offline validation capabilities. custom resources (CRDs) and offline validation capabilities
* uses by default a [self-updating fork](https://github.com/yannh/kubernetes-json-schema) of the schemas registry maintained
by the [kubernetes-json-schema](https://github.com/instrumenta/kubernetes-json-schema) project - which guarantees
up-to-date **schemas for all recent versions of Kubernetes**.
### A small overview of Kubernetes manifest validation ### A small overview of Kubernetes manifest validation
@ -132,21 +134,21 @@ Summary: 65 resources found in 34 files - Valid: 55, Invalid: 2, Errors: 8 Skipp
### Overriding schemas location - CRD and Openshift support ### Overriding schemas location - CRD and Openshift support
When the `-schema-location` parameter is not used, kubeconform will default to downloading schemas from When the `-schema-location` parameter is not used, or set to "default", kubeconform will default to downloading
`https://kubernetesjsonschema.dev`. Kubeconform however supports passing one, or multiple, schemas schemas from `https://github.com/yannh/kubernetes-json-schema`. Kubeconform however supports passing one, or multiple,
locations - HTTP URLs, or local filesystem paths, in which case it will lookup for schema definitions schemas locations - HTTP(s) URLs, or local filesystem paths, in which case it will lookup for schema definitions
in each of them, in order, stopping as soon as a matching file is found. in each of them, in order, stopping as soon as a matching file is found.
* If the -schema-location value does not end with '.json', Kubeconform will assume filenames / a file * If the -schema-location value does not end with '.json', Kubeconform will assume filenames / a file
structure identical to that of kubernetesjsonschema.dev structure identical to that of kubernetesjsonschema.dev or github.com/yannh/kubernetes-json-schema.
* if the -schema-location value ends with '.json' - Kubeconform assumes the value is a Go templated * if the -schema-location value ends with '.json' - Kubeconform assumes the value is a Go templated
string that indicates how to search for JSON schemas. string that indicates how to search for JSON schemas.
* the -schema-location value of "default" is an alias for https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json.
All 3 following command lines are equivalent: Both following command lines are equivalent:
``` ```
$ ./bin/kubeconform fixtures/valid.yaml $ ./bin/kubeconform fixtures/valid.yaml
$ ./bin/kubeconform -schema-location https://kubernetesjsonschema.dev fixtures/valid.yaml $ ./bin/kubeconform -schema-location default fixtures/valid.yaml
$ ./bin/kubeconform -schema-location 'https://kubernetesjsonschema.dev/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/valid.yaml $ ./bin/kubeconform -schema-location 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/valid.yaml
``` ```
To support validating CRDs, we need to convert OpenAPI files to JSON schema, storing the JSON schemas To support validating CRDs, we need to convert OpenAPI files to JSON schema, storing the JSON schemas
@ -154,7 +156,7 @@ in a local folder - for example schemas. Then we specify this folder as an addit
``` ```
# If the resource Kind is not found in kubernetesjsonschema.dev, also lookup in the schemas/ folder for a matching file # If the resource Kind is not found in kubernetesjsonschema.dev, also lookup in the schemas/ folder for a matching file
$ ./bin/kubeconform -registry https://kubernetesjsonschema.dev -schema-location 'schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/custom-resource.yaml $ ./bin/kubeconform -schema-location default -schema-location 'schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' fixtures/custom-resource.yaml
``` ```
You can validate Openshift manifests using a custom schema location. Set the OpenShift version to validate You can validate Openshift manifests using a custom schema location. Set the OpenShift version to validate

2
acceptance.bats
View file

@ -127,7 +127,7 @@ resetCacheFolder() {
} }
@test "Pass when using a valid, preset -schema-location" { @test "Pass when using a valid, preset -schema-location" {
run bin/kubeconform -schema-location https://kubernetesjsonschema.dev fixtures/valid.yaml run bin/kubeconform -schema-location default fixtures/valid.yaml
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }

4
pkg/registry/registry.go
View file

@ -80,7 +80,9 @@ func schemaPath(tpl, resourceKind, resourceAPIVersion, k8sVersion string, strict
} }
func New(schemaLocation string, cache string, strict bool, skipTLS bool) (Registry, error) { func New(schemaLocation string, cache string, strict bool, skipTLS bool) (Registry, error) {
if !strings.HasSuffix(schemaLocation, "json") { // If we dont specify a full templated path, we assume the paths of kubernetesjsonschema.dev if schemaLocation == "default" {
schemaLocation = "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json"
} else if !strings.HasSuffix(schemaLocation, "json") { // If we dont specify a full templated path, we assume the paths of our fork of kubernetes-json-schema
schemaLocation += "/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json" schemaLocation += "/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json"
} }