feat: add fluxcd and calico crd schema to container build
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2023-01-10 16:35:55 +01:00
parent f7e2c84931
commit 1034182de6
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
2 changed files with 20 additions and 8 deletions

View File

@ -12,6 +12,8 @@ ARG YQ_VERSION
ARG HELM_VERSION ARG HELM_VERSION
ARG KUSTOMIZE_VERSION ARG KUSTOMIZE_VERSION
ARG KUBECONFORM_VERSION ARG KUBECONFORM_VERSION
ARG CALICO_VERSION
ARG FLUXCD_VERSION
# renovate: datasource=github-releases depName=kubernetes/kubernetes # renovate: datasource=github-releases depName=kubernetes/kubernetes
ENV KUBECTL_VERSION="${KUBECTL_VERSION:-v1.26.0}" ENV KUBECTL_VERSION="${KUBECTL_VERSION:-v1.26.0}"
@ -23,8 +25,12 @@ ENV HELM_VERSION="${HELM_VERSION:-v3.10.3}"
ENV KUSTOMIZE_VERSION="${KUSTOMIZE_VERSION:-v4.5.7}" ENV KUSTOMIZE_VERSION="${KUSTOMIZE_VERSION:-v4.5.7}"
# renovate: datasource=github-releases depName=yannh/kubeconform # renovate: datasource=github-releases depName=yannh/kubeconform
ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.5.0}" ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.5.0}"
# renovate: datasource=github-releases depName=projectcalico/calico
ENV CALICO_VERSION="${CALICO_VERSION:-v3.24.5}"
# renovate: datasource=github-releases depName=fluxcd/flux2
ENV FLUXCD_VERSION="${FLUXCD_VERSION:-v0.38.2}"
RUN apk --update add curl tar bash && \ RUN apk --update add curl tar bash python3 py3-yaml && \
curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \ curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \ curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \
curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \ curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \
@ -34,12 +40,22 @@ RUN apk --update add curl tar bash && \
| tar xz -C /usr/local/bin kustomize && \ | tar xz -C /usr/local/bin kustomize && \
curl -SsfL "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz" \ curl -SsfL "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz" \
| tar xz -C /usr/local/bin kubeconform && \ | tar xz -C /usr/local/bin kubeconform && \
curl -SsfL -o /usr/local/bin/openapi2jsonschema "https://raw.githubusercontent.com/yannh/kubeconform/${KUBECONFORM_VERSION}/scripts/openapi2jsonschema.py" && \
chmod 755 /usr/local/bin/kubectl && \ chmod 755 /usr/local/bin/kubectl && \
chmod 755 /usr/local/bin/kubectl-convert && \ chmod 755 /usr/local/bin/kubectl-convert && \
chmod 755 /usr/local/bin/yq && \ chmod 755 /usr/local/bin/yq && \
chmod 755 /usr/local/bin/helm && \ chmod 755 /usr/local/bin/helm && \
chmod 755 /usr/local/bin/kustomize && \ chmod 755 /usr/local/bin/kustomize && \
chmod 755 /usr/local/bin/kubeconform && \ chmod 755 /usr/local/bin/kubeconform && \
chmod 755 /usr/local/bin/openapi2jsonschema && \
mkdir -p /etc/kube-tools/schemas/flux/master-standalone-strict && \
mkdir -p /etc/kube-tools/schemas/calico/master-standalone-strict && \
curl -SsfL "https://github.com/fluxcd/flux2/releases/download/${FLUXCD_VERSION}/crd-schemas.tar.gz" \
| tar xz -C /etc/kube-tools/schemas/flux/master-standalone-strict && \
curl -SsfL -o /tmp/calico.crds.yaml "https://raw.githubusercontent.com/projectcalico/calico/${CALICO_VERSION}/manifests/calico.yaml" && \
cd /etc/kube-tools/schemas/calico/master-standalone-strict && \
openapi2jsonschema /tmp/calico.crds.yaml && \
for file in *.json ; do mv $file ${file//_v1/_v3} ; done && \
rm -rf /var/cache/apk/* && \ rm -rf /var/cache/apk/* && \
rm -rf /tmp/* rm -rf /tmp/*

View File

@ -30,10 +30,6 @@ KUSTOMIZE_CONFIG="kustomization.yaml"
FLUX_PATH="${1:-.}" FLUX_PATH="${1:-.}"
printf "INFO - Downloading Flux OpenAPI schemas\n"
mkdir -p /tmp/flux-crd-schemas/master-standalone-strict
curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict
find "${FLUX_PATH%/}" -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do find "${FLUX_PATH%/}" -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do
printf "INFO - Validating %s\n" "$file" printf "INFO - Validating %s\n" "$file"
yq e 'true' "$file" >/dev/null yq e 'true' "$file" >/dev/null
@ -41,12 +37,12 @@ done
kubeconform_config=( kubeconform_config=(
"-strict" "-strict"
"-ignore-missing-schemas"
"-schema-location" "default" "-schema-location" "default"
"-schema-location" "/tmp/flux-crd-schemas" "-schema-location" "/etc/kube-tools/schemas/flux"
"-schema-location" "/etc/kube-tools/schemas/calico/master-standalone-strict/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json"
"-exit-on-error" "-exit-on-error"
"-summary" "-summary"
"-skip" "Secret" "-skip" "Secret,CustomResourceDefinition"
) )
printf "\nINFO - Validating clusters\n" printf "\nINFO - Validating clusters\n"