diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh new file mode 100755 index 000000000..37aacb959 --- /dev/null +++ b/.github/kubeconform.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -euo pipefail + +KUBECONFORM_VERSION="v0.6.3" +# https://github.com/yannh/kubeconform/issues/51 +CRD_SPEC_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json" +OS=$(uname) + +CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} +if [ -n "$CHANGED_CHARTS" ]; +then + CHART_DIRS=$CHANGED_CHARTS +else + CHART_DIRS=$(ls -d charts/*) +fi + +# install kubeconform +curl --silent --show-error --fail --location --output /tmp/kubeconform.tar.gz "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-${OS}-amd64.tar.gz" +tar -xf /tmp/kubeconform.tar.gz kubeconform + +# validate charts +for CHART_DIR in ${CHART_DIRS}; do + echo "Running kubeconform for folder: '$CHART_DIR'" + + # Note: -ignore-missing-schemas could be added if needed, but not currently + # needed since we have the schema necessary to validate the CRDs themselves. + # + # Also, if at some point we needed to validate things _using_ these CRDs, + # they're available via + # https://github.com/datreeio/CRDs-catalog/tree/main/datadoghq.com + helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" \ + --values "${CHART_DIR}"/ci/kubeconform-values.yaml "${CHART_DIR}" \ + | ./kubeconform -schema-location default -schema-location "$CRD_SPEC_URL" \ + -output pretty -verbose -kubernetes-version "${KUBERNETES_VERSION#v}" - +done diff --git a/.github/kubeval.sh b/.github/kubeval.sh deleted file mode 100755 index 181f7c84c..000000000 --- a/.github/kubeval.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -set -euo pipefail - -KUBEVAL_VERSION="v0.16.1" -SCHEMA_LOCATION="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" -OS=$(uname) - -CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} -if [ -n "$CHANGED_CHARTS" ]; -then - CHART_DIRS=$CHANGED_CHARTS -else - CHART_DIRS=$(ls -d charts/*) -fi - -# install kubeval -curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz "https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-${OS}-amd64.tar.gz" -tar -xf /tmp/kubeval.tar.gz kubeval - -# validate charts -for CHART_DIR in ${CHART_DIRS}; do - echo "Running kubeval for folder: '$CHART_DIR'" - helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" --values "${CHART_DIR}"/ci/kubeval-values.yaml "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" -done diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c842ec95e..b1c814826 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -68,7 +68,7 @@ jobs: - name: Run helm-docs run: .github/helm-docs.sh - kubeval-chart: + kubeconform-chart: runs-on: ubuntu-latest needs: - changed @@ -80,12 +80,10 @@ jobs: # https://github.com/instrumenta/kubernetes-json-schema is no # longer updated k8s: - # - v1.14.10 (deprecated with kind 1.16) - - v1.16.15 - - v1.18.20 - v1.22.9 - v1.24.2 - # v1.25.2 (when agent 7.40 is out) + - v1.25.14 + - v1.26.9 steps: - name: Checkout uses: actions/checkout@v3 @@ -95,26 +93,25 @@ jobs: run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Add KSM helm repo run: helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts - - name: Run kubeval + - name: Run kubeconform env: KUBERNETES_VERSION: ${{ matrix.k8s }} CHANGED_CHARTS: ${{needs.changed.outputs.charts}} - run: .github/kubeval.sh + run: .github/kubeconform.sh install-chart: name: install-chart runs-on: ubuntu-20.04 needs: - lint-chart - - kubeval-chart + - kubeconform-chart strategy: matrix: k8s: - - v1.16.15 - - v1.18.20 - v1.22.9 - v1.24.2 - - v1.25.2 + - v1.25.14 + - v1.26.9 steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.gitignore b/.gitignore index 9f0bb268c..089390f06 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ charts/*/charts helm-docs -kubeval +kubeconform .idea vendor/ .vscode diff --git a/charts/datadog-crds/ci/kubeval-values.yaml b/charts/datadog-crds/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog-crds/ci/kubeval-values.yaml rename to charts/datadog-crds/ci/kubeconform-values.yaml diff --git a/charts/datadog-operator/ci/kubeval-values.yaml b/charts/datadog-operator/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog-operator/ci/kubeval-values.yaml rename to charts/datadog-operator/ci/kubeconform-values.yaml diff --git a/charts/datadog/ci/kubeval-values.yaml b/charts/datadog/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog/ci/kubeval-values.yaml rename to charts/datadog/ci/kubeconform-values.yaml diff --git a/charts/extended-daemon-set/ci/kubeval-values.yaml b/charts/extended-daemon-set/ci/kubeconform-values.yaml similarity index 100% rename from charts/extended-daemon-set/ci/kubeval-values.yaml rename to charts/extended-daemon-set/ci/kubeconform-values.yaml diff --git a/charts/observability-pipelines-worker/ci/kubeval-values.yaml b/charts/observability-pipelines-worker/ci/kubeconform-values.yaml similarity index 100% rename from charts/observability-pipelines-worker/ci/kubeval-values.yaml rename to charts/observability-pipelines-worker/ci/kubeconform-values.yaml diff --git a/charts/synthetics-private-location/ci/kubeval-values.yaml b/charts/synthetics-private-location/ci/kubeconform-values.yaml similarity index 100% rename from charts/synthetics-private-location/ci/kubeval-values.yaml rename to charts/synthetics-private-location/ci/kubeconform-values.yaml