Add JSON schema generation for kubeconform CRD validation
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

- ci/generate-schemas.sh extracts schemas from live cluster CRDs via kubectl
- Generated schemas committed to schemas/ for CI use
- Run `make schemas` to regenerate after CRD or K8s version changes
- validate-apps.sh and validate-clusters.sh check local schemas first
- CRD instances (Gateway, TLSRoute, Pooler, etc.) now validated instead of skipped
- CustomResourceDefinition meta-type still skipped (no schema exists upstream)
This commit is contained in:
2026-06-28 16:53:11 +10:00
parent cfca1e5278
commit 2bd8fcc0c2
264 changed files with 142907 additions and 2 deletions
+50
View File
@@ -0,0 +1,50 @@
#!/usr/bin/env bash
set -euo pipefail
SCHEMA_DIR="${1:-schemas}"
rm -rf "$SCHEMA_DIR"
mkdir -p "$SCHEMA_DIR"
echo "==> Fetching CRDs from cluster..." >&2
kubectl get crds -o json | python3 -c "
import sys, json, os
def write_schema(schema, schema_dir, group, kind, version):
def strip_descriptions(obj):
if isinstance(obj, dict):
return {k: strip_descriptions(v) for k, v in obj.items() if k != 'description'}
if isinstance(obj, list):
return [strip_descriptions(i) for i in obj]
return obj
schema = strip_descriptions(schema)
group_dir = os.path.join(schema_dir, group)
os.makedirs(group_dir, exist_ok=True)
fname = f'{kind}_{version}.json'.lower()
with open(os.path.join(group_dir, fname), 'w') as f:
json.dump(schema, f, indent=2, sort_keys=True)
f.write('\n')
print(f' Generated: {group}/{fname}', file=sys.stderr)
data = json.load(sys.stdin)
for crd in data.get('items', []):
spec = crd.get('spec', {})
group = spec.get('group', '')
kind = spec.get('names', {}).get('kind', '')
for ver in spec.get('versions', []):
version = ver.get('name', '')
openapi = ver.get('schema', {}).get('openAPIV3Schema', {})
if not openapi:
continue
schema = dict(openapi)
schema['\$schema'] = 'http://json-schema.org/draft-07/schema#'
schema['type'] = 'object'
schema.setdefault('properties', {})
schema['properties'].setdefault('apiVersion', {'type': 'string'})
schema['properties'].setdefault('kind', {'type': 'string'})
schema['properties'].setdefault('metadata', {'type': 'object'})
write_schema(schema, '$SCHEMA_DIR', group, kind, version)
"
total=$(find "$SCHEMA_DIR" -name '*.json' | wc -l)
echo "==> Schema generation complete: $total schemas in $SCHEMA_DIR" >&2
+4 -1
View File
@@ -3,7 +3,10 @@ set -euo pipefail
KUBE_VERSION="1.33.7"
SCHEMA_DIR="${SCHEMA_DIR:-schemas}"
schema_args=(
-schema-location "$SCHEMA_DIR/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
-schema-location "https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}-standalone{{.StrictSuffix}}/{{.ResourceKind}}{{.KindSuffix}}.json"
-schema-location "https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
)
@@ -18,6 +21,6 @@ while IFS= read -r -d "" k; do
-summary \
-output pretty \
-verbose \
-skip CustomResourceDefinition,GpuDevicePlugin,LBNodeAgent,ServiceGroup \
-skip CustomResourceDefinition \
"${schema_args[@]}"
done < <(find apps/overlays -name kustomization.yaml -print0)
+3
View File
@@ -3,7 +3,10 @@ set -euo pipefail
KUBE_VERSION="1.33.7"
SCHEMA_DIR="${SCHEMA_DIR:-schemas}"
schema_args=(
-schema-location "$SCHEMA_DIR/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
-schema-location "https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}-standalone{{.StrictSuffix}}/{{.ResourceKind}}{{.KindSuffix}}.json"
-schema-location "https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
)