feat(ci): add CRD schema generation for kubeconform validation
Add scripts to extract OpenAPI v3 schemas from CRD definitions in all kustomize overlays and write JSON schema files to ci/crd-schemas/ for kubeconform validation. This allows kubeconform to validate CRD instances (Elasticsearch, Kibana, CNPG Cluster, VictoriaMetrics, etc.) instead of skipping or erroring on them. - ci/generate-crd-schemas.py: extracts schemas from CRD YAML on stdin - ci/generate-crd-schemas.sh: iterates overlays, pipes to Python script - ci/validate-apps.sh, ci/validate-clusters.sh: add local schema-location fallback - Makefile: add generate-schemas target - add generate-schemas step to kubeconform woodpecker pipeline so schemas
This commit is contained in:
Executable
+45
@@ -0,0 +1,45 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
Extract OpenAPI v3 schemas from CRD YAML on stdin and write JSON schema files
|
||||
to the output directory for use with kubeconform.
|
||||
|
||||
Usage: kustomize build ... | python3 ci/generate-crd-schemas.py <output-dir>
|
||||
"""
|
||||
import sys
|
||||
import json
|
||||
import os
|
||||
|
||||
import yaml
|
||||
|
||||
|
||||
def main() -> int:
|
||||
output_dir = sys.argv[1] if len(sys.argv) > 1 else "ci/crd-schemas"
|
||||
count = 0
|
||||
|
||||
for doc in yaml.safe_load_all(sys.stdin):
|
||||
if not doc or doc.get("kind") != "CustomResourceDefinition":
|
||||
continue
|
||||
|
||||
group = doc["spec"]["group"]
|
||||
kind = doc["spec"]["names"]["kind"]
|
||||
group_dir = os.path.join(output_dir, group)
|
||||
os.makedirs(group_dir, exist_ok=True)
|
||||
|
||||
for ver in doc["spec"].get("versions", []):
|
||||
if not ver.get("served", True):
|
||||
continue
|
||||
schema = ver.get("schema", {}).get("openAPIV3Schema")
|
||||
if not schema:
|
||||
continue
|
||||
fname = os.path.join(group_dir, f"{kind.lower()}_{ver['name']}.json")
|
||||
with open(fname, "w") as f:
|
||||
json.dump({"$schema": "http://json-schema.org/schema#", **schema}, f, indent=2)
|
||||
f.write("\n")
|
||||
print(f" wrote {fname}", file=sys.stderr)
|
||||
count += 1
|
||||
|
||||
return count
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
print(main())
|
||||
Reference in New Issue
Block a user