2 Commits

Author SHA1 Message Date
unkinben fd7fc8f41b refactor(ci): convert CRD schema generator to uv inline script
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline failed
2026-06-02 16:12:30 +10:00
unkinben 93581bfde2 feat(ci): add CRD schema generation for kubeconform validation
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline failed
Add scripts to extract OpenAPI v3 schemas from CRD definitions in all
kustomize overlays and write JSON schema files to ci/crd-schemas/ for
kubeconform validation. This allows kubeconform to validate CRD instances
(Elasticsearch, Kibana, CNPG Cluster, VictoriaMetrics, etc.) instead of
skipping or erroring on them.

- ci/generate-crd-schemas.py: extracts schemas from CRD YAML on stdin
- ci/generate-crd-schemas.sh: iterates overlays, pipes to Python script
- ci/validate-apps.sh, ci/validate-clusters.sh: add local schema-location fallback
- Makefile: add generate-schemas target
- add generate-schemas step to kubeconform woodpecker pipeline so schemas
2026-06-02 15:24:31 +10:00
8 changed files with 97 additions and 2 deletions
+1
View File
@@ -1,2 +1,3 @@
manifests/
apps/**/charts/
ci/crd-schemas/
+1 -1
View File
@@ -6,7 +6,7 @@ repos:
- id: check-executables-have-shebangs
- id: check-json
- id: check-added-large-files
args: ['--maxkb=500']
args: ['--maxkb=2048']
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-symlinks
+15
View File
@@ -2,6 +2,21 @@ when:
- event: pull_request
steps:
- name: generate-schemas
image: git.unkin.net/unkin/almalinux9-kubetest:20260319
commands:
- make generate-schemas
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
- name: kubeconform
image: git.unkin.net/unkin/almalinux9-kubetest:20260319
commands:
+5
View File
@@ -11,6 +11,11 @@ kubeconform:
@ci/validate-apps.sh && \
ci/validate-clusters.sh
# Generate JSON schemas from CRD definitions for kubeconform
# Run when CRD versions change, then commit ci/crd-schemas/
generate-schemas:
@ci/generate-crd-schemas.sh
# Clean all generated manifests
clean:
@rm -rf manifests/
+49
View File
@@ -0,0 +1,49 @@
#!/usr/bin/env -S uv run
# /// script
# requires-python = ">=3.11"
# dependencies = ["pyyaml"]
# ///
"""
Extract OpenAPI v3 schemas from CRD YAML on stdin and write JSON schema files
to the output directory for use with kubeconform.
Usage: kustomize build ... | ci/generate-crd-schemas.py <output-dir>
"""
import sys
import json
import os
import yaml
def main() -> int:
output_dir = sys.argv[1] if len(sys.argv) > 1 else "ci/crd-schemas"
count = 0
for doc in yaml.safe_load_all(sys.stdin):
if not doc or doc.get("kind") != "CustomResourceDefinition":
continue
group = doc["spec"]["group"]
kind = doc["spec"]["names"]["kind"]
group_dir = os.path.join(output_dir, group)
os.makedirs(group_dir, exist_ok=True)
for ver in doc["spec"].get("versions", []):
if not ver.get("served", True):
continue
schema = ver.get("schema", {}).get("openAPIV3Schema")
if not schema:
continue
fname = os.path.join(group_dir, f"{kind.lower()}_{ver['name']}.json")
with open(fname, "w") as f:
json.dump({"$schema": "http://json-schema.org/schema#", **schema}, f, indent=2)
f.write("\n")
print(f" wrote {fname}", file=sys.stderr)
count += 1
return count
if __name__ == "__main__":
print(main())
+23
View File
@@ -0,0 +1,23 @@
#!/usr/bin/env bash
# Extract OpenAPI v3 schemas from CRD definitions in all kustomize overlays
# and write JSON schema files to ci/crd-schemas/ for kubeconform validation.
#
# Run this script whenever CRD versions change, then commit the output.
# Usage: ci/generate-crd-schemas.sh [output-dir]
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
OUTPUT_DIR="${1:-${SCRIPT_DIR}/crd-schemas}"
mkdir -p "$OUTPUT_DIR"
total=0
while IFS= read -r -d "" k; do
dir="$(dirname "$k")"
n=$(kustomize build --enable-helm "$dir" 2>/dev/null \
| "$SCRIPT_DIR/generate-crd-schemas.py" "$OUTPUT_DIR") || continue
total=$((total + n))
done < <(find apps/overlays clusters -name kustomization.yaml -print0 | sort -z)
echo "Generated ${total} schema(s) in ${OUTPUT_DIR}" >&2
+2 -1
View File
@@ -6,6 +6,7 @@ KUBE_VERSION="1.33.7"
schema_args=(
-schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}-standalone{{.StrictSuffix}}/{{.ResourceKind}}{{.KindSuffix}}.json"
-schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
-schema-location "file://${PWD}/ci/crd-schemas/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
)
while IFS= read -r -d "" k; do
@@ -18,6 +19,6 @@ while IFS= read -r -d "" k; do
-summary \
-output pretty \
-verbose \
-skip CustomResourceDefinition,GpuDevicePlugin,LBNodeAgent,ServiceGroup \
-skip GpuDevicePlugin,LBNodeAgent,ServiceGroup \
"${schema_args[@]}"
done < <(find apps/overlays -name kustomization.yaml -print0)
+1
View File
@@ -6,6 +6,7 @@ KUBE_VERSION="1.33.7"
schema_args=(
-schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}-standalone{{.StrictSuffix}}/{{.ResourceKind}}{{.KindSuffix}}.json"
-schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
-schema-location "file://${PWD}/ci/crd-schemas/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
)
while IFS= read -r -d "" k; do