Convert kubeval to kubeconform in golang (#1181)

* Convert kubeval to kubeconform in golang

Signed-off-by: Fiachra Corcoran <[email protected]>

* Reduce docker image size

Signed-off-by: Fiachra Corcoran <[email protected]>

* Clean up k8s schema inclusion

Signed-off-by: Fiachra Corcoran <[email protected]>

* Update details of schemas

Signed-off-by: Fiachra Corcoran <[email protected]>

* Remove redundant logging

Signed-off-by: Fiachra Corcoran <[email protected]>

* Retrigger netlify

Signed-off-by: Fiachra Corcoran <[email protected]>

* Update to trigger netlify deploy

Signed-off-by: Fiachra Corcoran <[email protected]>

---------

Signed-off-by: Fiachra Corcoran <[email protected]>

Author: efiacor

.gitignore

@@ -15,4 +15,5 @@ documentation/resources
 *.bak
 
 scripts/patch_reader/patch_reader
-shell_files.out
+shell_files.out
+!jsonschema-k8s.tar.gz

contrib/examples/kubeconform-imperative/.expected/config.yaml

@@ -0,0 +1,7 @@
+exitCode: 1
+skip: false
+testType: eval
+image: ghcr.io/kptdev/krm-functions-catalog/krm-fn-contrib/kubeconform:latest
+args:
+  strict: 'true'
+  skip_kinds: MyCustom,MyOtherCustom

contrib/examples/kubeconform-imperative/.expected/results.yaml

@@ -0,0 +1,30 @@
+apiVersion: kpt.dev/v1
+kind: FunctionResultList
+metadata:
+  name: fnresults
+exitCode: 1
+items:
+  - image: ghcr.io/kptdev/krm-functions-catalog/krm-fn-contrib/kubeconform:latest
+    stderr: 'failed to evaluate function: error: function failure'
+    exitCode: 1
+    results:
+      - message: got string, want null or integer
+        severity: error
+        resourceRef:
+          apiVersion: v1
+          kind: ReplicationController
+          name: bob
+        field:
+          path: spec.replicas
+        file:
+          path: app.yaml
+      - message: additional properties 'templates' not allowed
+        severity: error
+        resourceRef:
+          apiVersion: v1
+          kind: ReplicationController
+          name: bob
+        field:
+          path: spec
+        file:
+          path: app.yaml

contrib/examples/kubeconform-imperative/.krmignore

@@ -0,0 +1 @@
+.expected

contrib/examples/kubeconform-imperative/README.md

@@ -0,0 +1,76 @@
+# kubeconform: Imperative Example
+
+### Overview
+
+This example demonstrates how to imperatively invoke [`kubeconform`] function to
+validate KRM resources.
+
+### Fetch the example package
+
+Get the example package by running the following commands:
+
+```shell
+$ kpt pkg get https://github.com/kptdev/krm-functions-catalog.git/contrib/examples/kubeconform-imperative
+```
+
+We have a `ReplicationController` in `app.yaml` that has 2 schema violations:
+- `.spec.templates` is unknown, since it should be `.spec.template`.
+- `spec.replicas` must not be a string.
+
+### Function invocation
+
+Try it out by running the following command:
+
+```shell
+# We set `strict=true` to disallow unknown field and `skip_kinds=MyCustom,MyOtherCustom` to skip 2 kinds that we don't have schemas.
+$ kpt fn eval kubeconform-imperative --image ghcr.io/kptdev/krm-functions-catalog/krm-fn-contrib/kubeconform:latest --results-dir /tmp -- strict=true skip_kinds=MyCustom,MyOtherCustom
+```
+
+The key-value pair(s) provided after `--` will be converted to `ConfigMap` by
+kpt and used as the function configuration.
+
+### Expected Results
+
+Let's look at the structured results in `/tmp/results.yaml`:
+
+```yaml
+apiVersion: kpt.dev/v1
+kind: FunctionResultList
+metadata:
+  name: fnresults
+exitCode: 1
+items:
+  - image: ghcr.io/kptdev/krm-functions-catalog/krm-fn-contrib/kubeconform:latest
+    stderr: 'failed to evaluate function: error: function failure'
+    exitCode: 1
+    results:
+      - message: got string, want null or integer
+        severity: error
+        resourceRef:
+          apiVersion: v1
+          kind: ReplicationController
+          name: bob
+        field:
+          path: spec.replicas
+        file:
+          path: app.yaml
+      - message: additional properties 'templates' not allowed
+        severity: error
+        resourceRef:
+          apiVersion: v1
+          kind: ReplicationController
+          name: bob
+        field:
+          path: spec
+        file:
+          path: app.yaml
+```
+
+To fix them:
+
+- replace the value of `spec.replicas` with an integer
+- change `templates` to `template`
+
+Rerun the command, and it should succeed.
+
+[`kubeconform`]:https://github.com/yannh/kubeconform

contrib/examples/kubeconform-imperative/app.yaml

@@ -0,0 +1,33 @@
+# From https://github.com/yannh/kubeconform/blob/master/fixtures/invalid.yaml
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: bob
+spec:
+  # If replicas is not an integer, kubeval will report error.
+  replicas: asdf # Replace "asdf" with an integer to fix the error.
+  selector:
+    app: nginx
+  templates:
+    metadata:
+      name: nginx
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: nginx
+          ports:
+          - containerPort: 80
+---
+apiVersion: example.com/v1
+kind: MyCustom
+metadata:
+  name: alice
+spec: {}
+---
+apiVersion: example.com/v1
+kind: MyOtherCustom
+metadata:
+  name: charlie
+spec: {}

contrib/examples/kubeconform-mount-schema/.expected/config.yaml

@@ -0,0 +1,2 @@
+exitCode: 1
+skip: false

contrib/examples/kubeconform-mount-schema/.expected/exec.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+kpt fn eval -i ghcr.io/kptdev/krm-functions-catalog/krm-fn-contrib/kubeconform:latest --image-pull-policy never \
+  --results-dir="$(pwd)/../results" \
+  --mount type=bind,src="$(pwd)/jsonschema",dst=/schema-dir/master-standalone \
+  -- schema_location=file:///schema-dir

contrib/examples/kubeconform-mount-schema/.expected/results.yaml

@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1
+kind: FunctionResultList
+metadata:
+  name: fnresults
+exitCode: 1
+items:
+  - image: ghcr.io/kptdev/krm-functions-catalog/krm-fn-contrib/kubeconform:latest
+    stderr: 'failed to evaluate function: error: function failure'
+    exitCode: 1
+    results:
+      - message: got string, want null or integer
+        severity: error
+        resourceRef:
+          apiVersion: v1
+          kind: ReplicationController
+          name: bob
+        field:
+          path: spec.replicas
+        file:
+          path: replicationcontroller.yaml

contrib/examples/kubeconform-mount-schema/.krmignore

@@ -0,0 +1,2 @@
+.expected
+jsonschema