Skip to content

Commit

Permalink
ci: stop using kubeval and rely on helm template --validate
Browse files Browse the repository at this point in the history
kubeval and the json schemas is a project with too little maintainers,
so now we can't validate against k8s 1.19 or 1.20. Thankfully, we have
helm template --validate now that allow us to use a k8s api-server to
validate that our rendered templates are valid k8s resources.

By running a helm template --validate step with the
lint-and-validate-values.yaml we can ensure that they are valid.
  • Loading branch information
consideRatio committed Jan 14, 2021
1 parent 80ad088 commit 559452d
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 55 deletions.
22 changes: 7 additions & 15 deletions .github/workflows/test-chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,30 +41,18 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.7'
python-version: '3.8'

- name: Install dependencies
run: |
. ci/common
setup_helm
KUBEVAL_VERSION=0.15.0 setup_kubeval
pip install chartpress yamllint
- uses: pre-commit/[email protected]

- name: Lint and validate
# NOTE: Kubernetes resource validation can only be done against
# Kubernetes versions with schemas available in:
# https://github.com/instrumenta/kubernetes-json-schema
#
# NOTE: The "helm template" command will evaluate
# .Capabilities.APIVersion.Has in templates based on a Kubernetes
# version associated with the helm binary's version. Since we
# render the templates with a specific helm version, we end up
# rendering templates using a mocked k8s version unrelated to the
# Kubernetes version we want to validate against. This issue has
# made us not validate against versions lower than 1.14.
run: tools/templates/lint-and-validate.py --kubernetes-versions 1.14.0,1.18.0
run: tools/templates/lint-and-validate.py


test:
Expand Down Expand Up @@ -140,6 +128,10 @@ jobs:
. ./ci/common
install_and_run_chartpress_and_pebble
- name: "Helm template --validate (with lint and validate config)"
run: |
helm template --validate jupyterhub ./jupyterhub --values tools/templates/lint-and-validate-values.yaml
- name: "Install ${{ matrix.upgrade-from }} chart"
if: matrix.test == 'upgrade'
run: |
Expand Down Expand Up @@ -167,7 +159,7 @@ jobs:
await_autohttps_tls_cert_acquisition
await_autohttps_tls_cert_save
- name: "Upgrade ${{ matrix.upgrade-from }} chart to current chart"
- name: "Install or upgrade to current chart"
run: |
. ./ci/common
helm upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml
Expand Down
6 changes: 0 additions & 6 deletions ci/common
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,6 @@ await_autohttps_tls_cert_save() {
fi
}

setup_kubeval () {
echo "setup kubeval ${KUBEVAL_VERSION}"
curl -sfL https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-linux-amd64.tar.gz | tar xz kubeval
sudo mv kubeval /usr/local/bin/
}

install_and_run_chartpress_and_pebble () {
helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
helm repo update
Expand Down
40 changes: 6 additions & 34 deletions tools/templates/lint-and-validate.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
#!/usr/bin/env python3
"""
Lints and validates the chart's template files and their rendered output without
any cluster interaction. For this script to function, you must install yamllint
and kubeval.
any cluster interaction. For this script to function, you must install yamllint.
USAGE:
Expand All @@ -13,13 +12,6 @@
yamllint: https://github.com/adrienverge/yamllint
pip install yamllint
kubeval: https://github.com/instrumenta/kubeval
LATEST=$(curl --silent "https://api.github.com/repos/instrumenta/kubeval/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
wget https://github.com/instrumenta/kubeval/releases/download/$LATEST/kubeval-linux-amd64.tar.gz
tar xf kubeval-linux-amd64.tar.gz
sudo mv kubeval /usr/local/bin
"""

import os
Expand Down Expand Up @@ -47,8 +39,8 @@ def check_call(cmd, **kwargs):
sys.exit(e.returncode)


def lint(yamllint_config, values, kubernetes_versions, output_dir, debug):
"""Calls `helm lint`, `helm template`, `yamllint` and `kubeval`."""
def lint(yamllint_config, values, output_dir, debug):
"""Calls `helm lint`, `helm template`, and `yamllint`."""

print("### Clearing output directory")
check_call(
Expand All @@ -67,7 +59,7 @@ def lint(yamllint_config, values, kubernetes_versions, output_dir, debug):
)

print("### Linting started")
print("### 1/4 - helm lint: lint helm templates")
print("### 1/3 - helm lint: lint helm templates")
helm_lint_cmd = [
"helm",
"lint",
Expand All @@ -80,7 +72,7 @@ def lint(yamllint_config, values, kubernetes_versions, output_dir, debug):
helm_lint_cmd.append("--debug")
check_call(helm_lint_cmd)

print("### 2/4 - helm template: generate kubernetes resources")
print("### 2/3 - helm template: generate kubernetes resources")
helm_template_cmd = [
"helm",
"template",
Expand All @@ -94,23 +86,9 @@ def lint(yamllint_config, values, kubernetes_versions, output_dir, debug):
helm_template_cmd.append("--debug")
check_call(helm_template_cmd)

print("### 3/4 - yamllint: yaml lint generated kubernetes resources")
print("### 3/3 - yamllint: yaml lint generated kubernetes resources")
check_call(["yamllint", "-c", yamllint_config, output_dir])

print("### 4/4 - kubeval: validate generated kubernetes resources")
for kubernetes_version in kubernetes_versions.split(","):
print("#### kubernetes_version ", kubernetes_version)
for filename in glob.iglob(output_dir + "/**/*.yaml", recursive=True):
check_call(
[
"kubeval",
filename,
"--kubernetes-version",
kubernetes_version,
"--strict",
]
)

print()
print(
"### Linting and validation of helm templates and generated kubernetes resources OK!"
Expand All @@ -129,11 +107,6 @@ def lint(yamllint_config, values, kubernetes_versions, output_dir, debug):
default="lint-and-validate-values.yaml",
help="Specify Helm values in a YAML file (can specify multiple)",
)
argparser.add_argument(
"--kubernetes-versions",
default="1.15.0",
help='List of Kubernetes versions to validate against separated by ","',
)
argparser.add_argument(
"--output-dir",
default="rendered-templates",
Expand All @@ -150,7 +123,6 @@ def lint(yamllint_config, values, kubernetes_versions, output_dir, debug):
lint(
args.yamllint_config,
args.values,
args.kubernetes_versions,
args.output_dir,
args.debug,
)

0 comments on commit 559452d

Please sign in to comment.