xunpack

command module
v0.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

README

Unpack manifests from crossplane resources

release Go Report Card OpenSSF Scorecard Coverage Status

This small utility extracts manifests from crossplane packages as well as converts any CompositeResourceDefinitions into CustomResourceDefinitions.

Crossplane packages are installed at runtime and any crossplane manifests are only available within the cluster. The same applies for CompositeResourceDefinitions. Any CompositeResourceDefinitions are only installed at runtime. This makes is hard to validate crossplane providers and/or custom crossplane resources before runtime. However with this tool these manifests are available beforehand and resources can be validated in ci pipelines.

Installation

Brew
brew tap doodlescheduling/xunpack
brew install xunpack
Docker
docker pull ghcr.io/doodlescheduling/xunpack:v0

Arguments

Flag Short Env Default Description
--file -f IFILE /dev/stdin Path to input
--workers `` WORKERS Number of CPU cores Number of workers to process the manifest
--fail-fast `` FAIL_FAST false Exit early if an error occurred
--allow-failure `` ALLOW_FAILURE false Do not exit > 0 if an error occurred
--output -o OUTPUT /dev/stdout Path to output file

Github Action

This app works also great on CI, in fact this was the original reason why it was created.

Example usage
name: xunpack
on:
- pull_request

jobs:
  build:
    strategy:
      matrix:
        cluster: [staging, production]

    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
    - uses: docker://ghcr.io/doodlescheduling/xunpack:v0
      env:
        PATHS: ./${{ matrix.cluster }}
        OUTPUT: build.yaml
Advanced example

While a simple gitops pipeline just verifies if kustomizations can be built and HelmReleases installed a more advanced pipeline includes follow-up validations like kyverno tests, kubeval validations or kubeaudit tests.

name: xunpack
on:
- pull_request

jobs:
  build:
    strategy:
      matrix:
        cluster: [staging, production]

    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
    - uses: docker://ghcr.io/doodlescheduling/xunpack:v0
      env:
        PATHS: ./${{ matrix.cluster }}
        WORKERS: "50"
        OUTPUT: ./build.yaml
    - name: Setup kubeconform
      shell: bash
      run: |
        curl -L -v --fail https://github.com/yannh/kubeconform/releases/download/v0.6.1/kubeconform-linux-amd64.tar.gz -o kubeconform.tgz
        tar xvzf kubeconform.tgz
        sudo mv kubeconform /usr/bin/
    - name: Setup openapi2jsonschema
      shell: bash
      run: |
        curl -L -v --fail https://raw.githubusercontent.com/yannh/kubeconform/v0.6.2/scripts/openapi2jsonschema.py -o openapi2jsonschema.py
        sudo mv openapi2jsonschema.py /usr/bin/openapi2jsonschema
        sudo chmod +x /usr/bin/openapi2jsonschema
    - name: Setup yq
      uses: chrisdickinson/setup-yq@3d931309f27270ebbafd53f2daee773a82ea1822 #v1.0.1
      with:
        yq-version: v4.24.5
    - name: Convert CRD to json schemas
      shell: bash
      run: |
        echo "openapi2jsonschema ./build.yaml"
        mkdir "schemas"
        cat $m | yq -e 'select(.kind == "CustomResourceDefinition")' > schemas/crds.yaml
        pip install pyyaml
        openapi2jsonschema schemas/*.yaml
    - name: Run conform
      shell: bash
      env: 
        KUBERNETES_VERSION: "${{ inputs.kubernetes-version }}"
      run: |
        echo "kubeconform $m"
        cat ./build.yaml | kubeconform -kubernetes-version $KUBERNETES_VERSION -schema-location default -schema-location "schemas/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json" --skip CustomResourceDefinition,APIService --strict --summary
    - name: Setup kyverno
      shell: bash
      run: |
        curl -LO --fail https://github.com/kyverno/kyverno/releases/download/v1.7.2/kyverno-cli_v1.7.2_linux_x86_64.tar.gz
        tar -xvf kyverno-cli_v1.7.2_linux_x86_64.tar.gz
        sudo cp kyverno /usr/local/bin/
    - name: Test kyverno policies
      shell: bash
      run: |
        kyverno apply kyverno-policies -r ./build.yaml

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
internal
xcrd
Package xcrd generates CustomResourceDefinitions from Crossplane definitions.
Package xcrd generates CustomResourceDefinitions from Crossplane definitions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL