ci(kubernetes-ci): install CRDs before linting manifests

Signed-off-by: Siddhesh Mhadnak <[email protected]>
vipyrsec · Nov 26, 2023 · ae6dcae · ae6dcae
1 parent fb0c82e
commit ae6dcae
Show file tree

Hide file tree

Showing 9 changed files with 4,807 additions and 29 deletions.
diff --git a/.github/workflows/kubernetes-ci.yaml b/.github/workflows/kubernetes-ci.yaml
@@ -1,3 +1,4 @@
+---
 name: CI - Kubernetes
 
 on:
@@ -6,24 +7,56 @@ on:
     branches:
       - main
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: bash
+
 jobs:
   lint:
     name: Lint manifests
 
+    strategy:
+      fail-fast: false
+      matrix:
+        kubernetes-version:
+          - 1.27.2
+
     runs-on: ubuntu-22.04
+    env:
+      KUBECONFIG: /home/runner/.kube/config
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
 
       - name: Find manifests
         id: manifests
-        shell: bash
         run: |
-          echo "manifests<<EOF" >> $GITHUB_OUTPUT
-          python3 scripts/find_manifests.py >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
+          echo 'manifests<<EOF' >> "${GITHUB_OUTPUT}"
+          python3 scripts/python/find_manifests.py >> "${GITHUB_OUTPUT}"
+          echo 'EOF' >> "${GITHUB_OUTPUT}"
+
+      - name: Setup minikube
+        uses: medyagh/setup-minikube@96f4d627064f720ae7a9eb1116e590f9f1287867
+        with:
+          driver: docker
+          cpus: 2
+          memory: 2g
+
+          minikube-version: 1.32.0
+          kubernetes-version: ${{ matrix.kubernetes-version }}
+        timeout-minutes: 3
+
+      - name: Install CRDs
+        run: |
+          python3 -m pip install -r scripts/python/requirements.txt
+          python3 scripts/python/install_crds.py
 
       - name: Lint manifests
-        uses: sid-maddy/k8s-lint@897009c442e242ea782988ddcc4c9dded9af86ba
+        uses: sid-maddy/k8s-lint@7c783e6819f2aab071f7dddc2387d0500a42cf2f
         with:
+          lint-type: dry-run
           manifests: ${{ steps.manifests.outputs.manifests }}
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,6 @@ secrets.yaml
 
 # Helm
 kubernetes/chart/charts/*.tgz
+
+# Python
+.venv/
diff --git a/kubernetes/crds/cert-manager.crds.yaml b/kubernetes/crds/cert-manager.crds.yaml
diff --git a/scripts/bootstrap-vps.sh b/scripts/bootstrap-vps.sh
@@ -1,20 +1,22 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# shellcheck shell=bash
 # Script to bootstrap a new VPS with the necessary users and groups
+set -e
 
 groupadd vipyrsec
 
 useradd --create-home --home-dir /home/shenanigansd --shell /bin/bash --groups sudo,vipyrsec --user-group shenanigansd
-echo "shenanigansd:shadow" | chpasswd
+echo 'shenanigansd:shadow' | chpasswd
 mkdir /home/shenanigansd/.ssh
-echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zdYNAzevMYs2uTKWmhW6lLtWWe24PHcVSo10MYX0W azuread\bradleyreynolds@5CD042JKKK" >/home/shenanigansd/.ssh/authorized_keys
+echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zdYNAzevMYs2uTKWmhW6lLtWWe24PHcVSo10MYX0W azuread\bradleyreynolds@5CD042JKKK' >/home/shenanigansd/.ssh/authorized_keys
 chown -R shenanigansd:shenanigansd /home/shenanigansd/.ssh
 chmod 700 /home/shenanigansd/.ssh
 chmod 600 /home/shenanigansd/.ssh/authorized_keys
 
 useradd --create-home --home-dir /home/rem --shell /bin/bash --groups sudo,vipyrsec --user-group rem
-echo "rem:shadow" | chpasswd
+echo 'rem:shadow' | chpasswd
 mkdir /home/rem/.ssh
-echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxt8Y50hNh192jUbOuhyah3bVUG0mUUXdo3dWe9uzHZ 44jmn@Syrup" >/home/rem/.ssh/authorized_keys
+echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxt8Y50hNh192jUbOuhyah3bVUG0mUUXdo3dWe9uzHZ 44jmn@Syrup' >/home/rem/.ssh/authorized_keys
 chown -R rem:rem /home/rem/.ssh
 chmod 700 /home/rem/.ssh
 chmod 600 /home/rem/.ssh/authorized_keys

diff --git a/scripts/find_manifests.py b/scripts/find_manifests.py
diff --git a/scripts/python/find_manifests.py b/scripts/python/find_manifests.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+"""Search for Kubernetes manifests in the kubernetes/manifests/ directory."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+
+def main() -> None:
+    """Search for Kubernetes manifests in the kubernetes/manifests/ directory."""
+    manifests_dir = Path(__file__).parents[2] / "kubernetes/manifests"
+
+    for path in manifests_dir.rglob("*.yaml"):
+        if (
+            # Ignore manifests that start with _
+            not path.name.startswith("_")
+            # Path is likely a Kubernetes manifest
+            and "apiVersion:" in path.read_text()
+        ):
+            print(path)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/scripts/python/install_crds.py b/scripts/python/install_crds.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+"""Install Kubernetes CRDs."""
+
+from __future__ import annotations
+
+from pathlib import PurePath
+
+from kubernetes import client, config, utils
+
+
+def main() -> None:
+    """Install Kubernetes CRDs."""
+    config.load_kube_config()
+    api_client = client.ApiClient()
+
+    crd_dir = PurePath(__file__).parents[2] / "kubernetes/crds"
+
+    try:
+        utils.create_from_directory(api_client, yaml_dir=crd_dir, verbose=True)
+    except utils.FailToCreateError:
+        print("Failed to create some CRDs")
+        raise
+
+
+if __name__ == "__main__":
+    main()
diff --git a/scripts/python/requirements.in b/scripts/python/requirements.in
@@ -0,0 +1 @@
+kubernetes==27.*
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,3 +3,6 @@ secrets.yaml @@
     # Helm
     kubernetes/chart/charts/*.tgz
+    # Python
+    .venv/