All tasks use the docker container from https://github.com/swade1987/kubernetes-toolkit.
If you would like changes made to the above image please feel free to open an issue or pull request.
There are a number of useful Make
tasks available for you to validate your manifests and overall Kustomize setup.
These can be found within the Makefile
in the root of this repository.
As the name of each HelmRelease
resources needs to be unique in a cluster this makes sure this is the case.
This runs kubeval against each HelmRelease
constructed during the output of kustomize build
for each environment.
This makes sure that resources being deployed match strictly to the schemas for the version of Kubernetes specified by the toolkit container image.
At present a container image is only available for Kubernetes v1.17.2, if you would like a newer image please open a PR.
This uses conftest to make sure the resources being applied to the cluster are not using deprecated API versions.
This uses the policies located here.
This simply makes sure each of your kustomization.yaml
files are accurate against the Kustomize
specification.
The scripts available for execution locally can also be executed as part of CI.
The configuration for these can be seen within .circle/config.yml
.
This script (bin/kubeval-helmreleases-for-environment
) is expected to only run within CI and not locally due to the way its execute.
It runs hrval against each HelmRelease
constructed during the output of kustomize build
for a given environment.
The steps hrval
executes for each HelmRelease
are as follows:
- extracts the chart source with yq
- downloads the chart from the Helm or Git repository
- extracts the Helm Release values with yq
- runs
helm template
for the extracted values - validates the YAMLs using kubeval in strict mode
There is one GitHub action that runs as part of CI at present.
This actions uses eeveebank/github-action-kustomize-diff.
Shout outs to @benhartley for implementing this.
The steps the action takes are as follows:
- Store the output of
kustomize build
(for each environment) on the current branch. - Store the output of
kustomize build
(for each environment) on themaster
branch. - Based on the two outputs above it performs a
git diff
and stores the output in a variable calledescaped_output
.
This action is combined with unsplash/comment-on-pr to comment the output to the PR.
The complete action can be found in .github/workflows/kustomize-diff.yml.
An example output can be seen in #6.