Compare commits
5 commits
891e34ad52
...
158be3e1f4
Author | SHA1 | Date | |
---|---|---|---|
158be3e1f4 | |||
fc39bc3b83 | |||
7b692734f5 | |||
5645cad7cb | |||
2136232bd1 |
7 changed files with 48 additions and 139 deletions
|
@ -1,138 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
|
||||||
name: "K8S json Schemas --> Cloudflare R2"
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
schedule:
|
|
||||||
- cron: "0 0 * * *" # Every day at midnight
|
|
||||||
push:
|
|
||||||
branches: ["main"]
|
|
||||||
paths: [".forgejo/workflows/schemas.yaml"]
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
publish:
|
|
||||||
name: Schemas
|
|
||||||
runs-on: ["ubuntu-x86_64"]
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
packages: write
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: https://github.com/actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Setup Workflow Tools
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
|
|
||||||
chmod +x kubectl
|
|
||||||
mv kubectl /usr/local/bin/
|
|
||||||
|
|
||||||
curl -LO "https://dl.min.io/client/mc/release/linux-amd64/mc"
|
|
||||||
chmod +x mc
|
|
||||||
mv mc /usr/local/bin/
|
|
||||||
|
|
||||||
- name: Setup Python
|
|
||||||
run: |
|
|
||||||
apt-get update
|
|
||||||
apt-get install -y python3 python3-pip python3-yaml
|
|
||||||
pip3 install --upgrade pip
|
|
||||||
|
|
||||||
- name: Write kubeconfig
|
|
||||||
id: kubeconfig
|
|
||||||
uses: https://github.com/timheuer/base64-to-file@v1
|
|
||||||
with:
|
|
||||||
encodedString: "${{ secrets.KUBECONFIG }}"
|
|
||||||
fileName: kubeconfig
|
|
||||||
fileDir: ${{ env.GITHUB_WORKSPACE }}
|
|
||||||
- name: Write mc
|
|
||||||
id: mcconfig
|
|
||||||
uses: https://github.com/timheuer/base64-to-file@v1
|
|
||||||
with:
|
|
||||||
encodedString: "${{ secrets.MCCONFIG }}"
|
|
||||||
fileName: config.json
|
|
||||||
fileDir: ${{ env.GITHUB_WORKSPACE }}
|
|
||||||
|
|
||||||
- name: Extracting CRDs to yaml and converting to JSON schema
|
|
||||||
env:
|
|
||||||
KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}"
|
|
||||||
run: |
|
|
||||||
# kubeconfig
|
|
||||||
echo "kubeconfig location: $KUBECONFIG"
|
|
||||||
# Create temp folder for CRDs
|
|
||||||
TMP_CRD_DIR=$(mktemp -d)
|
|
||||||
echo "Temp directory: $TMP_CRD_DIR"
|
|
||||||
|
|
||||||
# Create final schemas directory
|
|
||||||
SCHEMAS_DIR=$GITHUB_WORKSPACE/crdSchemas
|
|
||||||
mkdir -p $SCHEMAS_DIR
|
|
||||||
echo "Schemas directory: $SCHEMAS_DIR"
|
|
||||||
|
|
||||||
# Create array to store CRD kinds and groups
|
|
||||||
ORGANIZE_BY_GROUP=true
|
|
||||||
declare -A CRD_GROUPS 2>/dev/null
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
# Array creation failed, signal to skip organization by group
|
|
||||||
ORGANIZE_BY_GROUP=false
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Extract CRDs from cluster
|
|
||||||
NUM_OF_CRDS=0
|
|
||||||
while read -r crd
|
|
||||||
do
|
|
||||||
filename=${crd%% *}
|
|
||||||
kubectl get crds "$filename" -o yaml > "$TMP_CRD_DIR/$filename.yaml" 2>&1
|
|
||||||
echo "Extracted CRD: $filename"
|
|
||||||
|
|
||||||
resourceKind=$(grep "kind:" "$TMP_CRD_DIR/$filename.yaml" | awk 'NR==2{print $2}' | tr '[:upper:]' '[:lower:]')
|
|
||||||
resourceGroup=$(grep "group:" "$TMP_CRD_DIR/$filename.yaml" | awk 'NR==1{print $2}')
|
|
||||||
|
|
||||||
# Save name and group for later directory organization
|
|
||||||
CRD_GROUPS["$resourceKind"]="$resourceGroup"
|
|
||||||
|
|
||||||
let ++NUM_OF_CRDS
|
|
||||||
done < <(kubectl get crds 2>&1 | sed -n '/NAME/,$p' | tail -n +2)
|
|
||||||
echo numCRDs: $NUM_OF_CRDS
|
|
||||||
|
|
||||||
# Download converter script
|
|
||||||
curl https://raw.githubusercontent.com/yannh/kubeconform/master/scripts/openapi2jsonschema.py --output $TMP_CRD_DIR/openapi2jsonschema.py 2>/dev/null
|
|
||||||
|
|
||||||
# Convert crds to jsonSchema
|
|
||||||
cd $SCHEMAS_DIR
|
|
||||||
python3 $TMP_CRD_DIR/openapi2jsonschema.py $TMP_CRD_DIR/*.yaml
|
|
||||||
conversionResult=$?
|
|
||||||
|
|
||||||
# Copy and rename files to support kubeval
|
|
||||||
rm -rf $SCHEMAS_DIR/master-standalone
|
|
||||||
mkdir -p $SCHEMAS_DIR/master-standalone
|
|
||||||
cp $SCHEMAS_DIR/*.json $SCHEMAS_DIR/master-standalone
|
|
||||||
find $SCHEMAS_DIR/master-standalone -name '*json' -exec bash -c ' mv -f $0 ${0/\_/-stable-}' {} \;
|
|
||||||
|
|
||||||
# Organize schemas by group
|
|
||||||
if [ $ORGANIZE_BY_GROUP == true ]; then
|
|
||||||
for schema in $SCHEMAS_DIR/*.json
|
|
||||||
do
|
|
||||||
crdFileName=$(basename $schema .json)
|
|
||||||
crdKind=${crdFileName%%_*}
|
|
||||||
crdGroup=${CRD_GROUPS[$crdKind]}
|
|
||||||
if [ -z $crdGroup ]; then
|
|
||||||
crdGroup="uncategorized"
|
|
||||||
echo "CRD kind $crdKind has no group, moving to $crdGroup"
|
|
||||||
fi
|
|
||||||
echo making directory $crdGroup
|
|
||||||
mkdir -p $crdGroup
|
|
||||||
mv $schema ./$crdGroup
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
rm -rf $TMP_CRD_DIR
|
|
||||||
|
|
||||||
- name: Deploy to Cloudflare R2
|
|
||||||
env:
|
|
||||||
MC_CONFIG_DIR: "${{ steps.mcconfig.outputs.fileDir }}"
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
echo $GITHUB_WORKSPACE/crdSchemas/
|
|
||||||
mc cp --recursive $GITHUB_WORKSPACE/crdSchemas/ r2-ks/kubernetes-schema
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/tailscale.com/connector_v1alpha1.json
|
||||||
|
apiVersion: tailscale.com/v1alpha1
|
||||||
|
kind: Connector
|
||||||
|
metadata:
|
||||||
|
name: connector
|
||||||
|
spec:
|
||||||
|
hostname: theshire-connector
|
||||||
|
exitNode: true
|
||||||
|
proxyClass: kernel-org-tun
|
||||||
|
subnetRouter:
|
||||||
|
advertiseRoutes:
|
||||||
|
- "10.5.0.0/16" # load-balancers
|
||||||
|
- "10.4.0.0/16" # services
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./connector.yaml
|
||||||
|
- ./proxyclass.yaml
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/tailscale.com/proxyclass_v1alpha1.json
|
||||||
apiVersion: tailscale.com/v1alpha1
|
apiVersion: tailscale.com/v1alpha1
|
||||||
kind: ProxyClass
|
kind: ProxyClass
|
||||||
metadata:
|
metadata:
|
|
@ -10,6 +10,15 @@ spec:
|
||||||
name: onepassword-connect
|
name: onepassword-connect
|
||||||
target:
|
target:
|
||||||
name: k8s-operator-oauth-secret
|
name: k8s-operator-oauth-secret
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
OAUTH_CLIENT_ID: "{{ .k8s_theshire_oauth_clientid }}"
|
||||||
|
OAUTH_CLIENT_SECRET: "{{ .k8s_theshire_oauth_clientsecret }}"
|
||||||
dataFrom:
|
dataFrom:
|
||||||
- extract:
|
- extract:
|
||||||
key: k8s-operator-oauth
|
key: tailscale
|
||||||
|
rewrite:
|
||||||
|
- regexp:
|
||||||
|
source: "[-]"
|
||||||
|
target: "_"
|
|
@ -20,6 +20,15 @@ spec:
|
||||||
crds: CreateReplace
|
crds: CreateReplace
|
||||||
upgrade:
|
upgrade:
|
||||||
crds: CreateReplace
|
crds: CreateReplace
|
||||||
|
valuesFrom:
|
||||||
|
- kind: Secret
|
||||||
|
name: k8s-operator-oauth-secret
|
||||||
|
valuesKey: OAUTH_CLIENT_ID
|
||||||
|
targetPath: oauth.clientId
|
||||||
|
- kind: Secret
|
||||||
|
name: k8s-operator-oauth-secret
|
||||||
|
valuesKey: OAUTH_CLIENT_SECRET
|
||||||
|
targetPath: oauth.clientSecret
|
||||||
values:
|
values:
|
||||||
operatorConfig:
|
operatorConfig:
|
||||||
defaultTags:
|
defaultTags:
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./externalsecret.yaml
|
||||||
|
- ./helmrelease.yaml
|
Reference in a new issue