diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e6c250b --- /dev/null +++ b/Makefile @@ -0,0 +1,24 @@ +# Copyright 2024 The Flux authors. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +# Flux hub-and-spoke +# Requirements: docker, kind, kubectl + +.ONESHELL: +.SHELLFLAGS += -e + +.PHONY: validate +validate: # Validate the Flux manifests + scripts/validate.sh + +.PHONY: fleet-up +fleet-up: # Start local Kind clusters (flux-hub, flux-staging and flux-production) + scripts/fleet-up.sh + +.PHONY: fleet-down +fleet-down: # Teardown the Kind clusters + scripts/fleet-down.sh + +.PHONY: help +help: ## Display this help menu + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) diff --git a/scripts/validate.sh b/scripts/validate.sh new file mode 100755 index 0000000..a0e90dc --- /dev/null +++ b/scripts/validate.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +# This script downloads the Flux OpenAPI schemas, then it validates the +# Flux custom resources and the kustomize overlays using kubeconform. +# This script is meant to be run locally and in CI before the changes +# are merged on the main branch that's synced by Flux. + +# Copyright 2024 The Flux authors. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +# Prerequisites +# - yq v4.34 +# - kustomize v5.3 +# - kubeconform v0.6 + +set -o errexit +set -o pipefail + +# mirror kustomize-controller build options +kustomize_flags=("--load-restrictor=LoadRestrictionsNone") +kustomize_config="kustomization.yaml" + +# skip Kubernetes Secrets due to SOPS fields failing validation +kubeconform_flags=("-skip=Secret") +kubeconform_config=("-strict" "-ignore-missing-schemas" "-schema-location" "default" "-schema-location" "/tmp/flux-crd-schemas" "-verbose") + +echo "INFO - Downloading Flux OpenAPI schemas" +mkdir -p /tmp/flux-crd-schemas/master-standalone-strict +curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict + +find . -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; + do + echo "INFO - Validating $file" + yq e 'true' "$file" > /dev/null +done + +echo "INFO - Validating hub cluster" +find ./hub -maxdepth 1 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; + do + kubeconform "${kubeconform_flags[@]}" "${kubeconform_config[@]}" "${file}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done + +echo "INFO - Validating kustomize overlays" +find . -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; + do + echo "INFO - Validating kustomization ${file/%$kustomize_config}" + kustomize build "${file/%$kustomize_config}" "${kustomize_flags[@]}" | \ + kubeconform "${kubeconform_flags[@]}" "${kubeconform_config[@]}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done