search

datreeio / datree

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
https://datree.io
Apache License 2.0
6.39k stars 363 forks source link

Create MVP for CRD support #460

Closed eyarz closed 2 years ago

eyarz commented 2 years ago

We want to make the CRD support experience more "natively" for our users. Because the majority of users are using public CRDs, we want to start cataloging popular CRDs for our schema validation step.

The POC will be to provide out of the box support for Argo:

  1. I created this public repo and I added all Argo's CRDs to it.
  2. and ran datree test argo-cd.yaml --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/master/argo/{{ .KindSuffix }}_{{ .ResourceAPIVersion }}.json'.
  3. argo-cd.yaml is passing schema validation because it was found in the CRDs-catalog repo.

To make it even more seamless to the user, we can integrate step 2' into our CLI.
This means that every execution of datree will run the following flags by default: --schema-location default --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/master/argo/{{ .KindSuffix }}_{{ .ResourceAPIVersion }}.json'

myishay commented 2 years ago

One small change, after reviewing kubeconform's README it seems like the correct schema-location should be 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/master/argo/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json'

(just changed KindSuffix with ResourceKind)

Thanks @shmuelsa for pointing it out to.