search

elmy-team / CRDs-catalog

Popular Kubernetes CRDs (CustomResourceDefinition) in JSON schema format.
MIT License
3 stars 2 forks source link

CRDs validation for ArgoCD fails using `kubeconform`: could not find schema for CustomResourceDefinition #21

Closed lorenzophys closed 4 months ago

lorenzophys commented 4 months ago

Hello, I am trying to validate Argocd CRDs with kubeconform, but I encounter a series of errors:

{
  "resources": [
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "applications.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    },
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "applicationsets.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    },
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "appprojects.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    }
]
...

I am using the original repo as the CRD schema source, but I can see it is not maintained anymore.

The command I am running is:

helm secrets template "$dir" --values "$dir/values.yaml" --values "$dir/secret-values.yaml" | kubeconform -summary -output json -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'

Can you help me figure out why kubeconform doesn't find the schemas?

EDIT: It was not obvious when I opened the issue, but I am using the official argocd helm chart. Here are the step to reproduce the errors:

  1. helm repo add argo https://argoproj.github.io/argo-helm
  2. helm template argo/argo-cd | kubeconform -summary -output json -schema-location default -schema-location 'https://raw.githubusercontent.com/elmy-team/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'

The output I get is:

{
  "resources": [
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "appprojects.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    },
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "applicationsets.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    },
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "applications.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    }
  ],
  "summary": {
    "valid": 50,
    "invalid": 0,
    "errors": 3,
    "skipped": 0
  }
}
julie-garrone commented 4 months ago

Hello ! You can take a look at this issue https://github.com/yannh/kubeconform/issues/51 and add -schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}/{{.ResourceKind}}.json" to your kubeconform command as describe here.

lorenzophys commented 4 months ago

Hello @julie-garrone , the -schema-location you suggested is the default one and I am already using it. My problem is with the three CRDs I mentioned.

Since I can see that the crds definition are in this repo ](https://github.com/elmy-team/CRDs-catalog/tree/main/argoproj.io), then maybe the problem is related with those schemas that need to be updated?

userbradley commented 4 months ago

Hi, It seems your command is pointing to Datree's repo

helm secrets template "$dir" --values "$dir/values.yaml" --values "$dir/secret-values.yaml" | kubeconform -summary -output json -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'

Try

helm secrets template "$dir" --values "$dir/values.yaml" --values "$dir/secret-values.yaml" | kubeconform -summary -output json -schema-location default -schema-location 'https://raw.githubusercontent.com/elmy-team/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'
lorenzophys commented 4 months ago

Hello @userbradley , the errors remain: after all the last update in the argoproj.io directory is from 4 months ago from the old repo, so there has been no change since the fork.

userbradley commented 4 months ago

Can you share some of your manifests and I'll give it a go my side too

lorenzophys commented 4 months ago

@userbradley the manifests I am using come from the argocd helm chart: I just use my own values.

To reproduce:

  1. helm repo add argo https://argoproj.github.io/argo-helm
  2. helm template argo/argo-cd | kubeconform -summary -output json -schema-location default -schema-location 'https://raw.githubusercontent.com/elmy-team/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'

The output I get is:

{
  "resources": [
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "appprojects.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    },
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "applicationsets.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    },
    {
      "filename": "stdin",
      "kind": "CustomResourceDefinition",
      "name": "applications.argoproj.io",
      "version": "apiextensions.k8s.io/v1",
      "status": "statusError",
      "msg": "could not find schema for CustomResourceDefinition"
    }
  ],
  "summary": {
    "valid": 50,
    "invalid": 0,
    "errors": 3,
    "skipped": 0
  }
}
userbradley commented 4 months ago

@lorenzophys I see what the issue is, and it's quite funny when you think about it.

We dont have the spec of how you define a CRD in the repo haha. I removed the CustomResourceDefinition from the helm chart and now I get the below

{
  "resources": [],
  "summary": {
    "valid": 50,
    "invalid": 0,
    "errors": 0,
    "skipped": 0
  }
}

I will work on a fix for this upstream (eg: Opening a PR in this repo to add the CRD spec)

As this is also an open source project, feel free to add it your self too!

CyberHippo commented 4 months ago

Hi @lorenzophys ,

As suggested by @julie-garrone, you could use the following command which basically tells kubeconform to use our CRD catalog for "community" CRDs as well as the yannh CRD catalog for native kubernetes resources: helm template argo/argo-cd | kubeconform -summary -output json -schema-location default -schema-location 'https://raw.githubusercontent.com/elmy-team/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}/{{.ResourceKind}}.json"

{
  "resources": [],
  "summary": {
    "valid": 53,
    "invalid": 0,
    "errors": 0,
    "skipped": 0
  }
}
lorenzophys commented 4 months ago

@CyberHippo , thank you, this is the right command!

I close the issue :)