search

yannh / kubeconform

A FAST Kubernetes manifests validator, with support for Custom Resources!
Apache License 2.0
2.23k stars 124 forks source link

Adding Helm plugin and pre-commit #155

Closed jtyr closed 1 year ago

jtyr commented 1 year ago

This PR is adding the possibility to use kubeconform to validate Helm charts via Helm plugin or via pre-commit. You can test both from my feature branch like this:

# Create Helm registry repo
mkdir -p /tmp/test/charts
cd /tmp/test
git init
cat <<END > .pre-commit-config.yaml
repos:
  - repo: https://github.com/jtyr/kubeconform
    rev: 2097831d98d24f2fb1fb3c2c134b134b42ac46c1
    hooks:
      - id: kubeconform-helm
        name: Kubeconform Helm (1.23.0)
        verbose: true
        args:
          - --kubernetes-version=1.23.0
          - --verbose
          - --summary
END
git add -A
git commit -m 'Initial commit'

# Add chart
cd charts
helm create mychart

# Install Helm plugin
helm plugin install --version jtyr-helm https://github.com/jtyr/kubeconform

# Validate the chart using the Helm plugin
cd mychart
helm kubeconform --verbose --summary .

# Install the pre-commit hook (assuming pre-commit is installed)
pre-commit install

# Validate the chart using the pre-commit hook
git add -A
git commit -m 'Adding mychart'
yannh commented 1 year ago

Hi @jtyr , sorry not ignoring you - this is a larger PR and will need some time to review :bow:

EDIT: Looking more in detail: This is quite a lot of bash and python and while I'm sure it works, it's likely to contain edge cases and bugs that are likely to require maintenance in the future, and I am not sure I would want to take that part over.

From a quick read: is there a strong advantage of hosting this helm plugin in the same repository as kubeconform? Is this something that you could host in a separate repo? That would likely make the maintenance story easier - what do you think?

Note that if this works well, is maintained and gets some traction it is something we could definitely link to in the Readme.

jtyr commented 1 year ago

I understand that the amount of the code might look extensive but in reality it isn't Half of the code is handling the command line arguments which is trivial. There already is some Python code in this repo (the openapi2jsonschema.py script) so I thought that one more script won't be a problem. I can always help you with the future reviews/testing if you mention me in the PR.

yannh commented 1 year ago

@jtyr I do appreciate the contribution - for now is it possible for this to live in a separate repo? It's possible I might reconsider merging this in the future, but unless there is a need for the plugin to live next to kubeconform, I feel it might be better if this was to live in a separate repo for now. :pray: