我有一组K8s YAML描述符作为项目的一部分,我正在使用kustomization来构建它们。我还使用 GitOps 对我的 K8s 集群进行基于拉取的部署。
我现在想为我的 YAML 文件添加一些测试,以便在出现任何错误时,我想避免或阻止 Flux 将我的更改拉入集群。所以基本上我想为我的 YAML 文件做一些单元测试。我遇到了库贝瓦尔,这可以很好地满足我的目的。我只是不确定如何使用它。
有人已经尝试过了吗?我想基本上做以下几点:
-
一旦我将一些 YAML 文件推送到我的存储库中,Kubeval 就会启动并验证我指定的一组文件夹中的所有 YAML 文件
-
如果所有 YAML 文件都通过了 lint 验证,那么我想进入下一阶段,在该阶段调用 kustomize 来构建部署 YAML。
-
如果 YAML 文件未通过 lint 验证,则我的 CI 失败,应该什么都不会发生
关于我如何做到这一点的任何想法?
由于我的项目托管在 GitHub 上,因此我能够使用 GitHub 操作和 kube-tools 获得我想要的东西
所以基本上这就是我所做的!
-
在我的GitHub项目中,在project-root/.github/workflows/main.yml下添加了一个main.yaml
-
我的 main.yaml 的内容是:
名称: ValidateKubernetesYAML
branches: [ master ] pull_request: branches: [ master ] runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Kubeval uses: stefanprodan/kube-tools@v1.2.0 with: kubectl: 1.16.2 kustomize: 3.4.0 helm: 2.16.1 helmv3: 3.0.0 command: | echo "Run kubeval" kubeval -d base,dev,production --force-color --strict --ignore-missing-schemas
现在,当有人向 master 发出拉取请求时,此验证就会启动,如果失败,更改不会提升到主分支,这就是我想要的!
以下是此类验证的输出:
Run kubeval
WARN - Set to ignore missing schemas
PASS - base/application/plant-simulator-deployment.yaml contains a valid Deployment
PASS - base/application/plant-simulator-ingress-service.yaml contains a valid Ingress
PASS - base/application/plant-simulator-namespace.yaml contains a valid Namespace
PASS - base/application/plant-simulator-service.yaml contains a valid Service
WARN - base/kustomization.yaml containing a Kustomization was not validated against a schema
PASS - base/monitoring/grafana/grafana-deployment.yaml contains a valid Deployment
PASS - base/monitoring/grafana/grafana-service.yaml contains a valid Service
PASS - base/monitoring/plant-simulator-monitoring-namespace.yaml contains a valid Namespace
PASS - base/monitoring/prometheus/config-map.yaml contains a valid ConfigMap
PASS - base/monitoring/prometheus/prometheus-deployment.yaml contains a valid Deployment
PASS - base/monitoring/prometheus/prometheus-roles.yaml contains a valid ClusterRole
PASS - base/monitoring/prometheus/prometheus-roles.yaml contains a valid ServiceAccount
PASS - base/monitoring/prometheus/prometheus-roles.yaml contains a valid ClusterRoleBinding
PASS - base/monitoring/prometheus/prometheus-service.yaml contains a valid Service
PASS - dev/flux-patch.yaml contains a valid Deployment
WARN - dev/kustomization.yaml containing a Kustomization was not validated against a schema
PASS - production/flux-patch.yaml contains a valid Deployment
WARN - production/kustomization.yaml containing a Kustomization was not validated against a schema