Make kubeval hermetic

GoogleContainerTools · Apr 19, 2021 · db461f8 · db461f8
1 parent 69f7868
commit db461f8
Show file tree

Hide file tree

Showing 6 changed files with 95,951 additions and 50 deletions.
diff --git a/examples/kubeval/simple/README.md b/examples/kubeval/simple/README.md
@@ -1,31 +1,30 @@
-# Kubeval
+# kubeval: simple example
 
 The `kubeval` KRM config function validates Kubernetes resources using kubeval.
 Learn more on the [kubeval website].
 
-This example invokes the kubeval function against Kubernetes v1.18.0.
+This example invokes the kubeval function against the builtin Kubernetes
+v1.19.8 schema.
 
 ## Function invocation
 
 Get this example and try it out by running the following commands:
 
-<!-- TODO: no --network. See: https://github.com/GoogleContainerTools/kpt/issues/1621 -->
-
 ```sh
 kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/kubeval .
-kpt fn run kubeval --network
+kpt fn run kubeval
 ```
 
 ## Expected Results
 
 This should give the following output:
 
 ```sh
-[ERROR] Invalid type. Expected: [integer,null], given: string in object 'v1/ReplicationController//bob' in file example-config.yaml in field spec.replicas
+[ERROR] Invalid type. Expected: [integer,null], given: string in object 'v1/ReplicationController//bob' in file resources.yaml in field spec.replicas
 error: exit status 1
 ```
 
-In the `example-config.yaml` file, replace the value of `spec.replicas`
+In the `resources.yaml` file, replace the value of `spec.replicas`
 with an integer to pass validation and rerun the command. This will return
 success (no output).
 

diff --git a/examples/kubeval/simple/fn-config.yaml b/examples/kubeval/simple/fn-config.yaml
@@ -6,7 +6,4 @@ metadata:
     config.k8s.io/function: |
       container:
         image: gcr.io/kpt-fn/kubeval:unstable
-        network: true
     config.kubernetes.io/local-config: 'true'
-data:
-  schema_location: https://kubernetesjsonschema.dev/
diff --git a/functions/ts/kubeval/build/kubeval.Dockerfile b/functions/ts/kubeval/build/kubeval.Dockerfile
@@ -1,6 +1,15 @@
+FROM python:3.9-alpine3.12 as parser
+
+RUN pip install --no-cache-dir openapi2jsonschema
+
+COPY openapi.json /home/
+COPY scripts/preprocess.py /home/
+
+RUN python /home/preprocess.py /home/openapi.json | openapi2jsonschema --kubernetes --expanded --stand-alone -o /home/master-standalone file:///dev/stdin
+
 FROM node:14.15-alpine3.12 as builder
 
-ARG KUBEVAL_VERSION="0.15.0"
+ARG KUBEVAL_VERSION="v0.16.1"
 RUN apk add curl && \
     curl -sSLf https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-linux-amd64.tar.gz | \
     tar xzf - -C /usr/local/bin
@@ -27,16 +36,18 @@ RUN npm run build && \
 
 FROM node:14.15-alpine3.12
 
+COPY --from=parser /home/master-standalone/ /home/master-standalone/
+
+COPY --from=builder /home/node/app /home/node/app
+
+COPY --from=builder /usr/local/bin /usr/local/bin
+
 # Run as non-root user as a best-practices:
 # https://github.com/nodejs/docker-node/blob/master/docs/BestPractices.md
 USER node
 
 WORKDIR /home/node/app
 
-COPY --from=builder /home/node/app /home/node/app
-
-COPY --from=builder /usr/local/bin /usr/local/bin
-
 ENV PATH /usr/local/bin:$PATH
 
 ENTRYPOINT ["node", "/home/node/app/dist/kubeval_run.js"]