Make schema adhere to v1 spec & allow dynamic keys (#5)

* Make schema adhere to v1 spec & allow dynamic keys
* Add KinD testing workflow
* Use node openapi-schema-validator package

.github/workflows/go.yml

@@ -16,6 +16,19 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v1
 
+
+    # Validate CRD schema
+    - name: Build OpenAPI 3.0 schema from CRD
+      uses: mikefarah/yq@master
+      with:
+        cmd: yq eval-all '.components.schemas.CRD = .spec.versions[0].schema.openAPIV3Schema | select(filename == "openapi_v3.yml")' deploy/0_mc.q42.nl_servicesyncs_crd.yaml openapi_v3.yml > schema.yml
+    - run: echo "{}" > package.json && echo "{}" > package-lock.json
+    - uses: actions/setup-node@v2
+      with: { node-version: '14', cache: 'npm' }
+    - name: Validate OpenAPI definition
+      run: npm install yaml openapi-schema-validator && node validate.js
+
+    # Golang
     - name: Build
       env:
         # Format: docker.pkg.github.com/:owner/:repo_name/:image_name
@@ -39,5 +52,31 @@ jobs:
         docker push $DESTINATION_SHA
         docker push $DESTINATION_LATEST
 
+    # Kubernetes validation
+    - uses: helm/[email protected]
+      with:
+        version: "v0.11.1"
+        cluster_name: cluster1
+    - name: Debug
+      run: |
+        kubectl cluster-info
+        kubectl get pods -n kube-system
+        echo "current-context:" $(kubectl config current-context)
+        echo "environment-kubeconfig:" ${KUBECONFIG}
+    - name: Install CRD and resources
+      env:
+        REGISTRY: docker.pkg.github.com/q42/mc-robot
+        KIND_CLUSTER_NAME: cluster1
+      run: |
+        # Get docker image access (see go.yml)
+        ./kind-github.sh $GITHUB_ACTOR ${{ secrets.GITHUB_TOKEN }}
+
+        # Install resources
+        export DESTINATION_SHA="docker.pkg.github.com/${GITHUB_REPOSITORY,,}/mc-robot:$GITHUB_SHA"
+        cat deploy/* | sed  --expression "s|REPLACE_IMAGE|$DESTINATION_SHA|" | tee -a /dev/stderr | \
+        kubectl apply -f -
+        cat deploy/examples/* | \
+        kubectl apply -f -
+
     - name: Report
-      run: curl -d "repo=github.com/q42/mc-robot" https://goreportcard.com/checks
+      run: curl -d "repo=github.com/q42/mc-robot" https://goreportcard.com/checks

deploy/0_mc.q42.nl_servicesyncs_crd.yaml

@@ -27,6 +27,7 @@ spec:
     schema:
       openAPIV3Schema:
         description: ServiceSync is the Schema for the servicesyncs API
+        type: object
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -127,13 +128,15 @@ spec:
             type: object
           status:
             description: ServiceSyncStatus defines the observed state of ServiceSync
+            type: object
             properties:
               clusters:
+                x-kubernetes-preserve-unknown-fields: true
                 description: Data of all the clusters (including self)
+                type: object
               peers:
                 description: Which peers are available
                 items:
                   type: string
                 type: array
-            type: object
-        type: object
+---

deploy/1_rbac.yaml

@@ -89,4 +89,5 @@ subjects:
 roleRef:
   kind: ClusterRole
   name: mc-robot
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io
+---

deploy/2_operator.yaml

@@ -41,3 +41,4 @@ spec:
           secret:
             # create this secret with serviceaccount.json
             secretName: mc-robot-credentials
+---

deploy/examples/mc.q42.nl_v1_servicesync_cr.yaml

@@ -11,3 +11,4 @@ spec:
       - {key: app, operator: In, values: [appA, appB, appC]}
   endpointsPublishMax: 10 # optional, default = 0 for unlimited
   endpointsConfigureMax: 0 # optional, default = 0 for unlimited
+---

kind-github.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+# Based on https://kind.sigs.k8s.io/docs/user/private-registries/
+set -o errexit
+
+# desired cluster name; default is "kind"
+KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}"
+
+# create a temp file for the docker config
+echo "Creating temporary docker client config directory ..."
+DOCKER_CONFIG=$(mktemp -d)
+export DOCKER_CONFIG
+trap 'echo "Removing ${DOCKER_CONFIG}/*" && rm -rf ${DOCKER_CONFIG:?}' EXIT
+
+echo "Creating a temporary config.json"
+# This is to force the omission of credsStore, which is automatically
+# created on supported system. With credsStore missing, "docker login"
+# will store the password in the config.json file.
+# https://docs.docker.com/engine/reference/commandline/login/#credentials-store
+cat <<EOF >"${DOCKER_CONFIG}/config.json"
+{
+ "auths": { "$REGISTRY": {} }
+}
+EOF
+# login to gcr in DOCKER_CONFIG using an access token
+# https://cloud.google.com/container-registry/docs/advanced-authentication#access_token
+echo "Logging in to temporary docker client config directory ..."
+echo $2 | docker login -u $1 --password-stdin $REGISTRY
+
+# setup credentials on each node
+echo "Moving credentials to kind cluster name='${KIND_CLUSTER_NAME}' nodes ..."
+for node in $(kind get nodes --name "${KIND_CLUSTER_NAME}"); do
+  # the -oname format is kind/name (so node/name) we just want name
+  node_name=${node#node/}
+  # copy the config to where kubelet will look
+  docker cp "${DOCKER_CONFIG}/config.json" "${node_name}:/var/lib/kubelet/config.json"
+  # restart kubelet to pick up the config
+  docker exec "${node_name}" systemctl restart kubelet.service
+done
+
+echo "Done!"

openapi_v3.yml

@@ -0,0 +1,8 @@
+openapi: 3.0.1
+info:
+  title: Kubernetes CRD
+  version: 1.0.0
+paths: {}
+components:
+  schemas:
+    CRD: {} # inject CRD .spec.versions[0].schema.openAPIV3Schema here

validate.js

@@ -0,0 +1,8 @@
+const YAML = require('yaml');
+const schema = require("fs").readFileSync("schema.yml", { encoding: "utf8" });
+var OpenAPISchemaValidator = require('openapi-schema-validator').default;
+
+const validator = new OpenAPISchemaValidator({ version: 3 });
+const result = validator.validate(YAML.parse(schema));
+console.log(result);
+process.exit(result.errors.length ? 1 : 0);