marco/veda
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Remove unused Chart.yaml for CloudNativePG and update validation script for Helm charts and ArgoCD applications

Browse Source
This commit is contained in:
Marco van Zijl 2025-11-09 17:27:11 +01:00
parent cac51f4416
commit 7ad6e392ef
4 changed files with 126 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
apps/cloudnative-pg-plugin/Chart.yaml
View File

8
apps/logging/loki/values.yaml
View File

@ -2,6 +2,14 @@ loki:
# Single binary deployment mode # Single binary deployment mode
deploymentMode: SingleBinary deploymentMode: SingleBinary
# Disable other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
loki: loki:
# Authentication # Authentication
auth_enabled: false auth_enabled: false

6
apps/monitoring/grafana/values.yaml
View File

@ -105,10 +105,10 @@ grafana:
# Authentication - Authentik OIDC # Authentication - Authentik OIDC
auth.generic_oauth: auth.generic_oauth:
enabled: true enabled: false # Enable after configuring secret
name: Authentik name: Authentik
client_id: grafana # TODO: Use secret client_id: grafana
client_secret: changeme # TODO: Use secret management # client_secret should be set via envValueFrom or existingSecret
scopes: openid profile email scopes: openid profile email
auth_url: https://auth.noxxos.nl/application/o/authorize/ auth_url: https://auth.noxxos.nl/application/o/authorize/
token_url: https://auth.noxxos.nl/application/o/token/ token_url: https://auth.noxxos.nl/application/o/token/

136
apps/validate-manifests.sh
View File

@ -30,27 +30,29 @@ validate_helm_chart() {
# Check if Chart.yaml exists # Check if Chart.yaml exists
if [ ! -f "$app_path/Chart.yaml" ]; then if [ ! -f "$app_path/Chart.yaml" ]; then
echo -e "${RED} ✗ No Chart.yaml found${NC}\n" echo -e "${YELLOW} → Not a Helm chart - skipping Helm validation${NC}\n"
FAILED=$((FAILED + 1)) TOTAL=$((TOTAL - 1))
return 1 return 0
fi fi
# Check if dependencies are built (build to temp location if not) # Check if dependencies are built (build to temp location if not)
local temp_dir=""
if [ -f "$app_path/Chart.yaml" ] && grep -q "dependencies:" "$app_path/Chart.yaml"; then if [ -f "$app_path/Chart.yaml" ] && grep -q "dependencies:" "$app_path/Chart.yaml"; then
if [ ! -d "$app_path/charts" ]; then if [ ! -d "$app_path/charts" ]; then
echo " → Dependencies not built - building to temporary location..." echo " → Dependencies not built - building to temporary location..."
# Create temp directory # Create temp directory
local temp_dir=$(mktemp -d) temp_dir=$(mktemp -d)
trap "rm -rf $temp_dir" EXIT
# Copy chart to temp location # Copy chart to temp location (remove trailing slash if present)
cp -r "$app_path" "$temp_dir/" local clean_path="${app_path%/}"
local temp_chart="$temp_dir/$(basename "$app_path")" cp -r "$clean_path" "$temp_dir/"
local temp_chart="$temp_dir/$(basename "$clean_path")"
# Build dependencies in temp location # Build dependencies in temp location
if ! (cd "$temp_chart" && helm dependency build > /dev/null 2>&1); then if ! (cd "$temp_chart" && helm dependency build > /dev/null 2>&1); then
echo -e "${RED} ✗ Failed to build dependencies${NC}\n" echo -e "${RED} ✗ Failed to build dependencies${NC}\n"
rm -rf "$temp_dir"
FAILED=$((FAILED + 1)) FAILED=$((FAILED + 1))
return 1 return 1
fi fi
@ -72,13 +74,57 @@ validate_helm_chart() {
# Template the chart # Template the chart
echo " → Rendering Helm templates..." echo " → Rendering Helm templates..."
if ! (cd "$app_path" && helm template "$app_name" . --namespace "$namespace" --validate > /dev/null 2>&1); then
echo -e "${RED} ✗ Helm template failed${NC}" # Try rendering with validation first (redirect to temp file to avoid hanging on large output)
(cd "$app_path" && helm template "$app_name" . --namespace "$namespace" --validate 2>&1 | head -20) local temp_output=$(mktemp)
if (cd "$app_path" && helm template "$app_name" . --namespace "$namespace" --validate > "$temp_output" 2>&1); then
template_exit=0
else
template_exit=$?
fi
if [ $template_exit -ne 0 ]; then
# Check if it's just CRD validation warnings
if grep -Eqi "(no matches for kind|ensure CRDs are installed)" "$temp_output"; then
echo -e "${YELLOW} ⚠ Template validation skipped - requires CRDs to be installed${NC}"
# Still try to render without validation
if (cd "$app_path" && helm template "$app_name" . --namespace "$namespace" > /dev/null 2>&1); then
# Rendering works without validation, this is acceptable
rm -f "$temp_output"
# Continue with other checks...
else
echo -e "${RED} ✗ Helm template rendering failed${NC}"
head -20 "$temp_output"
echo "" echo ""
rm -f "$temp_output"
FAILED=$((FAILED + 1)) FAILED=$((FAILED + 1))
return 1 return 1
fi fi
elif grep -qi "exists and cannot be imported into the current release" "$temp_output"; then
echo -e "${YELLOW} ⚠ Resource ownership validation skipped - resources may already exist in cluster${NC}"
# This is expected when resources already exist, try without validation
if (cd "$app_path" && helm template "$app_name" . --namespace "$namespace" > /dev/null 2>&1); then
rm -f "$temp_output"
# Continue with other checks...
else
echo -e "${RED} ✗ Helm template rendering failed${NC}"
head -20 "$temp_output"
echo ""
rm -f "$temp_output"
FAILED=$((FAILED + 1))
return 1
fi
else
echo -e "${RED} ✗ Helm template failed${NC}"
head -20 "$temp_output"
echo ""
rm -f "$temp_output"
FAILED=$((FAILED + 1))
return 1
fi
fi
rm -f "$temp_output"
# Validate with kubeval (if installed) # Validate with kubeval (if installed)
if command -v kubeval &> /dev/null; then if command -v kubeval &> /dev/null; then
@ -102,6 +148,11 @@ validate_helm_chart() {
echo -e "${YELLOW} ⚠ Warning: No resource requests/limits found${NC}" echo -e "${YELLOW} ⚠ Warning: No resource requests/limits found${NC}"
fi fi
# Cleanup temp directory if created
if [ -n "$temp_dir" ] && [ -d "$temp_dir" ]; then
rm -rf "$temp_dir"
fi
echo -e "${GREEN} ✓ Validation passed${NC}\n" echo -e "${GREEN} ✓ Validation passed${NC}\n"
PASSED=$((PASSED + 1)) PASSED=$((PASSED + 1))
return 0 return 0
@ -116,12 +167,18 @@ validate_argocd_app() {
echo -e "${YELLOW}[$TOTAL] Validating ArgoCD Application: $app_name${NC}" echo -e "${YELLOW}[$TOTAL] Validating ArgoCD Application: $app_name${NC}"
# Check YAML syntax # Check YAML syntax using yq or basic validation
if ! python3 -c "import yaml; yaml.safe_load(open('$app_file'))" 2>/dev/null; then if command -v yq &> /dev/null; then
if ! yq eval '.' "$app_file" > /dev/null 2>&1; then
echo -e "${RED} ✗ Invalid YAML syntax${NC}\n" echo -e "${RED} ✗ Invalid YAML syntax${NC}\n"
FAILED=$((FAILED + 1)) FAILED=$((FAILED + 1))
return 1 return 1
fi fi
elif ! grep -q "^apiVersion:" "$app_file"; then
echo -e "${RED} ✗ Invalid YAML - missing apiVersion${NC}\n"
FAILED=$((FAILED + 1))
return 1
fi
# Check for required fields # Check for required fields
local missing_fields=() local missing_fields=()
@ -146,52 +203,67 @@ validate_argocd_app() {
echo -e "${BLUE}Validating Monitoring Stack...${NC}\n" echo -e "${BLUE}Validating Monitoring Stack...${NC}\n"
# Thanos # Thanos
if [ -d "apps/monitoring/thanos" ]; then if [ -d "monitoring/thanos" ]; then
validate_helm_chart "apps/monitoring/thanos" "monitoring" validate_helm_chart "monitoring/thanos" "monitoring"
validate_argocd_app "apps/monitoring/thanos/application.yaml" validate_argocd_app "monitoring/thanos/application.yaml"
fi fi
# Prometheus # Prometheus
if [ -d "apps/monitoring/prometheus" ]; then if [ -d "monitoring/prometheus" ]; then
validate_helm_chart "apps/monitoring/prometheus" "monitoring" validate_helm_chart "monitoring/prometheus" "monitoring"
validate_argocd_app "apps/monitoring/prometheus/application.yaml" validate_argocd_app "monitoring/prometheus/application.yaml"
fi fi
# Grafana # Grafana
if [ -d "apps/monitoring/grafana" ]; then if [ -d "monitoring/grafana" ]; then
validate_helm_chart "apps/monitoring/grafana" "monitoring" validate_helm_chart "monitoring/grafana" "monitoring"
validate_argocd_app "apps/monitoring/grafana/application.yaml" validate_argocd_app "monitoring/grafana/application.yaml"
fi fi
echo -e "${BLUE}Validating Logging Stack...${NC}\n" echo -e "${BLUE}Validating Logging Stack...${NC}\n"
# Loki # Loki
if [ -d "apps/logging/loki" ]; then if [ -d "logging/loki" ]; then
validate_helm_chart "apps/logging/loki" "logging" validate_helm_chart "logging/loki" "logging"
validate_argocd_app "apps/logging/loki/application.yaml" validate_argocd_app "logging/loki/application.yaml"
fi fi
# Promtail # Promtail
if [ -d "apps/logging/promtail" ]; then if [ -d "logging/promtail" ]; then
validate_helm_chart "apps/logging/promtail" "logging" validate_helm_chart "logging/promtail" "logging"
validate_argocd_app "apps/logging/promtail/application.yaml" validate_argocd_app "logging/promtail/application.yaml"
fi fi
# Additional apps (if they exist) # Additional apps (if they exist)
echo -e "${BLUE}Validating Other Applications...${NC}\n" echo -e "${BLUE}Validating Other Applications...${NC}\n"
for app_dir in apps/*/; do for app_dir in */; do
app_name=$(basename "$app_dir") # Skip special directories
if [[ "$app_dir" == "monitoring/" ]] || [[ "$app_dir" == "logging/" ]]; then
continue
fi
# Check if it's a Helm chart
if [ -f "$app_dir/Chart.yaml" ] && [ -f "$app_dir/application.yaml" ]; then if [ -f "$app_dir/Chart.yaml" ] && [ -f "$app_dir/application.yaml" ]; then
# Skip if already validated app_name=$(basename "$app_dir")
if [[ "$app_name" != "monitoring" ]] && [[ "$app_name" != "logging" ]]; then
# Try to extract namespace from application.yaml # Try to extract namespace from application.yaml
namespace=$(grep -A 10 "destination:" "$app_dir/application.yaml" | grep "namespace:" | head -1 | awk '{print $2}') namespace=$(grep -A 10 "destination:" "$app_dir/application.yaml" | grep "namespace:" | head -1 | awk '{print $2}')
[ -z "$namespace" ] && namespace="default" [ -z "$namespace" ] && namespace="default"
validate_helm_chart "$app_dir" "$namespace" validate_helm_chart "$app_dir" "$namespace"
validate_argocd_app "$app_dir/application.yaml" validate_argocd_app "$app_dir/application.yaml"
fi fi
# Check for nested charts (like ceph/operator, ceph/cluster)
for nested_dir in "$app_dir"*/; do
if [ -f "$nested_dir/Chart.yaml" ] && [ -f "$nested_dir/application.yaml" ]; then
nested_name=$(basename "$nested_dir")
# Try to extract namespace from application.yaml
namespace=$(grep -A 10 "destination:" "$nested_dir/application.yaml" | grep "namespace:" | head -1 | awk '{print $2}')
[ -z "$namespace" ] && namespace="default"
validate_helm_chart "$nested_dir" "$namespace"
validate_argocd_app "$nested_dir/application.yaml"
fi fi
done
done done
# Summary # Summary