k8s-218 (#837)

.github/workflows/publish-schemas.yaml

@@ -5,9 +5,17 @@ on:
   workflow_dispatch:
   schedule:
   - cron: "0 0 * * 0"
+  pull_request:
+    branches: ["main"]
+    paths: &paths
+    - ".github/workflows/publish-schemas.yaml"
+    - ".github/workflows/resources/k8s-schemas.sh"
+    - ".github/workflows/resources/k8s-schema-hacks.sh"
+    - ".github/workflows/resources/schema-hacks/*"
+    - ".github/workflows/resources/schemas/*"
   push:
     branches: ["main"]
-    paths: [".github/workflows/publish-schemas.yaml", ".github/workflows/resources/k8s-schemas.sh"]
+    paths: *paths
 
 jobs:
   publish-schemas:
@@ -27,7 +35,7 @@ jobs:
 
     - name: Setup Workflow Tools
       shell: bash
-      run: brew install kubectl yq
+      run: brew install kubectl yq jq
 
     - name: Setup Python
       uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
@@ -60,11 +68,14 @@ jobs:
       shell: bash
       run: |
         mkdir -p /home/runner/schemas/kubernetes
+        mkdir -p /home/runner/schemas/hacks
         echo 'Cython < 3.0' > /tmp/constraint.txt
         PIP_CONSTRAINT=/tmp/constraint.txt python -m pip install pyyaml==5.4.1
         pip install openapi2jsonschema
         ./.github/workflows/resources/k8s-schemas.sh
+        ./.github/workflows/resources/k8s-schema-hacks.sh
         mv /home/runner/.datree/crdSchemas/* /home/runner/schemas
+        mv ./.github/workflows/resources/schemas/* /home/runner/schemas/hacks
 
     - name: Deploy to Cloudflare Pages
       uses: cloudflare/wrangler-action@6d58852c35a27e6034745c5d0bc373d739014f7f # v3.13.0

.github/workflows/resources/k8s-schema-hacks.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+set -o errexit
+
+if [ ! -d /home/runner/.datree/crdSchemas ]; then
+  echo "CRD schema directory not found"
+  exit 1
+fi
+
+if [ ! -d ./.github/workflows/resources/schema-hacks ]; then
+  echo "CRD schema hacks directory not found"
+  exit 1
+fi
+
+runHack() {
+  local hack="$1"
+  local schemaDir="/home/runner/.datree/crdSchemas"
+
+  echo "Running hack: $(basename "$hack")"
+
+  # shellcheck disable=SC2155
+  local hackLength=$(yq '. | length' "$hack")
+
+  for ((i = 0; i < hackLength; i++)); do
+    # shellcheck disable=SC2155
+    local hackItem=$(yq ".[$i]" "$hack")
+    # shellcheck disable=SC2155
+    local hackApi=$(echo "$hackItem" | yq '.api')
+    # shellcheck disable=SC2155
+    local hackVersion=$(echo "$hackItem" | yq '.version')
+    # shellcheck disable=SC2155
+    local hackKind=$(echo "$hackItem" | yq '.kind')
+    # shellcheck disable=SC2155
+    local hackPath=$(echo "$hackItem" | yq '.replacePath')
+    # shellcheck disable=SC2155
+    local hackValue=$(echo "$hackItem" | yq '.value')
+
+    echo "Applying hack for $hackApi/$hackKind/$hackVersion at $hackPath"
+    local schemaFile="$schemaDir/${hackApi,,}/${hackKind,,}_${hackVersion,,}.json"
+    yq eval -i ".${hackPath} |= ${hackValue}" "$schemaFile"
+  done
+}
+
+for hack in ./.github/workflows/resources/schema-hacks/*.yaml; do
+  runHack "$hack"
+done

.github/workflows/resources/schema-hacks/kustomize.toolkit.fluxcd.io-v1.yaml

@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://k8s-schemas.pages.dev/hacks/schemahacks.json
+- api: kustomize.toolkit.fluxcd.io
+  version: v1
+  kind: Kustomization
+  replacePath: properties.spec.properties.retryInterval.pattern
+  value: "\"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$|^\\$\\{[A-Z_][A-Z0-9_]*\\}$\""
+- api: kustomize.toolkit.fluxcd.io
+  version: v1
+  kind: Kustomization
+  replacePath: properties.spec.properties.interval.pattern
+  value: "\"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$|^\\$\\{[A-Z_][A-Z0-9_]*\\}$\""
+- api: kustomize.toolkit.fluxcd.io
+  version: v1
+  kind: Kustomization
+  replacePath: properties.spec.properties.timeout.pattern
+  value: "\"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$|^\\$\\{[A-Z_][A-Z0-9_]*\\}$\""

.github/workflows/resources/schemas/schemahacks.json

@@ -0,0 +1,30 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "array",
+  "items": {
+    "type": "object",
+    "properties": {
+      "api": {
+        "type": "string",
+        "pattern": "^[a-zA-Z0-9.]+$"
+      },
+      "version": {
+        "type": "string",
+        "pattern": "^v[0-9]+$"
+      },
+      "kind": {
+        "type": "string",
+        "pattern": "^[a-zA-Z]+$"
+      },
+      "replacePath": {
+        "type": "string",
+        "pattern": "^properties\\.(spec\\.)?properties\\.[a-zA-Z]+\\.pattern$"
+      },
+      "value": {
+        "type": "string"
+      }
+    },
+    "required": ["api", "version", "kind", "replacePath", "value"],
+    "additionalProperties": false
+  }
+}

.trunk/trunk.yaml

@@ -61,6 +61,9 @@ lint:
   - linters: [ALL]
     paths:
     - "**/*decrypted*"
+  - linters: ["actionlint"]
+    paths:
+    - ".github/workflows/resources/**"
 
 actions:
   enabled:

kubernetes/apps/actions-runner-system/ghar-controller/ks.yaml

@@ -1,9 +1,9 @@
-# yaml-language-server: $schema=https://k8s-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+# yaml-language-server: $schema=../../../../schemas/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app ghar-controller
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: actions-runner-system
   commonMetadata:
@@ -15,8 +15,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: true
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
+  postBuild:
+    substitute:
+      APP: *app

kubernetes/apps/actions-runner-system/ghar-scale-set/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app ghar-zoo
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: actions-runner-system
   commonMetadata:
@@ -15,7 +15,7 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
   interval: 10m
   retryInterval: 1m

kubernetes/apps/adguard-home/adguard-home/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app adguard-home
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: adguard-home
   commonMetadata:
@@ -15,7 +15,7 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: ${GIT_REPO_NAME}
   wait: false
   interval: 10m
   retryInterval: 1m

kubernetes/apps/arrs/bazarr/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app bazarr
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: arrs
   commonMetadata:
@@ -15,11 +15,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
   postBuild:
     substitute:
       APP: *app

kubernetes/apps/arrs/namespace.yaml

@@ -3,6 +3,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: arrs
-  labels:
+  annotations:
     kustomize.toolkit.fluxcd.io/prune: disabled
     volsync.backube/privileged-movers: "true"

kubernetes/apps/arrs/overseerr/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app overseerr
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: arrs
   commonMetadata:
@@ -13,11 +13,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
   postBuild:
     substitute:
       APP: *app

kubernetes/apps/arrs/prowlarr/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app prowlarr
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: arrs
   commonMetadata:
@@ -16,11 +16,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
   postBuild:
     substitute:
       APP: *app

kubernetes/apps/arrs/radarr/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app radarr
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: arrs
   commonMetadata:
@@ -16,11 +16,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
   postBuild:
     substitute:
       APP: *app

kubernetes/apps/arrs/recyclarr/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app recyclarr
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: arrs
   commonMetadata:
@@ -15,11 +15,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
   postBuild:
     substitute:
       APP: *app

kubernetes/apps/arrs/sabnzbd/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app sabnzbd
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: arrs
   commonMetadata:
@@ -15,11 +15,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
   postBuild:
     substitute:
       APP: *app

kubernetes/apps/arrs/sonarr/ks.yaml

@@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app sonarr
-  namespace: flux-system
+  namespace: "${KS_NAMESPACE}"
 spec:
   targetNamespace: arrs
   commonMetadata:
@@ -16,11 +16,11 @@ spec:
   prune: true
   sourceRef:
     kind: GitRepository
-    name: home-kubernetes
+    name: "${KS_GIT_REPO_NAME}"
   wait: false
-  interval: 10m
-  retryInterval: 1m
-  timeout: 5m
+  interval: "${KS_INTERVAL}"
+  retryInterval: "${KS_RETRY_INTERVAL}"
+  timeout: "${KS_TIMEOUT}"
   postBuild:
     substitute:
       APP: *app