chore(Kubeconform): Update (#113)

ArthurVardevanyan · web-flow · commit 3e644a537644 · 2024-12-17T15:19:58.000-05:00
diff --git a/ansible/playbooks/desktop/kubernetes.yaml b/ansible/playbooks/desktop/kubernetes.yaml
@@ -62,7 +62,7 @@
 
     - name: Download Kubeconform
       get_url:
-        url: https://github.com/yannh/kubeconform/releases/download/v0.6.2/kubeconform-linux-amd64.tar.gz
+        url: https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-amd64.tar.gz
         dest: /tmp/kubeconform-linux-amd64.tar.gz
       check_mode: false
 
diff --git a/ansible/playbooks/laptop/kubernetes.yaml b/ansible/playbooks/laptop/kubernetes.yaml
@@ -74,7 +74,7 @@
 
     - name: Download Kubeconform
       get_url:
-        url: https://github.com/yannh/kubeconform/releases/download/v0.6.2/kubeconform-linux-arm64.tar.gz
+        url: https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-arm64.tar.gz
         dest: /tmp/kubeconform-linux-arm64.tar.gz
       check_mode: false
 
diff --git a/ansible/playbooks/vscode-server/kubernetes.yaml b/ansible/playbooks/vscode-server/kubernetes.yaml
@@ -62,7 +62,7 @@
 
     - name: Download Kubeconform
       get_url:
-        url: https://github.com/yannh/kubeconform/releases/download/v0.6.2/kubeconform-linux-amd64.tar.gz
+        url: https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-amd64.tar.gz
         dest: /tmp/kubeconform-linux-amd64.tar.gz
       check_mode: false
 
diff --git a/containers/toolbox/containerfile b/containers/toolbox/containerfile
@@ -12,7 +12,7 @@ ENV \
   GO_VERSION=1.23.3 \
   GH_VERSION=2.62.0 \
   # 0.6.3 Not Working
-  KUBECONFORM_VERSION=0.6.2  \
+  KUBECONFORM_VERSION=0.6.7  \
   MARKDOWNLINT_CLI_VERSION=0.43.0 \
   PRETTIER_CLI_VERSION=3.3.3 \
   HOME=/tmp \
diff --git a/containers/udi/containerfile b/containers/udi/containerfile
@@ -13,7 +13,7 @@ ENV \
   GO_VERSION=1.23.3 \
   GH_VERSION=2.62.0 \
   # 0.6.3 Not Working
-  KUBECONFORM_VERSION=0.6.2  \
+  KUBECONFORM_VERSION=0.6.7  \
   MARKDOWNLINT_CLI_VERSION=0.43.0 \
   PRETTIER_CLI_VERSION=3.3.3 \
   PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin \
diff --git a/kubernetes/ceph/base/scc.yaml b/kubernetes/ceph/base/scc.yaml
@@ -17,7 +17,7 @@ allowHostPID: false
 allowHostNetwork: false
 # set to true if running rook with the provider as host
 allowHostPorts: false
-priority:
+priority: 0
 allowedCapabilities: ["MKNOD"]
 allowHostIPC: true
 readOnlyRootFilesystem: false
@@ -61,9 +61,11 @@ allowPrivilegedContainer: true
 allowHostNetwork: true
 # This need to be set to true as we use HostPath
 allowHostDirVolumePlugin: true
-priority:
+priority: 0
 # SYS_ADMIN is needed for rbd to execute rbd map command
 allowedCapabilities: ["SYS_ADMIN"]
+defaultAddCapabilities: []
+requiredDropCapabilities: []
 # Needed as we run liveness container on daemonset pods
 allowHostPorts: true
 # Needed as we are setting this in RBD plugin pod
diff --git a/kubernetes/kubevirt/base/hyperconverged.yaml b/kubernetes/kubevirt/base/hyperconverged.yaml
@@ -2,17 +2,20 @@
 kind: HyperConverged
 metadata:
   annotations:
-    deployOVS: "false"
-    argocd.argoproj.io/sync-wave: "2"
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  name: kubevirt-hyperconverged
+    argocd.argoproj.io/sync-wave: "2"
+    deployOVS: "false"
+  name: kubevirt-hyperconverged\
   namespace: kubevirt-hyperconverged
   labels:
     app: kubevirt-hyperconverged
+    argocd.argoproj.io/instance: kubevirt
 spec:
   virtualMachineOptions:
     disableFreePageReporting: false
     disableSerialConsoleLog: true
+  higherWorkloadDensity:
+    memoryOvercommitPercentage: 100
   liveMigrationConfig:
     allowAutoConverge: false
     allowPostCopy: false
@@ -33,15 +36,18 @@ spec:
     deployTektonTaskResources: false
     enableCommonBootImageImport: true
     withHostPassthroughCPU: false
+    downwardMetrics: false
     disableMDevConfiguration: false
     enableApplicationAwareQuota: false
     deployKubeSecondaryDNS: false
     nonRoot: true
     alignCPUs: false
     enableManagedTenantQuota: false
+    primaryUserDefinedNetworkBinding: false
     deployVmConsoleProxy: false
     persistentReservation: false
     autoResourceLimits: false
+    deployKubevirtIpamController: false
   workloadUpdateStrategy:
     batchEvictionInterval: 1m0s
     batchEvictionSize: 10
diff --git a/main.bash b/main.bash
@@ -69,10 +69,12 @@ test_overlays() {
     done
 
     echo "Run KubeConform on Yaml's"
-    kubeconform -n 16 -verbose --summary -ignore-missing-schemas \
-      -schema-location="../kubernetes-json-schema/master-standalone-strict/{{.ResourceKind}}{{.KindSuffix}}.json" \
+    #  -ignore-missing-schemas # -debug
+    kubeconform -n 16 -verbose --summary -strict \
+      -schema-location="../kubernetes-json-schema/master-standalone-strict/{{.ResourceKind}}-{{.Group}}-{{.ResourceAPIVersion}}.json" \
+      -schema-location 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/{{.ResourceKind}}{{.KindSuffix}}.json' \
+      -schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}/{{.ResourceKind}}.json" \
       -output text "${DIR}" | grep -v "is valid"
-
   else
     echo "Vault Variables Missing"
     exit 1
diff --git a/okd/okd-configuration/components/scc/anyuid_scc.yaml b/okd/okd-configuration/components/scc/anyuid_scc.yaml
@@ -8,9 +8,9 @@ allowHostPID: false
 allowHostPorts: false
 allowPrivilegeEscalation: true
 allowPrivilegedContainer: false
-allowedCapabilities: null
+allowedCapabilities: []
 apiVersion: security.openshift.io/v1
-defaultAddCapabilities: null
+defaultAddCapabilities: []
 fsGroup:
   type: RunAsAny
 groups:
diff --git a/okd/okd-configuration/overlays/sandbox/kustomization.yaml b/okd/okd-configuration/overlays/sandbox/kustomization.yaml
@@ -29,9 +29,6 @@ patches:
       - op: replace
         path: /spec/dnsNames/0
         value: "*.apps.okd.sandbox.arthurvardevanyan.com"
-      - op: replace
-        path: /spec/dnsNames/1
-        value: "*.sandbox.arthurvardevanyan.com"
   - target:
       kind: MachineConfig
       name: 71-mount-storage-worker
diff --git a/tekton/base/overlay-test.yaml b/tekton/base/overlay-test.yaml
@@ -103,8 +103,11 @@ spec:
               fi
         done
 
-        kubeconform -n 16 -verbose --summary -ignore-missing-schemas \
-          -schema-location="../kubernetes-json-schema/master-standalone-strict/{{.ResourceKind}}{{.KindSuffix}}.json" \
+        #  -ignore-missing-schemas # -debug
+        kubeconform -n 16 -verbose --summary -strict \
+          -schema-location="../kubernetes-json-schema/master-standalone-strict/{{.ResourceKind}}-{{.Group}}-{{.ResourceAPIVersion}}.json" \
+          -schema-location 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/{{.ResourceKind}}{{.KindSuffix}}.json' \
+          -schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{.NormalizedKubernetesVersion}}/{{.ResourceKind}}.json" \
           -output text "${DIR}" | grep -v "is valid"
 
   volumes:
