task: move from kubeval to kubeconform (#73)

In the process I also spotted that we're not actually linting/validating
all our schemas, since we run helm template without any values, it's run
without ingress and hpa enabled, so this PR also adds values files which
causes all template files to be exercised.

.github/helmvalues/unleash-edge/unleash-edge-values.yaml

@@ -0,0 +1,7 @@
+autoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 4
+
+ingress:
+  enabled: true

.github/kubeconform.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# use kubeconform to validate helm generated kubernetes manifests
+#
+
+set -o errexit
+set -o pipefail
+
+echo "Running for K8S schema version: $KUBERNETES_VERSION with Kube conform: $KUBECONFORM_VERSION"
+# install kubeconform
+curl --silent --show-error --fail --location --output /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/"${KUBECONFORM_VERSION}"/kubeconform-linux-amd64.tar.gz
+sudo tar -C /usr/local/bin -xf /tmp/kubeconform.tar.gz kubeconform
+
+mkdir -p results
+echo "Adding bitnami repo so dependency building succeeds"
+helm repo add bitnami https://charts.bitnami.com/bitnami
+echo "Repo added"
+CHART_DIRS="$(git diff --find-renames --name-only "$(git rev-parse --abbrev-ref HEAD)" remotes/origin/main -- charts | grep '[cC]hart.yaml' | sed -e 's#/[Cc]hart.yaml##g')"
+for CHART_DIR in ${CHART_DIRS}; do
+  echo "helm dependency build..."
+  helm dependency build "${CHART_DIR}"
+
+  echo "kubeconforming ${CHART_DIR##charts/} chart ..."
+  helm template "${CHART_DIR}" -f ./"${CHART_DIR}"/ci/"${CHART_DIR##charts/}"-values.yaml | kubeconform -kubernetes-version "${KUBERNETES_VERSION}" --output=tap > results/"${CHART_DIR##charts/}"-"${KUBERNETES_VERSION}"-result.tap
+done
+
+exit 0

.github/workflows/ci.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Codespell
         uses: codespell-project/actions-codespell@master
         with:
@@ -22,26 +22,27 @@ jobs:
           check_hidden: true
 
   lint-chart:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@v3
         with:
-          version: v3.8.1
-      - uses: actions/setup-python@v2
+          version: v3.11.1
+      - uses: actions/setup-python@v4
         with:
-          python-version: 3.7
+          python-version: 3.9
+          check-latest: true
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2.3.1
       - name: Run chart-testing (lint)
         run: ct lint --config .github/ct.yaml
 
   super-linter:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
@@ -59,40 +60,51 @@ jobs:
           VALIDATE_JSCPD: false
           VALIDATE_KUBERNETES_KUBEVAL: false
           VALIDATE_YAML: false
-
-  kubeval-chart:
-    runs-on: ubuntu-20.04
+  kubeconform:
+    runs-on: ubuntu-latest
     needs:
       - codespell
-      - lint-chart
       - super-linter
+      - lint-chart
     strategy:
       matrix:
         k8s:
-          - v1.22.11
-          - v1.23.8
-          - v1.24.2
+          - 1.23.17
+          - 1.24.11
+          - 1.25.7
+          - 1.26.2
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Fetch history
-        run: git fetch --prune --unshallow
-      - name: Run kubeval
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup helm
+        uses: azure/setup-helm@v3
+        with:
+          version: 3.11.1
+      - name: Run kubeconform tests
+        run: .github/kubeconform.sh
         env:
           KUBERNETES_VERSION: ${{ matrix.k8s }}
-        run: .github/kubeval.sh
+          KUBECONFORM_VERSION: v0.6.1
+      - name: Create test summary
+        uses: test-summary/action@v2
+        with:
+          paths: "./results/*.tap"
+        if: always()
 
   install-chart:
     name: install-chart
     runs-on: ubuntu-20.04
     needs:
-      - kubeval-chart
+      - kubeconform
     strategy:
       matrix:
         k8s:
-          - v1.22.15
-          - v1.23.12
-          - v1.24.6
+          - v1.23.13
+          - v1.24.7
+          - v1.25.3
+          - v1.26.2
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -101,12 +113,13 @@ jobs:
       - name: Set up Helm
         uses: azure/setup-helm@v1
         with:
-          version: v3.8.1
+          version: v3.11.1
       - uses: actions/setup-python@v4
         with:
-          python-version: 3.7
+          python-version: 3.9
+          check-latest: true
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2.3.1
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
@@ -115,7 +128,7 @@ jobs:
             echo "changed=true" >> "$GITHUB_OUTPUT"
           fi
       - name: Create kind cluster
-        uses: helm/kind-action@v1.3.0
+        uses: helm/kind-action@v1.5.0
         if: steps.list-changed.outputs.changed == 'true'
         with:
           config: .github/kind-config.yaml

.github/workflows/release.yaml

@@ -10,23 +10,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Fetch history
-        run: git fetch --prune --unshallow
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
       - name: Configure Git
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "[email protected]"
 
       - name: Install Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@v3
         with:
-          version: v3.5.2
+          version: 3.11.1
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.2.0
+        uses: helm/chart-releaser-action@v1.5.0
         with:
           charts_repo_url: https://docs.getunleash.io/helm-charts
         env:

charts/unleash-proxy/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.2
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/unleash-proxy/ci/unleash-proxy-values.yaml

@@ -0,0 +1,10 @@
+ingress:
+  enabled: true
+
+autoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 4
+
+edge:
+  enable: true

charts/unleash-proxy/templates/configmap.yaml

@@ -0,0 +1,10 @@
+---
+{{- if .Values.edge.enable }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: edge-features
+data:
+  features.json: |-
+    {{ .Files.Get "features.json" | indent 4}}
+{{- end}}

charts/unleash-proxy/templates/deployment.yaml

@@ -51,7 +51,11 @@ spec:
               value: "{{ join "," .Values.proxy.clientKeys }}"
             {{- end }}
             - name: UNLEASH_URL
-              value: "{{ .Values.proxy.serverHost }}"
+              {{- if .Values.edge.enable }}
+              value: "http://localhost:3063/api"
+              {{- else }}
+              value: {{ .Values.proxy.serverHost }}"
+              {{- end }}
            {{- if .Values.proxy.logLevel }}
             - name: LOG_LEVEL
               value: "{{ .Values.proxy.logLevel }}"
@@ -93,6 +97,46 @@ spec:
               port: http
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+        {{- if .Values.edge.enable }}
+        - name: unleash-edge
+          args:
+            - "offline"
+          env:
+            - name: TOKENS
+              value: {{ .Values.proxy.apiToken }}
+            - name: BOOTSTRAP_FILE
+              value: /data/config/features.json
+          image: "unleashorg/unleash-edge:v0.5.1"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 3063
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /internal-backstage/health
+              port: http
+          readinessProbe:
+            httpGet:
+              port: http
+              path: /internal-backstage/health
+          resources:
+            limits:
+              cpu: 50m
+              memory: 32Mi
+            requests:
+              cpu: 20m
+              memory: 32Mi
+          volumeMounts:
+            - mountPath: "/data/config"
+              name: edge-features
+        {{- end }}
+      {{- if .Values.edge.enable }}
+      volumes:
+        - name: edge-features
+          configMap:
+            name: edge-features
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/unleash-proxy/templates/hpa.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "unleash-proxy.fullname" . }}
@@ -17,12 +17,17 @@ spec:
     - type: Resource
       resource:
         name: cpu
-        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
     {{- end }}
     {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
     - type: Resource
       resource:
         name: memory
-        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+        container: application
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
     {{- end }}
 {{- end }}

charts/unleash-proxy/templates/tests/test-connection.yaml

@@ -11,5 +11,7 @@ spec:
     - name: wget
       image: busybox
       command: ['wget']
-      args: ['{{ include "unleash-proxy.fullname" . }}:{{ .Values.service.port }}']
+      args: ['-O -',
+             "--header='Authorization: {{ .Values.proxy.clientKeys | first }}'",
+             '{{ include "unleash-proxy.fullname" . }}:{{ .Values.service.port }}/proxy/health']
   restartPolicy: Never

charts/unleash-proxy/values.yaml

@@ -95,6 +95,8 @@ existingSecrets:
   #       name: secretname
   #       key: secretkey
 
+edge:
+  enable: false
 proxy:
   serverHost: http://unleash:4242/api
   apiToken: "default:development.unleash-insecure-api-token"

charts/unleash/Chart.yaml

@@ -15,4 +15,4 @@ sources:
   - https://github.com/Unleash/unleash
   - https://github.com/Unleash/helm-charts
 type: application
-version: 2.7.7
+version: 2.8.0

charts/unleash/ci/unleash-values.yaml

@@ -0,0 +1,7 @@
+ingress:
+  enabled: true
+
+autoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 4