Skip to content

Kustomize Namespace #273

Kustomize Namespace

Kustomize Namespace #273

# vim:ts=2:sts=2:sw=2:et
#
# Author: Hari Sekhon
# Date: 2022-08-18 12:36:51 +0100 (Thu, 18 Aug 2022)
#
# https://github.com/HariSekhon/Kubernetes-configs
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/HariSekhon
#
---
name: Kustomize Namespace
on:
push:
branches:
- master
paths:
- '*.yaml'
- .github/workflows/kustomize-namespace.yaml
- .github/actions/install-kustomize/action.yaml
- .github/actions/kustomizations-materizalize/action.yaml
pull_request:
branches:
- master
paths:
- '*.yaml'
- .github/workflows/kustomize-namespace.yaml
- .github/actions/install-kustomize/action.yaml
- .github/actions/kustomizations-materialize/action.yaml
workflow_dispatch: # needs to be in default branch before you get the UI option to manually run though
inputs:
debug:
type: boolean
required: false
default: false
schedule:
- cron: '0 0 * * 1'
permissions:
contents: read
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
defaults:
run:
shell: bash -euxo pipefail {0}
env:
DEFAULT_NAMESPACES_REGEX: 'kube-system|default'
DEBUG: ${{ github.event.inputs.debug == true || '' }}
jobs:
kustomize-namespace:
name: Kustomize Namespace
runs-on: ubuntu-latest
steps:
- name: Environment
run: env | sort
- uses: actions/checkout@v3
- uses: ./.github/actions/install-kustomize
- uses: ./.github/actions/kustomizations-materialize
- name: Check Namespace Object Created
run: |
if [ -n "${DEBUG:-}" ]; then
set -x
fi
for yaml in */*/kustomization.yaml.materialized; do
echo "Checking $yaml"
if ! grep -Eq '^kind[[:space:]]*:[[:space:]]*Namespace[[:space:]]*$' "$yaml"; then
# if there are any namespaces defined that are not the readily available default or kube-system, then raise an alert
# this may need to be reconsidered for apps where the namespace is defined in a separate kustomization to avoid duplicate management warnings in ArgoCD
if grep -E '^[[:space:]]+namespace[[:space:]]*:[[:space:]]*.+' |
grep -Ev "^[[:space:]]+namespace[[:space:]]*:[[:space:]]*($DEFAULT_NAMESPACES_REGEX)[[:space:]]*$" |
grep -q .; then
echo "WARNING: $yaml has non-default namespaces in use but they are not defined"
exit 1
fi
fi
done