Support KRM input

[aabouzaid]

Kubeconform could be used as a validator plugin in Kustomize (it's built into kubectl since v1.14)

All needed is just support KRM as input to Kubeconform.

I will create a PR for you if the feature is accepted.

[yannh]

Can you describe the implementation you have in mind? It would need a new flag to specify that the stdin input is in a different format, and a new output format to output the resource again? I m not against it in principle but i feel this might be non trivial to implement? Could you describe how this could work? Thanks! ❤️

[aabouzaid]

Hi Yann 👋

I'm thinking in a simpler impelmentation where Kubeconform will detect the type of STDIN, and if it's ResourceList, it will process the values of the items key as files.

I already did something similar for SopsSecretGenerator

apiVersion: config.kubernetes.io/v1
kind: ResourceList
metadata:
  name: krm-function-input
items:
- apiVersion: goabout.com/v1beta1
  kind: SopsSecretGenerator
  metadata:
    annotations:
      config.kubernetes.io/function: |
        exec:
          path: SopsSecretGenerator
      config.kubernetes.io/local-config: 'true'
      config.k8s.io/id: '1'
    name: secret-from-file
  disableNameSuffixHash: true
  files:
    - testdata/file.txt
- apiVersion: goabout.com/v1beta1
  kind: SopsSecretGenerator
  metadata:
    annotations:
      config.kubernetes.io/function: |
        exec:
          path: SopsSecretGenerator
      config.kubernetes.io/local-config: 'true'
      config.k8s.io/id: '2'
    name: secret-from-env
  disableNameSuffixHash: true
  envs:
    - testdata/vars.env

The ResourceList manifest is generated automatically by Kustomize.

[yannh]

If you think you can do this with reasonable effort maybe give it a shot... maybe push early, before writing tests, so I can review the implementation?

[aabouzaid]

@yannh here is the PoC #170
Just 1 method that parses the Stdin content.