Fix k8s yaml errors and document how to prevent them. (#2298)

Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-09-11 08:55:27 +03:00 · 2022-09-26 12:10:10 -07:00 · 2022-09-26 12:10:10 -07:00 · a694cc90d8
commit a694cc90d8
parent 7cd6406aef
10 changed files with 183 additions and 177 deletions
--- a/cron/k8s/README.md
+++ b/cron/k8s/README.md
@ -3,6 +3,12 @@
 Currently there is no automation to sync changes to these files to the GKE cluster.
 Changes must be manually applied with `kubectl` by a user with permissions to modify the cluster.

+Before committing any changes, it is recommended to check your YAML files for errors with [yamllint](yamllint.readthedocs.io). To check all YAML files in this directory, run:
+```
+yamllint -d relaxed .
+```
+Note: `relaxed` is a more  tolerant, predefined config which ignores things like line length.
+
 ## Installing `kubectl`

 Follow instructions
--- a/cron/k8s/cii.yaml
+++ b/cron/k8s/cii.yaml
@ -26,14 +26,14 @@ spec:
        spec:
          restartPolicy: Never
          containers:
-          - name: cii-worker
-            image: gcr.io/openssf/scorecard-cii-worker:stable
-            args: ["--config=/etc/scorecard/config.yaml"]
-            imagePullPolicy: Always
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/scorecard
-                readOnly: true
+            - name: cii-worker
+              image: gcr.io/openssf/scorecard-cii-worker:stable
+              args: ["--config=/etc/scorecard/config.yaml"]
+              imagePullPolicy: Always
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/scorecard
+                  readOnly: true
          volumes:
            - name: config-volume
              configMap:
--- a/cron/k8s/controller.release.yaml
+++ b/cron/k8s/controller.release.yaml
@ -50,37 +50,37 @@ spec:
        spec:
          restartPolicy: Never
          containers:
-          - name: controller
-            image: gcr.io/openssf/scorecard-batch-controller:latest
-            args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.release.csv"]
-            imagePullPolicy: Always
-            env:
-            - name: SCORECARD_REQUEST_TOPIC_URL
-              value: "gcppubsub://projects/openssf/topics/scorecard-batch-requests-releasetest"
-            - name: SCORECARD_DATA_BUCKET_URL
-              value: "gs://ossf-scorecard-data-releasetest2"
-            # Raw results.
-            - name: SCORECARD_RAW_RESULT_DATA_BUCKET_URL
-              value: "gs://ossf-scorecard-rawdata-releasetest"
-            - name: SCORECARD_SHARD_SIZE
-              value: "5"
-            resources:
-              limits:
-                memory: 1Gi
-              requests:
-                memory: 1Gi
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/scorecard
-                readOnly: true
+            - name: controller
+              image: gcr.io/openssf/scorecard-batch-controller:latest
+              args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.release.csv"]
+              imagePullPolicy: Always
+              env:
+                - name: SCORECARD_REQUEST_TOPIC_URL
+                  value: "gcppubsub://projects/openssf/topics/scorecard-batch-requests-releasetest"
+                - name: SCORECARD_DATA_BUCKET_URL
+                  value: "gs://ossf-scorecard-data-releasetest2"
+                # Raw results.
+                - name: SCORECARD_RAW_RESULT_DATA_BUCKET_URL
+                  value: "gs://ossf-scorecard-rawdata-releasetest"
+                - name: SCORECARD_SHARD_SIZE
+                  value: "5"
+              resources:
+                limits:
+                  memory: 1Gi
+                requests:
+                  memory: 1Gi
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/scorecard
+                  readOnly: true
+            - name: worker-update
+              image: bitnami/kubectl@sha256:44468c0f5b348e6dcf5e11feb6fdcc969c874bba2856150fe50eb1aacb3bdfee
+              command:
+                - "kubectl"
+                - "rollout"
+                - "restart"
+                - "deployment/scorecard-batch-worker-releasetest"
          volumes:
            - name: config-volume
              configMap:
                name: scorecard-config
-          - name: worker-update
-            image: bitnami/kubectl@sha256:44468c0f5b348e6dcf5e11feb6fdcc969c874bba2856150fe50eb1aacb3bdfee
-            command:
-              - "kubectl"
-              - "rollout"
-              - "restart"
-              - "deployment/scorecard-batch-worker-releasetest"
--- a/cron/k8s/controller.yaml
+++ b/cron/k8s/controller.yaml
@ -50,27 +50,27 @@ spec:
        spec:
          restartPolicy: Never
          containers:
-          - name: controller
-            image: gcr.io/openssf/scorecard-batch-controller:stable
-            args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.csv"]
-            imagePullPolicy: Always
-            resources:
-              limits:
-                memory: 1Gi
-              requests:
-                memory: 1Gi
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/scorecard
-                readOnly: true
+            - name: controller
+              image: gcr.io/openssf/scorecard-batch-controller:stable
+              args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.csv"]
+              imagePullPolicy: Always
+              resources:
+                limits:
+                  memory: 1Gi
+                requests:
+                  memory: 1Gi
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/scorecard
+                  readOnly: true
+            - name: worker-update
+              image: bitnami/kubectl@sha256:44468c0f5b348e6dcf5e11feb6fdcc969c874bba2856150fe50eb1aacb3bdfee
+              command:
+                - "kubectl"
+                - "rollout"
+                - "restart"
+                - "deployment/scorecard-batch-worker"
          volumes:
            - name: config-volume
              configMap:
                name: scorecard-config
-          - name: worker-update
-            image: bitnami/kubectl@sha256:44468c0f5b348e6dcf5e11feb6fdcc969c874bba2856150fe50eb1aacb3bdfee
-            command:
-              - "kubectl"
-              - "rollout"
-              - "restart"
-              - "deployment/scorecard-batch-worker"
--- a/cron/k8s/transfer-raw.yaml
+++ b/cron/k8s/transfer-raw.yaml
@ -25,24 +25,24 @@ spec:
      template:
        spec:
          containers:
-          - name: bq-rawdata-transfer
-            image: gcr.io/openssf/scorecard-bq-transfer:latest
-            args: ["--config=/etc/scorecard/config.yaml"]
-            imagePullPolicy: Always
-            resources:
-              limits:
-                memory: 1Gi
-              requests:
-                memory: 1Gi
-            env:
-              - name: SCORECARD_BIGQUERY_TABLE
-                value: "scorecard-rawdata"
-              - name: SCORECARD_DATA_BUCKET_URL
-                value: "gs://ossf-scorecard-rawdata"
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/scorecard
-                readOnly: true
+            - name: bq-rawdata-transfer
+              image: gcr.io/openssf/scorecard-bq-transfer:latest
+              args: ["--config=/etc/scorecard/config.yaml"]
+              imagePullPolicy: Always
+              resources:
+                limits:
+                  memory: 1Gi
+                requests:
+                  memory: 1Gi
+              env:
+                - name: SCORECARD_BIGQUERY_TABLE
+                  value: "scorecard-rawdata"
+                - name: SCORECARD_DATA_BUCKET_URL
+                  value: "gs://ossf-scorecard-rawdata"
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/scorecard
+                  readOnly: true
          volumes:
            - name: config-volume
              configMap:
--- a/cron/k8s/transfer.release-raw.yaml
+++ b/cron/k8s/transfer.release-raw.yaml
@ -26,26 +26,26 @@ spec:
        spec:
          restartPolicy: OnFailure
          containers:
-          - name: bq-transfer-rawdata-releasetest
-            image: gcr.io/openssf/scorecard-bq-transfer:latest
-            args: ["--config=/etc/scorecard/config.yaml"]
-            imagePullPolicy: Always
-            env:
-            - name: SCORECARD_DATA_BUCKET_URL
-              value: "gs://ossf-scorecard-rawdata-releasetest"
-            - name: SCORECARD_BIGQUERY_TABLE
-              value: "scorecard-rawdata-releasetest"
-            - name: SCORECARD_COMPLETION_THRESHOLD
-              value: "0.9"
-            resources:
-              limits:
-                memory: 1Gi
-              requests:
-                memory: 1Gi
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/scorecard
-                readOnly: true
+            - name: bq-transfer-rawdata-releasetest
+              image: gcr.io/openssf/scorecard-bq-transfer:latest
+              args: ["--config=/etc/scorecard/config.yaml"]
+              imagePullPolicy: Always
+              env:
+                - name: SCORECARD_DATA_BUCKET_URL
+                  value: "gs://ossf-scorecard-rawdata-releasetest"
+                - name: SCORECARD_BIGQUERY_TABLE
+                  value: "scorecard-rawdata-releasetest"
+                - name: SCORECARD_COMPLETION_THRESHOLD
+                  value: "0.9"
+              resources:
+                limits:
+                  memory: 1Gi
+                requests:
+                  memory: 1Gi
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/scorecard
+                  readOnly: true
          volumes:
            - name: config-volume
              configMap:
--- a/cron/k8s/transfer.release.yaml
+++ b/cron/k8s/transfer.release.yaml
@ -26,28 +26,28 @@ spec:
        spec:
          restartPolicy: OnFailure
          containers:
-          - name: bq-transfer-releasetest-v2
-            image: gcr.io/openssf/scorecard-bq-transfer:latest
-            args: ["--config=/etc/scorecard/config.yaml"]
-            imagePullPolicy: Always
-            env:
-            - name: SCORECARD_DATA_BUCKET_URL
-              value: "gs://ossf-scorecard-data-releasetest2"
-            - name: SCORECARD_BIGQUERY_TABLE
-              value: "scorecard_releasetest2"
-            - name: SCORECARD_COMPLETION_THRESHOLD
-              value: "0.9"
-            - name: SCORECARD_WEBHOOK_URL
-              value: "http://10.4.8.246/"
-            resources:
-              limits:
-                memory: 1Gi
-              requests:
-                memory: 1Gi
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/scorecard
-                readOnly: true
+            - name: bq-transfer-releasetest-v2
+              image: gcr.io/openssf/scorecard-bq-transfer:latest
+              args: ["--config=/etc/scorecard/config.yaml"]
+              imagePullPolicy: Always
+              env:
+                - name: SCORECARD_DATA_BUCKET_URL
+                  value: "gs://ossf-scorecard-data-releasetest2"
+                - name: SCORECARD_BIGQUERY_TABLE
+                  value: "scorecard_releasetest2"
+                - name: SCORECARD_COMPLETION_THRESHOLD
+                  value: "0.9"
+                - name: SCORECARD_WEBHOOK_URL
+                  value: "http://10.4.8.246/"
+              resources:
+                limits:
+                  memory: 1Gi
+                requests:
+                  memory: 1Gi
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/scorecard
+                  readOnly: true
          volumes:
            - name: config-volume
              configMap:
--- a/cron/k8s/transfer.yaml
+++ b/cron/k8s/transfer.yaml
@ -25,19 +25,19 @@ spec:
      template:
        spec:
          containers:
-          - name: bq-transfer-v2
-            image: gcr.io/openssf/scorecard-bq-transfer:latest
-            args: ["--config=/etc/scorecard/config.yaml"]
-            imagePullPolicy: Always
-            resources:
-              limits:
-                memory: 1Gi
-              requests:
-                memory: 1Gi
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/scorecard
-                readOnly: true
+            - name: bq-transfer-v2
+              image: gcr.io/openssf/scorecard-bq-transfer:latest
+              args: ["--config=/etc/scorecard/config.yaml"]
+              imagePullPolicy: Always
+              resources:
+                limits:
+                  memory: 1Gi
+                requests:
+                  memory: 1Gi
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/scorecard
+                  readOnly: true
          volumes:
            - name: config-volume
              configMap:
--- a/cron/k8s/worker.release.yaml
+++ b/cron/k8s/worker.release.yaml
@ -27,34 +27,34 @@ spec:
        app.kubernetes.io/name: worker-releasetest
    spec:
      containers:
-      - name: worker
-        image: gcr.io/openssf/scorecard-batch-worker:latest
-        args: ["--ignoreRuntimeErrors=false", "--config=/etc/scorecard/config.yaml"]
-        imagePullPolicy: Always
-        env:
-        - name: SCORECARD_DATA_BUCKET_URL
-          value: "gs://ossf-scorecard-data-releasetest2"
-        - name: SCORECARD_RAW_RESULT_DATA_BUCKET_URL
-          value: "gs://ossf-scorecard-rawdata-releasetest"
-        - name: SCORECARD_REQUEST_SUBSCRIPTION_URL
-          value: "gcppubsub://projects/openssf/subscriptions/scorecard-batch-worker-releasetest"
-        - name: SCORECARD_METRIC_EXPORTER
-          value: "printer"
-        - name: GITHUB_AUTH_SERVER
-          value: "10.4.4.210:80"
-        - name: "SCORECARD_API_RESULTS_BUCKET_URL"
-          value: "gs://ossf-scorecard-cron-releasetest-results"
-        resources:
-          requests:
-            memory: 5Gi
-            ephemeral-storage: 100Gi
-          limits:
-            memory: 12Gi
-            ephemeral-storage: 500Gi
-        volumeMounts:
-          - name: config-volume
-            mountPath: /etc/scorecard
-            readOnly: true
+        - name: worker
+          image: gcr.io/openssf/scorecard-batch-worker:latest
+          args: ["--ignoreRuntimeErrors=false", "--config=/etc/scorecard/config.yaml"]
+          imagePullPolicy: Always
+          env:
+            - name: SCORECARD_DATA_BUCKET_URL
+              value: "gs://ossf-scorecard-data-releasetest2"
+            - name: SCORECARD_RAW_RESULT_DATA_BUCKET_URL
+              value: "gs://ossf-scorecard-rawdata-releasetest"
+            - name: SCORECARD_REQUEST_SUBSCRIPTION_URL
+              value: "gcppubsub://projects/openssf/subscriptions/scorecard-batch-worker-releasetest"
+            - name: SCORECARD_METRIC_EXPORTER
+              value: "printer"
+            - name: GITHUB_AUTH_SERVER
+              value: "10.4.4.210:80"
+            - name: "SCORECARD_API_RESULTS_BUCKET_URL"
+              value: "gs://ossf-scorecard-cron-releasetest-results"
+          resources:
+            requests:
+              memory: 5Gi
+              ephemeral-storage: 100Gi
+            limits:
+              memory: 12Gi
+              ephemeral-storage: 500Gi
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/scorecard
+              readOnly: true
      volumes:
        - name: config-volume
          configMap:
--- a/cron/k8s/worker.yaml
+++ b/cron/k8s/worker.yaml
@ -27,24 +27,24 @@ spec:
        app.kubernetes.io/name: worker
    spec:
      containers:
-      - name: worker
-        image: gcr.io/openssf/scorecard-batch-worker:stable
-        args: ["--ignoreRuntimeErrors=true", "--config=/etc/scorecard/config.yaml"]
-        imagePullPolicy: Always
-        env:
-        - name: GITHUB_AUTH_SERVER
-          value: "10.4.4.210:80"
-        resources:
-          requests:
-            memory: 5Gi
-            ephemeral-storage: 100Gi
-          limits:
-            memory: 12Gi
-            ephemeral-storage: 500Gi
-        volumeMounts:
-          - name: config-volume
-            mountPath: /etc/scorecard
-            readOnly: true
+        - name: worker
+          image: gcr.io/openssf/scorecard-batch-worker:stable
+          args: ["--ignoreRuntimeErrors=true", "--config=/etc/scorecard/config.yaml"]
+          imagePullPolicy: Always
+          env:
+            - name: GITHUB_AUTH_SERVER
+              value: "10.4.4.210:80"
+          resources:
+            requests:
+              memory: 5Gi
+              ephemeral-storage: 100Gi
+            limits:
+              memory: 12Gi
+              ephemeral-storage: 500Gi
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/scorecard
+              readOnly: true
      volumes:
        - name: config-volume
          configMap: