This repository aggregates hundreds of popular Kubernetes CRDs (CustomResourceDefinition) in JSON schema format. These schemas can be used by various tools such as Datree, Kubeconform and Kubeval, as an alternative to kubectl --dry-run, to perform validation on custom (and native) Kubernetes resources.
Running Kubernetes schema validation checks helps apply the "shift-left approach" on machines without giving them access to your cluster (e.g. locally or on CI).
kubeconform -schema-location default -schema-location "https://raw.githubusercontent.com/wis-cm3/CRDs-catalog/cm3/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json" [MANIFEST]
This repository also contains a handy utility that extracts all CRDs from a cluster and converts them to JSON schema.
- Checks that the prerequisites are installed.
- Extracts your CRDs from your cluster using kubectl.
- Downloads a script from the kubeconform repo that converts your CRDs from openAPI to JSON schema.
- Runs the script, and saves the output to your machine under
$HOME/.datree/crdSchemas/
This utility supports MacOS and Linux.
The following programs are required to be installed on the machine running this utility:
To use the CRD Extractor:
- Download the latest release from this repository.
- Have your kube context pointing to the cluster you want to grab crds from.
- Extract, and run the utility:
./crd-extractor.sh
If the catalog is missing public custom resources (CRs) that you would like to automatically validate using these tools, you can open an issue or use the CRD Extractor to add the schemas to this repository by creating a pull request.