-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathMakefile
246 lines (194 loc) · 9.15 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
# SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Gardener contributors
#
# SPDX-License-Identifier: Apache-2.0
REPO_ROOT := $(shell git rev-parse --show-toplevel)
VERSION := $(shell cat "$(REPO_ROOT)/VERSION")
# Docker image repository and tag for terminal-controller-manager
IMG_MANAGER_REPOSITORY ?= europe-docker.pkg.dev/gardener-project/public/gardener/terminal-controller-manager
IMG_MANAGER_TAG ?= $(VERSION)-$(shell git rev-parse HEAD)
# Chart variables
CREATE_NAMESPACE ?= true
NAMESPACE ?= terminal-system
CHART_NAME ?= terminal-controller-manager-local
VALUES_FILE ?= "tmp/values.yaml"
VIRTUAL_GARDEN_ENABLED = false
CHART_PATH = "charts/terminal"
# TLS output directory and certificate/key file names
TLS_OUTPUT_PATH ?= "tmp/tls"
CA_NAME ?= "ca"
ADMISSION_WEBHOOK_CERT_NAME ?= "terminal-admission-controller-tls"
METRICS_SERVER_CERT_NAME ?= "terminal-metrics-server-tls"
# Kind cluster variables
KIND_CLUSTER_NAME ?= "gardener-local"
CR_VERSION := $(shell go mod edit -json | jq -r '.Require[] | select(.Path=="sigs.k8s.io/controller-runtime") | .Version')
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif
# Setting SHELL to bash allows bash commands to be executed by recipes.
# This is a requirement for 'setup-envtest.sh' in the test target.
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec
.PHONY: all
all: build
#########################################
# Tools #
#########################################
TOOLS_DIR := hack/tools
include hack/tools.mk
##@ General
# The help target prints out all targets with their descriptions organized
# beneath their categories. The categories are represented by '##@' and the
# target descriptions by '##'. The awk commands is responsible for reading the
# entire set of makefiles included in this invocation, looking for lines of the
# file as xyz: ## something, and then pretty-format the target and help. Then,
# if there's a line with ##@ something, that gets pretty-printed as a category.
# More info on the usage of ANSI control characters for terminal formatting:
# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
# More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php
.PHONY: help
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Development
.PHONY: tidy
tidy: ## Clean up go.mod and go.sum by removing unused dependencies.
go mod tidy
.PHONY: clean
clean: ## Remove generated files and clean up directories.
@hack/clean.sh ./api/... ./charts/... ./controllers/... ./internal/... ./test/... ./webhooks/...
.PHONY: manifests
manifests: $(CONTROLLER_GEN) ## Generate CustomResourceDefinition object.
$(CONTROLLER_GEN) crd paths="./api/..." output:crd:dir=charts/terminal/charts/application/crd-gen
.PHONY: generate
generate: manifests $(CONTROLLER_GEN) fmt ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./controllers/..." paths="./api/..."
.PHONY: fmt
fmt: ## Run go fmt against code.
go fmt ./...
.PHONY: check-generate
check-generate: ## Verify if code generation is up-to-date by running generate and checking for changes.
@hack/check-generate.sh $(REPO_ROOT)
.PHONY: lint
lint: ## Run golangci-lint against code.
@./hack/golangci-lint.sh
.PHONY: sast
sast: $(GOSEC) ## Run gosec against code
@./hack/sast.sh
.PHONY: sast-report
sast-report: $(GOSEC) ## Run gosec against code and export report to SARIF.
@./hack/sast.sh --gosec-report true
.PHONY: test
test: generate lint go-test sast ## Run tests.
.PHONY: verify ## Run basic verification including linting, tests, and static analysis.
verify: lint go-test sast
.PHONY: verify-extended ## Run extended verification including code generation check, linting, tests, and detailed static analysis report.
verify-extended: check-generate lint go-test sast-report
.PHONY: go-test
go-test: ## Run go tests.
@./hack/test-integration.sh
.PHONY: bootstrap-dev
bootstrap-dev: ## Install example resources into a dev cluster
@kubectl apply -f example/bootstrap/00_namespace.yaml
@kubectl apply -f example/bootstrap/01_serviceaccount.yaml
@kubectl apply -f example/bootstrap/02_clusterrolebinding.yaml
@kubectl patch project local --patch-file example/bootstrap/03_gardener-project-patch.yaml
##@ Build
.PHONY: build
build: generate lint ## Build manager binary.
go build -o bin/manager main.go
.PHONY: run
run: generate lint ## Run a controller from your host.
go run ./main.go
.PHONY: docker-build
docker-build: test ## Build docker image with the manager.
docker build -t $(IMG_MANAGER_REPOSITORY):$(IMG_MANAGER_TAG) .
.PHONY: docker-push
docker-push: ## Push docker image with the manager.
docker push $(IMG_MANAGER_REPOSITORY):$(IMG_MANAGER_TAG)
##@ Deployment
.PHONY: load-manager-docker-image
load-manager-docker-image: docker-build ## Loads the manager docker image into the kind cluster
kind load docker-image $(IMG_MANAGER_REPOSITORY):$(IMG_MANAGER_TAG) --name $(KIND_CLUSTER_NAME)
.PHONY: ensure-namespace
ensure-namespace: # Creates the namespace if not existing and applies requied helm metadata
@if [ "$(CREATE_NAMESPACE)" = true ] && ! kubectl get namespace $(NAMESPACE) > /dev/null 2>&1; then \
kubectl create namespace $(NAMESPACE); \
else \
echo "Namespace already exists. Skipping creation."; \
fi
@kubectl annotate namespace $(NAMESPACE) \
"meta.helm.sh/release-name=$(CHART_NAME)" \
"meta.helm.sh/release-namespace=$(NAMESPACE)"
@kubectl label namespace $(NAMESPACE) \
"app.kubernetes.io/managed-by=Helm"
.PHONY: gen-certs
gen-certs: cfssl ## Generates CA certificate and server certificate for the admission controller and metrics server
./hack/gen-certs.sh --cert-name $(ADMISSION_WEBHOOK_CERT_NAME)
./hack/gen-certs.sh --cert-name $(METRICS_SERVER_CERT_NAME)
.PHONY: install
install: helm gen-certs ## Deploys the terminal controller manager chart in the Garden cluster
@touch $(VALUES_FILE)
$(MAKE) ensure-namespace
$(HELM) upgrade --install \
--force \
--wait \
--values $(VALUES_FILE) \
--namespace $(NAMESPACE) \
--set global.deployment.virtualGarden.enabled=$(VIRTUAL_GARDEN_ENABLED) \
--set global.deployment.virtualGarden.createNamespace=$(CREATE_NAMESPACE) \
--set global.controller.manager.image.repository=$(IMG_MANAGER_REPOSITORY) \
--set global.controller.manager.image.tag=$(IMG_MANAGER_TAG) \
--set-file global.controller.manager.config.server.metrics.tls.key=$(TLS_OUTPUT_PATH)/$(ADMISSION_WEBHOOK_CERT_NAME)-key.pem \
--set-file global.controller.manager.config.server.metrics.tls.crt=$(TLS_OUTPUT_PATH)/$(ADMISSION_WEBHOOK_CERT_NAME).pem \
--set-file global.admission.config.server.webhooks.caBundle=$(TLS_OUTPUT_PATH)/$(CA_NAME).pem \
--set-file global.admission.config.server.webhooks.tls.key=$(TLS_OUTPUT_PATH)/$(ADMISSION_WEBHOOK_CERT_NAME)-key.pem \
--set-file global.admission.config.server.webhooks.tls.crt=$(TLS_OUTPUT_PATH)/$(ADMISSION_WEBHOOK_CERT_NAME).pem \
$(CHART_NAME) \
$(CHART_PATH) 2> >(grep -v 'found symbolic link' >&2)
.PHONY: install-application
install-application: ## Deploys the application chart in the Garden cluster
$(MAKE) install \
VIRTUAL_GARDEN_ENABLED=true \
CHART_PATH="charts/terminal/charts/application" \
CHART_NAME=$(CHART_NAME)"-application"
.PHONY: install-runtime
install-runtime: ## Deploys the runtime chart in the hosting cluster
$(MAKE) install \
VIRTUAL_GARDEN_ENABLED=true \
CHART_PATH="charts/terminal/charts/runtime" \
CHART_NAME=$(CHART_NAME)"-runtime"
.PHONY: uninstall
uninstall: helm ## Uninstall the deployed helm chart.
$(HELM) uninstall --namespace $(NAMESPACE) $(CHART_NAME)
.PHONY: uninstall-application
uninstall-application: helm ## Uninstall the deployed application helm chart.
$(MAKE) uninstall \
CHART_NAME=$(CHART_NAME)"-application"
.PHONY: uninstall-runtime
uninstall-runtime: helm ## Uninstall the deployed runtime helm chart.
$(MAKE) uninstall \
CHART_NAME=$(CHART_NAME)"-runtime"
##@ Build Dependencies
## Location to install dependencies to
LOCALBIN ?= $(shell pwd)/bin
$(LOCALBIN):
mkdir -p $(LOCALBIN)
## Tool Binaries
ENVTEST ?= $(LOCALBIN)/setup-envtest
HELM ?= $(LOCALBIN)/helm
.PHONY: envtest
envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
$(ENVTEST): $(LOCALBIN)
GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
.PHONY: helm
helm: $(HELM) ## Download envtest-setup locally if necessary.
$(HELM): $(LOCALBIN)
export HELM_INSTALL_DIR=$(LOCALBIN) && curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
.PHONY: cfssl
cfssl: $(CFSSL) ## Download cfssl locally if necessary.
$(CFSSL): $(LOCALBIN)
GOBIN=$(LOCALBIN) go install github.com/cloudflare/cfssl/cmd/...@latest