Address the Akamai security updates with LinodeFirewall (#273)

linode · Oct 1, 2024 · 6b98fa2 · 6b98fa2
1 parent 045a89e
commit 6b98fa2
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 24 deletions.
diff --git a/.gitignore b/.gitignore
@@ -25,6 +25,8 @@ _output
 _testmain.go
 linode-blockstorage-csi-driver
 test-cluster-kubeconfig.yaml
+capl-cluster-manifests.yaml
+csi-manifests.yaml
 
 *.exe
 *.test

diff --git a/Makefile b/Makefile
@@ -1,19 +1,20 @@
-PLATFORM              ?= linux/amd64
-REGISTRY_NAME         ?= index.docker.io
-DOCKER_USER           ?= linode
-IMAGE_NAME            ?= linode-blockstorage-csi-driver
-REV                   := $(shell git branch --show-current 2> /dev/null || echo "dev")
+PLATFORM                ?= linux/amd64
+REGISTRY_NAME           ?= index.docker.io
+DOCKER_USER             ?= linode
+IMAGE_NAME              ?= linode-blockstorage-csi-driver
+REV                     := $(shell git branch --show-current 2> /dev/null || echo "dev")
 ifdef DEV_TAG_EXTENSION
-IMAGE_VERSION         ?= $(REV)-$(DEV_TAG_EXTENSION)
+IMAGE_VERSION           ?= $(REV)-$(DEV_TAG_EXTENSION)
 else
-IMAGE_VERSION         ?= $(REV)
+IMAGE_VERSION           ?= $(REV)
 endif
-IMAGE_TAG             ?= $(REGISTRY_NAME)/$(DOCKER_USER)/$(IMAGE_NAME):$(IMAGE_VERSION)
-GOLANGCI_LINT_IMG     := golangci/golangci-lint:v1.59-alpine
-RELEASE_DIR           ?= release
-DOCKERFILE            ?= Dockerfile
-GOLANGCI_LINT_VERSION ?= v1.61.0
-E2E_SELECTOR          ?= all
+IMAGE_TAG               ?= $(REGISTRY_NAME)/$(DOCKER_USER)/$(IMAGE_NAME):$(IMAGE_VERSION)
+GOLANGCI_LINT_IMG       := golangci/golangci-lint:v1.59-alpine
+RELEASE_DIR             ?= release
+DOCKERFILE              ?= Dockerfile
+GOLANGCI_LINT_VERSION   ?= v1.61.0
+E2E_SELECTOR            ?= all
+LINODE_FIREWALL_ENABLED ?= true
 
 #####################################################################
 # OS / ARCH
@@ -61,7 +62,7 @@ CLUSTER_NAME         ?= csi-driver-cluster-$(shell git rev-parse --short HEAD)
 K8S_VERSION          ?= "v1.29.1"
 CAPI_VERSION         ?= "v1.6.3"
 HELM_VERSION         ?= "v0.2.1"
-CAPL_VERSION         ?= "v0.3.1"
+CAPL_VERSION         ?= "v0.6.3"
 CONTROLPLANE_NODES   ?= 1
 WORKER_NODES         ?= 0
 
@@ -88,21 +89,32 @@ docker-setup: docker-build docker-push
 mgmt-and-capl-cluster: docker-setup mgmt-cluster capl-cluster
 
 .PHONY: capl-cluster
-capl-cluster:
-	# Create a CAPL cluster without CSI driver and wait for it to be ready
-	clusterctl generate cluster $(CLUSTER_NAME) \
+capl-cluster: generate-capl-cluster-manifests create-capl-cluster generate-csi-driver-manifests install-csi
+
+.PHONY: generate-capl-cluster-manifests
+generate-capl-cluster-manifests:
+	# Create the CAPL cluster manifests without any CSI driver stuff
+	LINODE_FIREWALL_ENABLED=$(LINODE_FIREWALL_ENABLED) clusterctl generate cluster $(CLUSTER_NAME) \
 		--kubernetes-version $(K8S_VERSION) \
 		--infrastructure linode-linode:$(CAPL_VERSION) \
 		--control-plane-machine-count $(CONTROLPLANE_NODES) --worker-machine-count $(WORKER_NODES) \
-		--flavor kubeadm-vpcless \
-		| yq 'select(.metadata.name != "$(CLUSTER_NAME)-csi-driver-linode")' \
-		| kubectl apply -f -
-	kubectl wait --for=condition=ControlPlaneReady  cluster/$(CLUSTER_NAME) --timeout=600s
-	clusterctl get kubeconfig $(CLUSTER_NAME) > test-cluster-kubeconfig.yaml
+		| yq 'select(.metadata.name != "$(CLUSTER_NAME)-csi-driver-linode")' > capl-cluster-manifests.yaml
 
-	# Install CSI driver and wait for it to be ready
+.PHONY: create-capl-cluster
+create-capl-cluster:
+	# Create a CAPL cluster without CSI driver and wait for it to be ready
+	kubectl apply -f capl-cluster-manifests.yaml
+	kubectl wait --for=condition=ControlPlaneReady  cluster/$(CLUSTER_NAME) --timeout=600s || (kubectl get cluster -o yaml; kubectl get linodecluster -o yaml; kubectl get linodemachines -o yaml)
+	clusterctl get kubeconfig $(CLUSTER_NAME) > test-cluster-kubeconfig.yaml
 	cat tests/e2e/setup/linode-secret.yaml | envsubst | KUBECONFIG=test-cluster-kubeconfig.yaml kubectl apply -f -
-	hack/generate-yaml.sh $(IMAGE_VERSION) $(DOCKER_USER)/$(IMAGE_NAME) |KUBECONFIG=test-cluster-kubeconfig.yaml kubectl apply -f -
+
+.PHONY: generate-csi-driver-manifests
+generate-csi-driver-manifests:
+	hack/generate-yaml.sh $(IMAGE_VERSION) $(DOCKER_USER)/$(IMAGE_NAME) > csi-manifests.yaml
+
+.PHONY: install-csi
+install-csi:
+	KUBECONFIG=test-cluster-kubeconfig.yaml kubectl apply -f csi-manifests.yaml
 	KUBECONFIG=test-cluster-kubeconfig.yaml kubectl rollout status -n kube-system daemonset/csi-linode-node --timeout=600s
 	KUBECONFIG=test-cluster-kubeconfig.yaml kubectl rollout status -n kube-system statefulset/csi-linode-controller --timeout=600s