forked from open-policy-agent/gatekeeper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
207 lines (166 loc) · 7.54 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# Image URL to use all building/pushing image targets
REGISTRY ?= quay.io
REPOSITORY ?= $(REGISTRY)/open-policy-agent/gatekeeper
IMG := $(REPOSITORY):latest
VERSION := v3.1.0-beta.0
USE_LOCAL_IMG ?= false
KIND_VERSION=0.6.0
KUSTOMIZE_VERSION=3.0.2
BUILD_COMMIT := $(shell ./build/get-build-commit.sh)
BUILD_TIMESTAMP := $(shell ./build/get-build-timestamp.sh)
BUILD_HOSTNAME := $(shell ./build/get-build-hostname.sh)
LDFLAGS := "-X github.com/open-policy-agent/gatekeeper/version.Version=$(VERSION) \
-X github.com/open-policy-agent/gatekeeper/version.Vcs=$(BUILD_COMMIT) \
-X github.com/open-policy-agent/gatekeeper/version.Timestamp=$(BUILD_TIMESTAMP) \
-X github.com/open-policy-agent/gatekeeper/version.Hostname=$(BUILD_HOSTNAME)"
MANAGER_IMAGE_PATCH := "apiVersion: apps/v1\
\nkind: Deployment\
\nmetadata:\
\n name: controller-manager\
\n namespace: system\
\nspec:\
\n template:\
\n spec:\
\n containers:\
\n - image: <your image file>\
\n name: manager"
FRAMEWORK_PACKAGE := github.com/open-policy-agent/frameworks/constraint
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= crd:trivialVersions=true
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif
all: lint test manager
# Run tests
native-test: generate fmt vet manifests
GO111MODULE=on go test -mod vendor ./pkg/... -coverprofile cover.out
# Hook to run docker tests
.PHONY: test
test:
rm -rf .staging/test
mkdir -p .staging/test
cp -r * .staging/test
-rm .staging/test/Dockerfile
cp test/Dockerfile .staging/test/Dockerfile
docker build --pull .staging/test -t gatekeeper-test && docker run -t gatekeeper-test
test-e2e:
bats -t test/bats/test.bats
e2e-bootstrap:
# Download and install kind
curl -L https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64 --output kind && chmod +x kind && sudo mv kind /usr/local/bin/
# Download and install kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl && sudo mv kubectl /usr/local/bin/
# Download and install kustomize
curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/v${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64 --output kustomize && chmod +x kustomize && sudo mv kustomize /usr/local/bin/
# Check for existing kind cluster
if [ $$(kind get clusters) ]; then kind delete cluster; fi
# Create a new kind cluster
TERM=dumb kind create cluster
e2e-build-load-image: docker-build
kind load docker-image --name kind ${IMG}
e2e-verify-release: patch-image deploy test-e2e
echo -e '\n\n======= manager logs =======\n\n' && kubectl logs -n gatekeeper-system -l control-plane=controller-manager
# Build manager binary
manager: generate fmt vet
GO111MODULE=on go build -mod vendor -o bin/manager -ldflags $(LDFLAGS) main.go
# Build manager binary
manager-osx: generate fmt vet
GO111MODULE=on go build -mod vendor -o bin/manager GOOS=darwin -ldflags $(LDFLAGS) main.go
# Run against the configured Kubernetes cluster in ~/.kube/config
run: generate fmt vet manifests
GO111MODULE=on go run -mod vendor ./main.go
# Install CRDs into a cluster
install: manifests
kustomize build config/crd | kubectl apply -f -
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
deploy: patch-image manifests
touch -a ./config/overlays/dev/manager_image_patch.yaml
# TODO use kustomize for CRDs
kubectl apply -f config/crd/bases
kubectl apply -f vendor/${FRAMEWORK_PACKAGE}/deploy
kustomize build config/overlays/dev | kubectl apply -f -
# Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./api/..." paths="./pkg/..." output:crd:artifacts:config=config/crd/bases
kustomize build config/default -o deploy/gatekeeper.yaml
bash -c 'for x in vendor/${FRAMEWORK_PACKAGE}/deploy/*.yaml ; do echo --- >> deploy/gatekeeper.yaml ; cat $${x} >> deploy/gatekeeper.yaml ; done'
# Run go fmt against code
fmt:
GO111MODULE=on go fmt ./api/... ./pkg/...
GO111MODULE=on go fmt main.go
# Run go vet against code
vet:
GO111MODULE=on go vet -mod vendor ./api/... ./pkg/...
GO111MODULE=on go vet -mod vendor main.go
lint:
golangci-lint -v run ./... --timeout 5m
# Generate code
generate: controller-gen target-template-source
$(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths="./api/..." paths="./pkg/..."
# Docker Login
docker-login:
@docker login -u $(DOCKER_USER) -p $(DOCKER_PASSWORD) $(REGISTRY)
# Tag for Dev
docker-tag-dev:
@docker tag $(IMG) $(REPOSITORY):dev
# Tag for Dev
docker-tag-release:
@docker tag $(IMG) $(REPOSITORY):$(VERSION)
@docker tag $(IMG) $(REPOSITORY):latest
# Push for Dev
docker-push-dev: docker-tag-dev
@docker push $(REPOSITORY):dev
# Push for Release
docker-push-release: docker-tag-release
@docker push $(REPOSITORY):$(VERSION)
@docker push $(REPOSITORY):latest
# Build the docker image
docker-build: test
docker build --pull . -t ${IMG}
# Update manager_image_patch.yaml with image tag
patch-image:
@echo "updating kustomize image patch file for manager resource"
@test -s ./config/overlays/dev/manager_image_patch.yaml || bash -c 'echo -e ${MANAGER_IMAGE_PATCH} > ./config/overlays/dev/manager_image_patch.yaml'
ifeq ($(USE_LOCAL_IMG),true)
@sed -i '/^ name: manager/a \ \ \ \ \ \ \ \ imagePullPolicy: IfNotPresent' ./config/overlays/dev/manager_image_patch.yaml
endif
@sed -i'' -e 's@image: .*@image: '"${IMG}"'@' ./config/overlays/dev/manager_image_patch.yaml
# Rebuild pkg/target/target_template_source.go to pull in pkg/target/regolib/src.rego
target-template-source:
@printf "package target\n\n// This file is generated from pkg/target/regolib/src.rego via \"make target-template-source\"\n// Do not modify this file directly!\n\nconst templSrc = \`" > pkg/target/target_template_source.go
@sed -e "s/data\[\"{{.DataRoot}}\"\]/{{.DataRoot}}/; s/data\[\"{{.ConstraintsRoot}}\"\]/{{.ConstraintsRoot}}/" pkg/target/regolib/src.rego >> pkg/target/target_template_source.go
@printf "\`\n" >> pkg/target/target_template_source.go
# Push the docker image
docker-push:
docker push ${IMG}
release:
@sed -i -e 's/^VERSION := .*/VERSION := ${NEWVERSION}/' ./Makefile
release-manifest:
@sed -i'' -e 's@image: $(REPOSITORY):.*@image: $(REPOSITORY):'"$(NEWVERSION)"'@' ./config/manager/manager.yaml ./deploy/gatekeeper.yaml
# Delete gatekeeper from a cluster. Note this is not a complete uninstall, just a dev convenience
uninstall:
-kubectl delete -n gatekeeper-system Config config
sleep 5
kubectl delete ns gatekeeper-system
# find or download controller-gen
# download controller-gen if necessary
controller-gen:
ifeq (, $(shell which controller-gen))
GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.2
CONTROLLER_GEN=$(GOBIN)/controller-gen
else
CONTROLLER_GEN=$(shell which controller-gen)
endif
.PHONY: vendor
vendor:
$(eval $@_TMP := $(shell mktemp -d))
$(eval $@_CACHE := ${$@_TMP}/pkg/mod/cache/download)
GO111MODULE=on go mod download
GO111MODULE=on GOPROXY=file://${GOPATH}/pkg/mod/cache/download GOPATH=${$@_TMP} go mod download
GO111MODULE=on GOPROXY=file://${$@_CACHE} go mod vendor
$(eval $@_PACKAGE := $(shell GO111MODULE=on go mod graph | awk '{print $$2}' | grep '^${FRAMEWORK_PACKAGE}@'))
mkdir -p vendor/${FRAMEWORK_PACKAGE}/deploy
cp -r ${$@_TMP}/pkg/mod/${$@_PACKAGE}/deploy/* vendor/${FRAMEWORK_PACKAGE}/deploy/.