-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
130 lines (102 loc) · 4.49 KB
/
Makefile
File metadata and controls
130 lines (102 loc) · 4.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Makefile
# import config.
# You can change the default config with `make cnf="config_special.env" build`
cnf ?= config.env
include $(cnf)
# Variable for the binary name
BINARY_NAME := user-mutator
# Variable for the container name
BASE_IMAGE := user-mutator
REGISTRY := containers.renci.org/helxplatform
IMAGE_TAG := $(REGISTRY)/$(BASE_IMAGE)
CHART_NAME := $(BASE_IMAGE)
VERSION := $(or $(VERSION),"v1.7.0")
## Kind Related
KIND_CLUSTER := mutator
MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST)))
MAKEFILE_DIR := $(dir $(MAKEFILE_PATH))
CERT_DIR := $(MAKEFILE_DIR)certs-$(MUTATE_CONFIG)
# export all variables
export
.PHONY: build go-build go-test push push-version ca-key-cert mutate-config key-cert-secret clean deploy-webhook-server deploy-all kind-up kind-load kind-down kind-all clean-all clean-ca-key-cert regenerate-ca-key-cert update-ca-key-cert-in-cluster regenerate-ca-cert-key-and-update-cluster
# Build the Go application
build:
docker buildx build \
--platform=linux/amd64 \
--tag=$(IMAGE_TAG):$(VERSION) \
--tag=$(IMAGE_TAG):latest \
--tag=$(BASE_IMAGE):$(VERSION) \
--tag=$(BASE_IMAGE):latest \
.
go-build:
@echo "Building Go application..."
cd webhook-server && go build -o $(BINARY_NAME)
# Run tests
go-test:
@echo "Running tests..."
cd webhook-server && go test -v ./...
push:
docker push $(IMAGE_TAG):$(VERSION)
docker push $(IMAGE_TAG):latest
push-version:
docker push $(IMAGE_TAG):$(VERSION)
ca-key-cert:
cd tls-and-mwc && go run main.go createMutationConfig.go generateTLSCerts.go
clean-ca-key-cert:
# instead of deleting the directory will just move it.
# rm -rf $(CERT_DIR)
if [ -d $(CERT_DIR) ]; then mv $(CERT_DIR) $(CERT_DIR)-$$(date "+%Y%m%d%H%M"); fi
regenerate-ca-key-cert: clean-ca-key-cert ca-key-cert
update-ca-key-cert-in-cluster: key-cert-secret
# Patch the MutatingWebhookConfiguration to include the current CA Bundle.
kubectl patch mutatingwebhookconfiguration $(MUTATE_CONFIG) \
--type='json' \
-p="[{'op': 'replace', 'path': '/webhooks/0/clientConfig/caBundle', 'value':'$$(base64 -i $(CERT_DIR)/ca.pem)'}]"
# Restart the user-mutator pod so it will load key and cert from the secret.
kubectl -n $(WEBHOOK_NAMESPACE) delete pod -l app.kubernetes.io/name="user-mutator"
regenerate-ca-cert-key-and-update-cluster: regenerate-ca-key-cert update-ca-key-cert-in-cluster
mutate-config: ca-key-cert
cd tls-and-mwc && go run main.go createMutationConfig.go generateTLSCerts.go -M
@echo ""
@echo "To view the MutationWebhookConfig YAML use the following command."
@echo " kubectl get MutatingWebhookConfiguration $(MUTATE_CONFIG) -o yaml"
@echo ""
enable-mutate-in-namespace:
kubectl label namespace $(NAMESPACE_TO_MUTATE) enable-$(MUTATE_CONFIG)=true
disable-mutate-in-namespace:
kubectl label namespace $(NAMESPACE_TO_MUTATE) enable-$(MUTATE_CONFIG)-
key-cert-secret: ca-key-cert
# Create the secret using the server cert and key files. For use by the
# user-mutator pod.
kubectl create namespace $(WEBHOOK_NAMESPACE) || true && \
kubectl create secret generic $(SECRET) --from-file=tls.key=$(CERT_DIR)/key.pem --from-file=tls.crt=$(CERT_DIR)/cert.pem --dry-run=client -o yaml | kubectl -n $(WEBHOOK_NAMESPACE) apply -f -
@echo ""
@echo "To view the secret YAML use the following command."
@echo " kubectl -n $(WEBHOOK_NAMESPACE) get secret $(SECRET) -o yaml"
@echo ""
clean:
@echo "Cleaning up..."
kubectl delete MutatingWebhookConfiguration $(MUTATE_CONFIG) || true && \
helm -n $(WEBHOOK_NAMESPACE) delete $(CHART_NAME) || true && \
kubectl -n $(WEBHOOK_NAMESPACE) delete secret $(SECRET) || true && \
rm -rf $(CERT_DIR) || true && \
rm -f webhook-server/$(BINARY_NAME)
deploy-webhook-server: key-cert-secret
helm -n $(WEBHOOK_NAMESPACE) upgrade --install $(CHART_NAME) \
--set "image.pullPolicy=IfNotPresent" --set "image.tag=$(VERSION)" \
--set "config.secrets.cert=$(SECRET)" $(HELM_INSTALL_ARG_1) $(HELM_INSTALL_ARG_2) \
./chart
@echo ""
@echo "To view and follow the logs of the mutator use the following command."
@echo " kubectl -n $(WEBHOOK_NAMESPACE) -l app.kubernetes.io/name=user-mutator logs -f"
@echo ""
deploy-all: deploy-webhook-server mutate-config
kind-up:
kind create cluster --name $(KIND_CLUSTER)
kind-load: build
kind load docker-image $(IMAGE_TAG):$(VERSION) --name $(KIND_CLUSTER)
kind load docker-image $(IMAGE_TAG):latest --name $(KIND_CLUSTER)
kind-down:
kind delete cluster --name $(KIND_CLUSTER)
kind-all: kind-up build kind-load deploy-webhook-server mutate-config enable-mutate-in-namespace
clean-all: clean kind-down