forked from projectcapsule/capsule-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
169 lines (145 loc) · 8.22 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
OS := $(shell uname)
SRC_ROOT = $(shell git rev-parse --show-toplevel)
ifeq ($(OS),Darwin)
ROOTCA=~/Library/Application\ Support/mkcert/rootCA.pem
else
ROOTCA=~/.local/share/mkcert/rootCA.pem
endif
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif
dlv-build:
docker build . --build-arg "GCFLAGS=all=-N -l" --tag clastix/capsule-proxy:dlv --target dlv
docker/build:
@echo "Building docker image..."
@docker build . --build-arg "LDFLAGS=-s -w" -t clastix/capsule-proxy:latest
kind/clean:
@echo "Deleting cluser..."
@kind delete cluster --name capsule
kind:
# build environment
@echo "Building kubernetes env using Kind $${KIND_K8S_VERSION:-v1.22.0}..."
@kind create cluster --name capsule --image kindest/node:$${KIND_K8S_VERSION:-v1.22.0} --config ./e2e/kind.yaml --wait=120s \
&& kubectl taint nodes capsule-worker2 key1=value1:NoSchedule
@helm repo add bitnami https://charts.bitnami.com/bitnami
@helm upgrade --install --namespace metrics-system --create-namespace metrics-server bitnami/metrics-server \
--set apiService.create=true --set "extraArgs[0]=--kubelet-insecure-tls=true" --version 6.2.9
@echo "Waiting for metrics-server pod to be ready for listing metrics"
@kubectl --namespace metrics-system wait --for=condition=ready --timeout=320s pod -l app.kubernetes.io/instance=metrics-server
capsule:
@echo "Installing capsule..."
@helm repo add clastix https://clastix.github.io/charts
@helm upgrade --install --create-namespace --namespace capsule-system capsule clastix/capsule \
--set "manager.resources=null" \
--set "manager.options.forceTenantPrefix=true" \
--set "options.logLevel=8"
capsule-proxy: mkcert
@echo "Installing Capsule-Proxy..."
@echo "Loading Docker image..."
@kind load docker-image --name capsule --nodes capsule-worker clastix/capsule-proxy:latest
ifeq ($(CAPSULE_PROXY_MODE),http)
@echo "Running in HTTP mode"
@echo "kubeconfig configurations..."
@cd hack \
&& curl -s https://raw.githubusercontent.com/clastix/capsule/master/hack/create-user.sh | bash -s -- alice oil capsule.clastix.io \
&& mv alice-oil.kubeconfig alice.kubeconfig \
&& KUBECONFIG=alice.kubeconfig kubectl config set clusters.kind-capsule.server http://127.0.0.1:9001
@echo "Installing Capsule-Proxy using HELM..."
@helm upgrade --install capsule-proxy ./charts/capsule-proxy -n capsule-system \
--set "image.pullPolicy=Never" \
--set "image.tag=latest" \
--set "options.enableSSL=false" \
--set "service.type=NodePort" \
--set "service.nodePort=" \
--set "kind=DaemonSet" \
--set "daemonset.hostNetwork=true" \
--set "serviceMonitor.enabled=false" \
--set "options.generateCertificates=false"
else
@echo "Running in HTTPS mode"
@echo "capsule proxy certificates..."
cd hack && $(MKCERT) -install && $(MKCERT) 127.0.0.1 \
&& kubectl --namespace capsule-system create secret generic capsule-proxy --from-file=tls.key=./127.0.0.1-key.pem --from-file=tls.crt=./127.0.0.1.pem --from-literal=ca=$$(cat $(ROOTCA) | base64 |tr -d '\n')
@echo "kubeconfig configurations..."
@cd hack \
&& curl -s https://raw.githubusercontent.com/clastix/capsule/master/hack/create-user.sh | bash -s -- alice oil capsule.clastix.io \
&& mv alice-oil.kubeconfig alice.kubeconfig \
&& KUBECONFIG=alice.kubeconfig kubectl config set clusters.kind-capsule.certificate-authority-data $$(cat $(ROOTCA) | base64 |tr -d '\n') \
&& KUBECONFIG=alice.kubeconfig kubectl config set clusters.kind-capsule.server https://127.0.0.1:9001 \
&& curl -s https://raw.githubusercontent.com/clastix/capsule/master/hack/create-user.sh | bash -s -- bob gas capsule.clastix.io \
&& mv bob-gas.kubeconfig bob.kubeconfig \
&& KUBECONFIG=bob.kubeconfig kubectl config set clusters.kind-capsule.certificate-authority-data $$(cat $(ROOTCA) | base64 |tr -d '\n') \
&& KUBECONFIG=bob.kubeconfig kubectl config set clusters.kind-capsule.server https://127.0.0.1:9001 \
&& curl -s https://raw.githubusercontent.com/clastix/capsule/master/hack/create-user.sh | bash -s -- joe gas capsule.clastix.io,foo.clastix.io \
&& mv joe-gas.kubeconfig foo.clastix.io.kubeconfig \
&& KUBECONFIG=foo.clastix.io.kubeconfig kubectl config set clusters.kind-capsule.certificate-authority-data $$(cat $(ROOTCA) | base64 |tr -d '\n') \
&& KUBECONFIG=foo.clastix.io.kubeconfig kubectl config set clusters.kind-capsule.server https://127.0.0.1:9001 \
&& curl -s https://raw.githubusercontent.com/clastix/capsule/master/hack/create-user.sh | bash -s -- dave soil capsule.clastix.io,bar.clastix.io \
&& mv dave-soil.kubeconfig dave.kubeconfig \
&& kubectl --kubeconfig=dave.kubeconfig config set clusters.kind-capsule.certificate-authority-data $$(cat $(ROOTCA) | base64 |tr -d '\n') \
&& kubectl --kubeconfig=dave.kubeconfig config set clusters.kind-capsule.server https://127.0.0.1:9001
@echo "Installing Capsule-Proxy using HELM..."
@helm upgrade --install capsule-proxy ./charts/capsule-proxy -n capsule-system \
--set "image.pullPolicy=Never" \
--set "image.tag=latest" \
--set "service.type=NodePort" \
--set "service.nodePort=" \
--set "kind=DaemonSet" \
--set "daemonset.hostNetwork=true" \
--set "serviceMonitor.enabled=false"
endif
rbac-fix:
@echo "RBAC customization..."
@kubectl create clusterrole capsule-selfsubjectaccessreviews --verb=create --resource=selfsubjectaccessreviews.authorization.k8s.io
@kubectl create clusterrole capsule-apis --verb="get" --non-resource-url="/api/*" --non-resource-url="/api" --non-resource-url="/apis/*" --non-resource-url="/apis" --non-resource-url="/version"
@kubectl create clusterrolebinding capsule:selfsubjectaccessreviews --clusterrole=capsule-selfsubjectaccessreviews --group=capsule.clastix.io
@kubectl create clusterrolebinding capsule:apis --clusterrole=capsule-apis --group=capsule.clastix.io
e2e: docker/build kind capsule capsule-proxy rbac-fix
@./e2e/run.bash $${CLIENT_TEST:-kubectl}-$${CAPSULE_PROXY_MODE:-https}
# Helm
SRC_ROOT = $(shell git rev-parse --show-toplevel)
helm-docs: HELMDOCS_VERSION := v1.11.0
helm-docs: docker
@docker run -v "$(SRC_ROOT):/helm-docs" jnorwood/helm-docs:$(HELMDOCS_VERSION) --chart-search-root /helm-docs
helm-lint: docker
@docker run -v "$(SRC_ROOT):/workdir" --entrypoint /bin/sh quay.io/helmpack/chart-testing:v3.3.1 -c "cd /workdir; ct lint --config .github/configs/ct.yaml --lint-conf .github/configs/lintconf.yaml --all --debug"
docker:
@hash docker 2>/dev/null || {\
echo "You need docker" &&\
exit 1;\
}
.PHONY: manifests
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=charts/capsule-proxy/crds
.PHONY: generate
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
golint: golangci-lint ## Linting the code according to the styling guide.
$(GOLANGCI_LINT) run -c .golangci.yml
.PHONY: install
install: manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config.
kubectl apply -f charts/capsule-proxy/crds
.PHONY: uninstall
uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
kubectl delete -f charts/capsule-proxy/crds
CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
controller-gen: ## Download controller-gen locally if necessary.
$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])
MKCERT = $(shell pwd)/bin/mkcert
mkcert: ## Download mkcert locally if necessary.
$(call go-install-tool,$(MKCERT),filippo.io/[email protected])
# go-install-tool will 'go install' any package $2 and install it to $1.
PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
define go-install-tool
@[ -f $(1) ] || { \
set -e ;\
echo "Installing $(2)" ;\
GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
}
endef
GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
golangci-lint: ## Download golangci-lint locally if necessary.
$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/[email protected])