2021-05-28 22:09:57 +03:00
|
|
|
REGISTRY ?= mcr.microsoft.com/oss/azure/aad-pod-managed-identity
|
2021-05-25 22:12:45 +03:00
|
|
|
PROXY_IMAGE_NAME := proxy
|
2021-05-01 00:51:28 +03:00
|
|
|
INIT_IMAGE_NAME := proxy-init
|
2021-05-22 00:17:04 +03:00
|
|
|
WEBHOOK_IMAGE_NAME := webhook
|
2021-06-25 21:03:19 +03:00
|
|
|
IMAGE_VERSION ?= v0.2.0
|
2021-05-01 00:51:28 +03:00
|
|
|
|
2021-05-13 23:06:27 +03:00
|
|
|
PROXY_IMAGE := $(REGISTRY)/$(PROXY_IMAGE_NAME):$(IMAGE_VERSION)
|
|
|
|
INIT_IMAGE := $(REGISTRY)/$(INIT_IMAGE_NAME):$(IMAGE_VERSION)
|
2021-05-22 00:17:04 +03:00
|
|
|
WEBHOOK_IMAGE := $(REGISTRY)/$(WEBHOOK_IMAGE_NAME):$(IMAGE_VERSION)
|
2021-05-01 00:51:28 +03:00
|
|
|
|
2021-05-05 03:06:06 +03:00
|
|
|
# Directories
|
|
|
|
ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
|
|
|
|
BIN_DIR := $(abspath $(ROOT_DIR)/bin)
|
|
|
|
TOOLS_DIR := hack/tools
|
|
|
|
TOOLS_BIN_DIR := $(abspath $(TOOLS_DIR)/bin)
|
|
|
|
|
|
|
|
# Binaries
|
2021-05-11 00:28:14 +03:00
|
|
|
CONTROLLER_GEN_VER := v0.5.0
|
|
|
|
CONTROLLER_GEN_BIN := controller-gen
|
|
|
|
CONTROLLER_GEN := $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER)
|
|
|
|
|
2021-05-05 03:06:06 +03:00
|
|
|
E2E_TEST_BIN := e2e.test
|
|
|
|
E2E_TEST := $(BIN_DIR)/$(E2E_TEST_BIN)
|
|
|
|
|
|
|
|
GINKGO_VER := v1.16.2
|
|
|
|
GINKGO_BIN := ginkgo
|
|
|
|
GINKGO := $(TOOLS_BIN_DIR)/$(GINKGO_BIN)-$(GINKGO_VER)
|
|
|
|
|
2021-05-20 19:44:56 +03:00
|
|
|
KIND_VER := v0.11.0
|
2021-05-12 01:34:15 +03:00
|
|
|
KIND_BIN := kind
|
|
|
|
KIND := $(TOOLS_BIN_DIR)/$(KIND_BIN)-$(KIND_VER)
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
KUBECTL_VER := v1.20.2
|
|
|
|
KUBECTL_BIN := kubectl
|
|
|
|
KUBECTL := $(TOOLS_BIN_DIR)/$(KUBECTL_BIN)-$(KUBECTL_VER)
|
2021-05-05 03:06:06 +03:00
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
KUSTOMIZE_VER := v4.1.2
|
|
|
|
KUSTOMIZE_BIN := kustomize
|
|
|
|
KUSTOMIZE := $(TOOLS_BIN_DIR)/$(KUSTOMIZE_BIN)-$(KUSTOMIZE_VER)
|
2021-05-05 03:06:06 +03:00
|
|
|
|
2021-05-11 02:21:01 +03:00
|
|
|
GOLANGCI_LINT_VER := v1.38.0
|
|
|
|
GOLANGCI_LINT_BIN := golangci-lint
|
|
|
|
GOLANGCI_LINT := $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER)
|
|
|
|
|
2021-05-12 01:34:15 +03:00
|
|
|
SHELLCHECK_VER := v0.7.2
|
|
|
|
SHELLCHECK_BIN := shellcheck
|
|
|
|
SHELLCHECK := $(TOOLS_BIN_DIR)/$(SHELLCHECK_BIN)-$(SHELLCHECK_VER)
|
|
|
|
|
2021-05-13 22:04:35 +03:00
|
|
|
ENVSUBST_VER := v1.2.0
|
|
|
|
ENVSUBST_BIN := envsubst
|
|
|
|
ENVSUBST := $(TOOLS_BIN_DIR)/$(ENVSUBST_BIN)
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
# Scripts
|
|
|
|
GO_INSTALL := ./hack/go-install.sh
|
|
|
|
|
|
|
|
## --------------------------------------
|
2021-05-13 23:06:27 +03:00
|
|
|
## Images
|
2021-05-11 00:28:14 +03:00
|
|
|
## --------------------------------------
|
|
|
|
|
|
|
|
OUTPUT_TYPE ?= type=registry
|
2021-05-01 00:51:28 +03:00
|
|
|
|
2021-05-13 23:06:27 +03:00
|
|
|
.PHONY: docker-build
|
2021-05-22 00:17:04 +03:00
|
|
|
docker-build: docker-build-init docker-build-proxy docker-build-webhook
|
2021-05-13 23:06:27 +03:00
|
|
|
|
|
|
|
.PHONY: docker-build-init
|
|
|
|
docker-build-init:
|
|
|
|
docker buildx build --no-cache -t $(INIT_IMAGE) -f docker/init.Dockerfile --platform="linux/amd64" --output=$(OUTPUT_TYPE) .
|
|
|
|
|
|
|
|
.PHONY: docker-build-proxy
|
|
|
|
docker-build-proxy:
|
|
|
|
docker buildx build --no-cache -t $(PROXY_IMAGE) -f docker/proxy.Dockerfile --platform="linux/amd64" --output=$(OUTPUT_TYPE) .
|
|
|
|
|
2021-05-22 00:17:04 +03:00
|
|
|
.PHONY: docker-build-webhook
|
|
|
|
docker-build-webhook:
|
|
|
|
docker buildx build --no-cache -t $(WEBHOOK_IMAGE) -f docker/webhook.Dockerfile --platform="linux/amd64" --output=$(OUTPUT_TYPE) .
|
|
|
|
|
2021-05-13 23:06:27 +03:00
|
|
|
.PHONY: docker-push
|
2021-05-22 00:17:04 +03:00
|
|
|
docker-push: docker-push-init docker-push-proxy docker-push-webhook
|
2021-05-13 23:06:27 +03:00
|
|
|
|
|
|
|
.PHONY: docker-push-init
|
|
|
|
docker-push-init:
|
|
|
|
docker push $(INIT_IMAGE)
|
2021-05-01 00:51:28 +03:00
|
|
|
|
2021-05-13 23:06:27 +03:00
|
|
|
.PHONY: docker-push-proxy
|
|
|
|
docker-push-proxy:
|
|
|
|
docker push $(PROXY_IMAGE)
|
2021-05-04 22:30:57 +03:00
|
|
|
|
2021-05-22 00:17:04 +03:00
|
|
|
.PHONY: docker-push-webhook
|
|
|
|
docker-push-webhook:
|
|
|
|
docker push $(WEBHOOK_IMAGE)
|
|
|
|
|
2021-05-04 22:30:57 +03:00
|
|
|
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
|
|
|
|
CRD_OPTIONS ?= "crd:trivialVersions=true"
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: all
|
2021-05-04 22:30:57 +03:00
|
|
|
all: manager
|
|
|
|
|
|
|
|
# Build manager binary
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: manager
|
2021-05-04 22:30:57 +03:00
|
|
|
manager: generate fmt vet
|
|
|
|
go build -o bin/manager cmd/webhook/main.go
|
|
|
|
|
|
|
|
# Run against the configured Kubernetes cluster in ~/.kube/config
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: run
|
2021-05-04 22:30:57 +03:00
|
|
|
run: generate fmt vet manifests
|
|
|
|
go run .cmd/webhook/main.go
|
|
|
|
|
|
|
|
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
|
2021-05-18 21:44:00 +03:00
|
|
|
ARC_CLUSTER ?= false
|
2021-06-29 15:59:38 +03:00
|
|
|
AZURE_ENVIRONMENT ?=
|
2021-05-18 21:44:00 +03:00
|
|
|
AZURE_TENANT_ID ?=
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: deploy
|
2021-05-13 22:04:35 +03:00
|
|
|
deploy: $(KUBECTL) $(KUSTOMIZE) $(ENVSUBST)
|
2021-05-11 00:28:14 +03:00
|
|
|
$(MAKE) manifests install-cert-manager
|
2021-05-22 00:17:04 +03:00
|
|
|
cd config/manager && $(KUSTOMIZE) edit set image manager=$(WEBHOOK_IMAGE)
|
2021-05-13 22:04:35 +03:00
|
|
|
$(KUSTOMIZE) build config/default | $(ENVSUBST) | $(KUBECTL) apply -f -
|
2021-05-21 22:58:59 +03:00
|
|
|
$(KUBECTL) wait --for=condition=Available --timeout=5m -n aad-pi-webhook-system deployment/aad-pi-webhook-controller-manager
|
2021-05-11 00:28:14 +03:00
|
|
|
|
|
|
|
## --------------------------------------
|
|
|
|
## Code Generation
|
|
|
|
## --------------------------------------
|
2021-05-04 22:30:57 +03:00
|
|
|
|
|
|
|
# Generate manifests e.g. CRD, RBAC etc.
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: manifests
|
2021-05-25 03:35:13 +03:00
|
|
|
manifests: $(CONTROLLER_GEN) $(KUSTOMIZE)
|
2021-05-04 22:30:57 +03:00
|
|
|
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..."
|
|
|
|
|
2021-07-08 05:37:42 +03:00
|
|
|
rm -rf manifest_staging
|
|
|
|
mkdir -p manifest_staging/deploy
|
|
|
|
mkdir -p manifest_staging/charts/pod-identity-webhook
|
|
|
|
|
2021-05-25 03:35:13 +03:00
|
|
|
$(KUSTOMIZE) build config/default -o manifest_staging/deploy/aad-pi-webhook.yaml
|
2021-07-08 05:37:42 +03:00
|
|
|
$(KUSTOMIZE) build third_party/open-policy-agent/gatekeeper/helmify | go run third_party/open-policy-agent/gatekeeper/helmify/*.go
|
|
|
|
|
|
|
|
@sed -i -e "s/AZURE_TENANT_ID: .*/AZURE_TENANT_ID: <replace with Azure Tenant ID>/" manifest_staging/deploy/aad-pi-webhook.yaml
|
|
|
|
@sed -i -e "s/AZURE_ENVIRONMENT: .*/AZURE_ENVIRONMENT: <replace with Azure Environment Name>/" manifest_staging/deploy/aad-pi-webhook.yaml
|
|
|
|
@sed -i -e "s/-arc-cluster=.*/-arc-cluster=false/" manifest_staging/deploy/aad-pi-webhook.yaml
|
2021-05-25 03:35:13 +03:00
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
# Generate code
|
|
|
|
.PHONY: generate
|
|
|
|
generate: $(CONTROLLER_GEN)
|
|
|
|
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
|
|
|
|
|
|
|
|
## --------------------------------------
|
|
|
|
## Tooling Binaries and Manifests
|
|
|
|
## --------------------------------------
|
|
|
|
|
|
|
|
$(CONTROLLER_GEN):
|
|
|
|
GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) sigs.k8s.io/controller-tools/cmd/controller-gen $(CONTROLLER_GEN_BIN) $(CONTROLLER_GEN_VER)
|
|
|
|
|
|
|
|
$(GINKGO):
|
|
|
|
GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) github.com/onsi/ginkgo/ginkgo $(GINKGO_BIN) $(GINKGO_VER)
|
|
|
|
|
2021-05-12 01:34:15 +03:00
|
|
|
$(KIND):
|
|
|
|
GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) sigs.k8s.io/kind $(KIND_BIN) $(KIND_VER)
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
$(KUSTOMIZE):
|
|
|
|
GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) sigs.k8s.io/kustomize/kustomize/$(shell echo $(KUSTOMIZE_VER) | cut -d'.' -f1) $(KUSTOMIZE_BIN) $(KUSTOMIZE_VER)
|
|
|
|
|
|
|
|
$(KUBECTL):
|
|
|
|
mkdir -p $(TOOLS_BIN_DIR)
|
|
|
|
rm -f "$(KUBECTL)*"
|
|
|
|
curl -sfL https://storage.googleapis.com/kubernetes-release/release/$(KUBECTL_VER)/bin/$(shell go env GOOS)/$(shell go env GOARCH)/kubectl -o $(KUBECTL)
|
|
|
|
ln -sf "$(KUBECTL)" "$(TOOLS_BIN_DIR)/$(KUBECTL_BIN)"
|
|
|
|
chmod +x "$(TOOLS_BIN_DIR)/$(KUBECTL_BIN)" "$(KUBECTL)"
|
|
|
|
|
2021-05-11 02:21:01 +03:00
|
|
|
$(GOLANGCI_LINT):
|
|
|
|
GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) github.com/golangci/golangci-lint/cmd/golangci-lint $(GOLANGCI_LINT_BIN) $(GOLANGCI_LINT_VER)
|
|
|
|
|
2021-05-12 01:34:15 +03:00
|
|
|
OS := $(shell uname | tr '[:upper:]' '[:lower:]')
|
|
|
|
ARCH := $(shell uname -m)
|
|
|
|
$(SHELLCHECK):
|
|
|
|
mkdir -p $(TOOLS_BIN_DIR)
|
|
|
|
rm -rf "$(SHELLCHECK)*"
|
|
|
|
curl -sfOL "https://github.com/koalaman/shellcheck/releases/download/$(SHELLCHECK_VER)/shellcheck-$(SHELLCHECK_VER).$(OS).$(ARCH).tar.xz"
|
|
|
|
tar xf shellcheck-$(SHELLCHECK_VER).$(OS).$(ARCH).tar.xz
|
|
|
|
cp "shellcheck-$(SHELLCHECK_VER)/$(SHELLCHECK_BIN)" "$(SHELLCHECK)"
|
|
|
|
ln -sf "$(SHELLCHECK)" "$(TOOLS_BIN_DIR)/$(SHELLCHECK_BIN)"
|
|
|
|
chmod +x "$(TOOLS_BIN_DIR)/$(SHELLCHECK_BIN)" "$(SHELLCHECK)"
|
|
|
|
rm -rf shellcheck*
|
|
|
|
|
2021-05-13 22:04:35 +03:00
|
|
|
$(ENVSUBST):
|
|
|
|
GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) github.com/a8m/envsubst/cmd/envsubst $(ENVSUBST_BIN) $(ENVSUBST_VER)
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
CERT_MANAGER_VERSION ?= v1.2.0
|
2021-06-14 21:40:48 +03:00
|
|
|
export CERT_MANAGER_VERSION
|
2021-05-11 00:28:14 +03:00
|
|
|
|
|
|
|
# Install cert manager in the cluster
|
|
|
|
.PHONY: install-cert-manager
|
|
|
|
install-cert-manager: $(KUBECTL)
|
2021-06-14 21:40:48 +03:00
|
|
|
./hack/install-cert-manager.sh
|
2021-05-11 00:28:14 +03:00
|
|
|
|
|
|
|
## --------------------------------------
|
|
|
|
## Testing
|
|
|
|
## --------------------------------------
|
|
|
|
|
2021-05-04 22:30:57 +03:00
|
|
|
# Run go fmt against code
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: fmt
|
2021-05-04 22:30:57 +03:00
|
|
|
fmt:
|
|
|
|
go fmt ./...
|
|
|
|
|
|
|
|
# Run go vet against code
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: vet
|
2021-05-04 22:30:57 +03:00
|
|
|
vet:
|
|
|
|
go vet ./...
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
# Run tests
|
|
|
|
.PHONY: test
|
|
|
|
test: generate fmt vet manifests
|
|
|
|
go test ./... -coverprofile cover.out
|
2021-05-05 03:06:06 +03:00
|
|
|
|
|
|
|
$(E2E_TEST):
|
2021-05-11 00:28:14 +03:00
|
|
|
go test -tags=e2e -c ./test/e2e -o $(E2E_TEST)
|
2021-05-05 03:06:06 +03:00
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
# Ginkgo configurations
|
|
|
|
GINKGO_FOCUS ?=
|
|
|
|
GINKGO_SKIP ?=
|
2021-06-11 21:05:25 +03:00
|
|
|
GINKGO_NODES ?= 5
|
2021-05-11 00:28:14 +03:00
|
|
|
GINKGO_NO_COLOR ?= false
|
2021-05-18 21:44:00 +03:00
|
|
|
GINKGO_ARGS ?= -focus="$(GINKGO_FOCUS)" -skip="$(GINKGO_SKIP)" -nodes=$(GINKGO_NODES) -noColor=$(GINKGO_NO_COLOR)
|
2021-05-11 00:28:14 +03:00
|
|
|
|
|
|
|
# E2E configurations
|
|
|
|
E2E_ARGS ?=
|
|
|
|
KUBECONFIG ?= $(HOME)/.kube/config
|
2021-05-05 03:06:06 +03:00
|
|
|
|
|
|
|
.PHONY: test-e2e-run
|
|
|
|
test-e2e-run: $(E2E_TEST) $(GINKGO)
|
2021-05-18 21:44:00 +03:00
|
|
|
$(GINKGO) -v -trace $(GINKGO_ARGS) \
|
|
|
|
$(E2E_TEST) -- -kubeconfig=$(KUBECONFIG) -e2e.arc-cluster=$(ARC_CLUSTER) $(E2E_ARGS)
|
2021-05-05 03:06:06 +03:00
|
|
|
|
|
|
|
.PHONY: test-e2e
|
2021-05-11 00:28:14 +03:00
|
|
|
test-e2e: $(KUBECTL)
|
|
|
|
./scripts/ci-e2e.sh
|
|
|
|
|
|
|
|
## --------------------------------------
|
|
|
|
## Kind
|
|
|
|
## --------------------------------------
|
|
|
|
|
2021-05-12 01:34:15 +03:00
|
|
|
KIND_CLUSTER_NAME ?= aad-pod-managed-identity
|
|
|
|
|
2021-05-11 00:28:14 +03:00
|
|
|
.PHONY: kind-create
|
2021-05-12 01:34:15 +03:00
|
|
|
kind-create: $(KIND) $(KUBECTL)
|
|
|
|
./scripts/create-kind-cluster.sh
|
2021-06-18 20:03:27 +03:00
|
|
|
|
|
|
|
.PHONY: kind-load-image
|
|
|
|
kind-load-image:
|
2021-05-22 00:17:04 +03:00
|
|
|
$(KIND) load docker-image $(WEBHOOK_IMAGE) --name $(KIND_CLUSTER_NAME)
|
2021-05-11 00:28:14 +03:00
|
|
|
|
|
|
|
.PHONY: kind-delete
|
2021-05-12 01:34:15 +03:00
|
|
|
kind-delete: $(KIND)
|
|
|
|
$(KIND) delete cluster --name=$(KIND_CLUSTER_NAME) || true
|
2021-05-11 00:28:14 +03:00
|
|
|
|
|
|
|
## --------------------------------------
|
|
|
|
## Cleanup
|
|
|
|
## --------------------------------------
|
2021-05-05 03:06:06 +03:00
|
|
|
|
|
|
|
.PHONY: clean
|
|
|
|
clean:
|
2021-05-11 00:28:14 +03:00
|
|
|
@rm -rf $(BIN_DIR)
|
2021-05-11 02:21:01 +03:00
|
|
|
|
|
|
|
## --------------------------------------
|
|
|
|
## Linting
|
|
|
|
## --------------------------------------
|
|
|
|
|
|
|
|
.PHONY: lint
|
|
|
|
lint: $(GOLANGCI_LINT)
|
|
|
|
$(GOLANGCI_LINT) run -v
|
|
|
|
|
2021-05-12 01:34:15 +03:00
|
|
|
.PHONY: lint-full
|
2021-05-11 02:21:01 +03:00
|
|
|
lint-full: $(GOLANGCI_LINT) ## Run slower linters to detect possible issues
|
|
|
|
$(GOLANGCI_LINT) run -v --fast=false
|
2021-05-12 01:34:15 +03:00
|
|
|
|
|
|
|
.PHONY: shellcheck
|
|
|
|
shellcheck: $(SHELLCHECK)
|
|
|
|
$(SHELLCHECK) */*.sh
|
2021-05-25 03:35:13 +03:00
|
|
|
|
|
|
|
## --------------------------------------
|
|
|
|
## Release
|
|
|
|
## --------------------------------------
|
2021-07-08 05:37:42 +03:00
|
|
|
|
|
|
|
release-manifest:
|
|
|
|
@sed -i -e 's/^VERSION := .*/VERSION := ${NEW_VERSION}/' ./Makefile
|
|
|
|
$(KUSTOMIZE) edit config/default set image $(REGISTRY)/$(WEBHOOK_IMAGE_NAME):$(NEW_VERSION)
|
|
|
|
@sed -i -e "s/appVersion: .*/appVersion: ${NEW_VERSION}/" ./third_party/open-policy-agent/gatekeeper/helmify/static/Chart.yaml
|
|
|
|
@sed -i -e "s/version: .*/version: $$(echo ${NEW_VERSION} | cut -c2-)/" ./third_party/open-policy-agent/gatekeeper/helmify/static/Chart.yaml
|
|
|
|
@sed -i -e "s/release: .*/release: ${NEW_VERSION}/" ./third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml
|
|
|
|
@sed -i -e 's/Current release version: `.*`/Current release version: `'"${NEW_VERSION}"'`/' ./third_party/open-policy-agent/gatekeeper/helmify/static/README.md
|
|
|
|
export
|
|
|
|
$(MAKE) manifests
|
|
|
|
|
2021-05-25 03:35:13 +03:00
|
|
|
.PHONY: promote-staging-manifest
|
|
|
|
promote-staging-manifest:
|
|
|
|
@rm -rf deploy
|
|
|
|
@cp -r manifest_staging/deploy .
|
2021-07-08 05:37:42 +03:00
|
|
|
@rm -rf charts
|
|
|
|
@cp -r manifest_staging/charts .
|