-
Notifications
You must be signed in to change notification settings - Fork 5
/
Makefile
300 lines (255 loc) · 12.9 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
############
# DEFAULTS #
############
KIND_IMAGE ?= kindest/node:v1.31.0
KIND_NAME ?= kind
KYVERNO_VERSION ?= v1.13.1
KOCACHE ?= /tmp/ko-cache
USE_CONFIG ?= standard,no-ingress,in-cluster,all-read-rbac
KUBECONFIG ?= ""
#############
# VARIABLES #
#############
GIT_SHA := $(shell git rev-parse HEAD)
TIMESTAMP := $(shell date '+%Y-%m-%d_%I:%M:%S%p')
GOOS ?= $(shell go env GOOS)
GOARCH ?= $(shell go env GOARCH)
REGISTRY ?= ghcr.io
REPO ?= kyverno
BACKEND_DIR := backend
BACKEND_BIN := $(BACKEND_DIR)/backend
LD_FLAGS := "-s -w"
LOCAL_PLATFORM := linux/$(GOARCH)
PLATFORMS := linux/arm64,linux/amd64
KO_PLATFORMS := all
KO_TAGS := $(GIT_SHA)
PLAYGROUND_IMAGE := playground
REPO_PLAYGROUND := $(REGISTRY)/$(REPO)/$(PLAYGROUND_IMAGE)
KO_REGISTRY := ko.local
COMMA := ,
ifndef VERSION
APP_VERSION := $(GIT_SHA)
else
APP_VERSION := $(VERSION)
endif
#########
# TOOLS #
#########
TOOLS_DIR := $(PWD)/.tools
CURRENT_DIR := $(PWD)
HELM := $(TOOLS_DIR)/helm
HELM_VERSION := v3.14.0
KIND := $(TOOLS_DIR)/kind
KIND_VERSION := v0.22.0
KO := $(TOOLS_DIR)/ko
KO_VERSION := v0.15.2
HELM_DOCS := $(TOOLS_DIR)/helm-docs
HELM_DOCS_VERSION := v1.13.1
GCI := $(TOOLS_DIR)/gci
GCI_VERSION := v0.13.4
GOFUMPT := $(TOOLS_DIR)/gofumpt
GOFUMPT_VERSION := v0.6.0
TOOLS := $(KIND) $(HELM) $(KO) $(HELM_DOCS) $(GCI) $(GOFUMPT)
$(HELM):
@echo Install helm... >&2
@GOBIN=$(TOOLS_DIR) go install helm.sh/helm/v3/cmd/helm@$(HELM_VERSION)
$(KIND):
@echo Install kind... >&2
@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kind@$(KIND_VERSION)
$(KO):
@echo Install ko... >&2
@GOBIN=$(TOOLS_DIR) go install github.com/google/ko@$(KO_VERSION)
$(HELM_DOCS):
@echo Install helm-docs... >&2
@GOBIN=$(TOOLS_DIR) go install github.com/norwoodj/helm-docs/cmd/helm-docs@$(HELM_DOCS_VERSION)
$(GCI):
@echo Install gci... >&2
@GOBIN=$(TOOLS_DIR) go install github.com/daixiang0/gci@$(GCI_VERSION)
$(GOFUMPT):
@echo Install gofumpt... >&2
@GOBIN=$(TOOLS_DIR) go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION)
.PHONY: gci
gci: $(GCI)
@echo "Running gci"
@$(GCI) write -s standard -s default -s "prefix(github.com/kyverno/playground/backend)" ./backend
.PHONY: gofumpt
gofumpt: $(GOFUMPT)
@echo "Running gofumpt"
@$(GOFUMPT) -w ./backend
.PHONY: fmt
fmt: gci gofumpt
.PHONY: install-tools
install-tools: $(TOOLS) ## Install tools
.PHONY: clean-tools
clean-tools: ## Remove installed tools
@echo Clean tools... >&2
@rm -rf $(TOOLS_DIR)
###########
# CODEGEN #
###########
.PHONY: codegen-helm-docs
codegen-helm-docs: ## Generate helm docs
@echo Generate helm docs... >&2
@docker run -v ${PWD}/charts:/work -w /work jnorwood/helm-docs:v1.11.0 -s file
.PHONY: codegen-schema-openapi
codegen-schema-openapi: $(KIND) $(HELM) ## Generate openapi schemas (v2 and v3)
@echo Generate openapi schema... >&2
@rm -rf ./schemas/openapi
@mkdir -p ./schemas/openapi/v2
@mkdir -p ./schemas/openapi/v3/apis/kyverno.io
@mkdir -p ./schemas/openapi/v3/apis/admissionregistration.k8s.io
@$(KIND) create cluster --name schema --image $(KIND_IMAGE) --config ./scripts/config/kind.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/kyverno/kyverno.io_cleanuppolicies.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/kyverno/kyverno.io_globalcontextentries.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/kyverno/kyverno.io_clusterpolicies.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/kyverno/kyverno.io_policies.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/kyverno/kyverno.io_policyexceptions.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/kyverno/kyverno.io_updaterequests.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/policyreport/wgpolicyk8s.io_clusterpolicyreports.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/policyreport/wgpolicyk8s.io_policyreports.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/reports/reports.kyverno.io_clusterephemeralreports.yaml
@kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/$(KYVERNO_VERSION)/config/crds/reports/reports.kyverno.io_ephemeralreports.yaml
@sleep 15
@kubectl get --raw /openapi/v3/apis/kyverno.io/v1 > ./schemas/openapi/v3/apis/kyverno.io/v1.json
@kubectl get --raw /openapi/v3/apis/kyverno.io/v2 > ./schemas/openapi/v3/apis/kyverno.io/v2.json
@kubectl get --raw /openapi/v3/apis/kyverno.io/v2beta1 > ./schemas/openapi/v3/apis/kyverno.io/v2beta1.json
@kubectl get --raw /openapi/v3/apis/admissionregistration.k8s.io/v1 > ./schemas/openapi/v3/apis/admissionregistration.k8s.io/v1.json
@$(KIND) delete cluster --name schema
.PHONY: codegen-schema-json
codegen-schema-json: codegen-schema-openapi ## Generate json schemas
@rm -rf ./schemas/json
@mkdir -p ./schemas/json
@chmod 777 ./schemas/json
@docker run --rm --name openapi2jsonschema --mount type=bind,source="$(PWD)"/schemas/openapi/v3,target=/v3 --mount type=bind,source="$(PWD)"/schemas/json,target=/json ghcr.io/fjogeleit/openapi2jsonschema:master /v3/apis/kyverno.io/v1.json --kubernetes --stand-alone --expanded -o /json/v3
@docker run --rm --name openapi2jsonschema --mount type=bind,source="$(PWD)"/schemas/openapi/v3,target=/v3 --mount type=bind,source="$(PWD)"/schemas/json,target=/json ghcr.io/fjogeleit/openapi2jsonschema:master /v3/apis/kyverno.io/v2beta1.json --kubernetes --stand-alone --expanded -o /json/v3
@docker run --rm --name openapi2jsonschema --mount type=bind,source="$(PWD)"/schemas/openapi/v3,target=/v3 --mount type=bind,source="$(PWD)"/schemas/json,target=/json ghcr.io/fjogeleit/openapi2jsonschema:master /v3/apis/kyverno.io/v2.json --kubernetes --stand-alone --expanded -o /json/v3
@docker run --rm --name openapi2jsonschema --mount type=bind,source="$(PWD)"/schemas/openapi/v3,target=/v3 --mount type=bind,source="$(PWD)"/schemas/json,target=/json ghcr.io/fjogeleit/openapi2jsonschema:master /v3/apis/admissionregistration.k8s.io/v1.json --kubernetes --stand-alone --expanded -o /json/v3
.PHONY: codegen-all
codegen-all: codegen-helm-docs codegen-schema-json ## Generate all codegen
.PHONY: verify-schemas
verify-schemas: codegen-schema-json ## Check openapi and json schemas are up to date
@echo Checking openapi schemas are up to date... >&2
@git --no-pager diff -- schemas
@echo 'If this test fails, it is because the git diff is non-empty after running "make codegen-schema-openapi".' >&2
@echo 'To correct this, locally run "make codegen-schema-openapi", commit the changes, and re-run tests.' >&2
@git diff --quiet --exit-code -- schemas
.PHONY: verify-helm-docs
verify-helm-docs: codegen-helm-docs ## Check Helm charts are up to date
@echo Checking helm charts are up to date... >&2
@git --no-pager diff -- charts
@echo 'If this test fails, it is because the git diff is non-empty after running "make codegen-helm-docs".' >&2
@echo 'To correct this, locally run "make codegen-helm-docs", commit the changes, and re-run tests.' >&2
@git diff --quiet --exit-code -- charts
.PHONY: verify-codegen
verify-codegen: verify-helm-docs verify-schemas ## Verify all generated code and docs are up to date
#########
# BUILD #
#########
.PHONY: build-clean
build-clean: ## Clean built files
@echo Cleaning built files... >&2
@rm -rf frontend/dist
@rm -rf backend/backend
@rm -rf backend/pkg/server/ui/dist
@rm -rf backend/data/schemas
.PHONY: build-frontend
build-frontend: ## Build frontend
@echo Building frontend... >&2
@cp schemas/json/v3/clusterpolicy-kyverno.io-v1.json frontend/src/schemas
@cp schemas/json/v3/clusterpolicy-kyverno.io-v2beta1.json frontend/src/schemas
@cp schemas/json/v3/policy-kyverno.io-v1.json frontend/src/schemas
@cp schemas/json/v3/policy-kyverno.io-v2beta1.json frontend/src/schemas
@cp schemas/json/v3/policyexception-kyverno.io-v2.json frontend/src/schemas
@cp schemas/json/v3/policyexception-kyverno.io-v2beta1.json frontend/src/schemas
@cp schemas/json/v3/validatingadmissionpolicy-admissionregistration-v1.json frontend/src/schemas
@cp schemas/json/v3/validatingadmissionpolicybinding-admissionregistration-v1.json frontend/src/schemas
@cd frontend && npm install && APP_VERSION=$(APP_VERSION) npm run build
.PHONY: build-backend-assets
build-backend-assets: build-frontend ## Build backend assets
@echo Building backend assets... >&2
@rm -rf backend/pkg/server/ui/dist && cp -r frontend/dist backend/pkg/server/ui/dist
@rm -rf backend/data/schemas && mkdir -p backend/data/schemas/apis/kyverno.io && cp -r schemas/openapi/v3/apis/kyverno.io/* backend/data/schemas/apis/kyverno.io
.PHONY: build-backend
build-backend: build-backend-assets ## Build backend
@echo Building backend... >&2
@cd backend && go mod tidy && go build .
.PHONY: build-all
build-all: build-frontend build-backend ## Build frontend and backend
.PHONY: ko-build
ko-build: $(KO) build-backend-assets ## Build playground image (with ko)
@echo Build image with ko... >&2
@cd backend && LDFLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
$(KO) build . --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)
.PHONY: ko-publish
ko-publish: $(KO) ## Build and publish playground image (with ko)
@echo Publishing image with ko... >&2
@cd backend && LDFLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_PLAYGROUND) \
$(KO) build . --bare --tags=$(KO_TAGS) --platform=$(KO_PLATFORMS)
########
# TEST #
########
.PHONY: test-backend
test-backend: ## Test backend
@echo Testing backend... >&2
@cd backend && go test ./... -race -coverprofile=coverage.out -covermode=atomic
#######
# RUN #
#######
.PHONY: run
run: build-backend-assets ## Run locally (with connected cluster)
@echo Run backend... >&2
@cd backend && go run . \
--gin-mode=release \
--gin-log \
--gin-max-body-size=2097152 \
--ui-sponsor=nirmata \
--cluster \
--engine-builtin-crds=argocd \
--engine-builtin-crds=cert-manager \
--engine-builtin-crds=prometheus-operator \
--engine-builtin-crds=tekton-pipeline
.PHONY: run-standalone
run-standalone: build-backend-assets ## Run locally (without connected cluster)
@echo Run backend... >&2
@cd backend && go run . \
--gin-mode=release \
--gin-log \
--gin-max-body-size=2097152 \
--ui-sponsor=nirmata \
--engine-builtin-crds=argocd \
--engine-builtin-crds=cert-manager \
--engine-builtin-crds=prometheus-operator \
--engine-builtin-crds=tekton-pipeline
########
# KIND #
########
.PHONY: kind-create-cluster
kind-create-cluster: $(KIND) ## Create kind cluster
@echo Create kind cluster... >&2
@$(KIND) create cluster --name $(KIND_NAME) --image $(KIND_IMAGE) --config ./scripts/config/kind.yaml
@kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
@sleep 15
@kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s
.PHONY: kind-delete-cluster
kind-delete-cluster: $(KIND) ## Delete kind cluster
@echo Delete kind cluster... >&2
@$(KIND) delete cluster --name $(KIND_NAME)
.PHONY: kind-load
kind-load: $(KIND) ko-build ## Build playground image and load it in kind cluster
@echo Load playground image... >&2
@$(KIND) load docker-image --name $(KIND_NAME) ko.local/github.com/kyverno/playground/backend:$(GIT_SHA)
.PHONY: kind-install
kind-install: $(HELM) kind-load ## Build image, load it in kind cluster and deploy playground helm chart
@echo Install playground chart... >&2
@$(HELM) upgrade --install kyverno-playground --namespace kyverno-playground --create-namespace --wait ./charts/kyverno-playground \
--set image.registry=$(KO_REGISTRY) \
--set image.repository=github.com/kyverno/playground/backend \
--set image.tag=$(GIT_SHA) \
$(foreach CONFIG,$(subst $(COMMA), ,$(USE_CONFIG)),--values ./scripts/config/$(CONFIG)/kyverno-playground.yaml)
########
# HELP #
########
.PHONY: help
help: ## Shows the available commands
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-40s\033[0m %s\n", $$1, $$2}'