-
Notifications
You must be signed in to change notification settings - Fork 19
/
Makefile
482 lines (416 loc) · 19.4 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
# Setting SHELL to bash allows bash commands to be executed by recipes.
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
SHELL := /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec
# OS information
OS = $(shell go env GOOS)
ARCH = $(shell go env GOARCH)
# Current Operator version
IMAGE_VERSION ?= 2.4.0-dev
BUNDLE_VERSION ?= $(IMAGE_VERSION)
DEFAULT_NAMESPACE ?= quay.io/cryostat
IMAGE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
OPERATOR_NAME ?= cryostat-operator
CLUSTER_CLIENT ?= kubectl
IMAGE_TAG_BASE ?= $(IMAGE_NAMESPACE)/$(OPERATOR_NAME)
# Default bundle image tag
BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:$(BUNDLE_VERSION)
BUNDLE_IMGS ?= $(BUNDLE_IMG)
# Default catalog image tag
CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:$(BUNDLE_VERSION)
ifneq ($(origin CATALOG_BASE_IMG), undefined)
FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
endif
# Options for 'bundle-build'
ifneq ($(origin CHANNELS), undefined)
BUNDLE_CHANNELS := --channels=$(CHANNELS)
endif
ifneq ($(origin DEFAULT_CHANNEL), undefined)
BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
endif
BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command
BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(BUNDLE_VERSION) $(BUNDLE_METADATA_OPTS)
# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
# You can enable this value if you would like to use SHA Based Digests
# To enable set flag to true
USE_IMAGE_DIGESTS ?= false
ifeq ($(USE_IMAGE_DIGESTS), true)
BUNDLE_GEN_FLAGS += --use-image-digests
endif
BUNDLE_INSTALL_MODE ?= AllNamespaces
IMAGE_BUILDER ?= podman
# Image URL to use all building/pushing image targets
OPERATOR_IMG ?= $(IMAGE_TAG_BASE):$(IMAGE_VERSION)
#
# PLATFORMS defines the target platforms for the manager image to provide support to multiple
# architectures. (i.e. make oci-buildx OPERATOR_IMG=quay.io/cryostat/cryostat-operator:latest).
PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
MANIFEST_PUSH ?= true
# Name of the application deployed by the operator
export APP_NAME ?= Cryostat
# Images used by the operator
CORE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
CORE_NAME ?= cryostat
CORE_VERSION ?= latest
export CORE_IMG ?= $(CORE_NAMESPACE)/$(CORE_NAME):$(CORE_VERSION)
DATASOURCE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
DATASOURCE_NAME ?= jfr-datasource
DATASOURCE_VERSION ?= latest
export DATASOURCE_IMG ?= $(DATASOURCE_NAMESPACE)/$(DATASOURCE_NAME):$(DATASOURCE_VERSION)
GRAFANA_NAMESPACE ?= $(DEFAULT_NAMESPACE)
GRAFANA_NAME ?= cryostat-grafana-dashboard
GRAFANA_VERSION ?= latest
export GRAFANA_IMG ?= $(GRAFANA_NAMESPACE)/$(GRAFANA_NAME):$(GRAFANA_VERSION)
REPORTS_NAMESPACE ?= $(DEFAULT_NAMESPACE)
REPORTS_NAME ?= cryostat-reports
REPORTS_VERSION ?= latest
export REPORTS_IMG ?= $(REPORTS_NAMESPACE)/$(REPORTS_NAME):$(REPORTS_VERSION)
CERT_MANAGER_VERSION ?= 1.7.1
CERT_MANAGER_MANIFEST ?= \
https://github.com/jetstack/cert-manager/releases/download/v$(CERT_MANAGER_VERSION)/cert-manager.yaml
KUSTOMIZE_VERSION ?= 3.8.7
CONTROLLER_TOOLS_VERSION ?= 0.11.1
GOLICENSE_VERSION ?= 1.29.0
OPM_VERSION ?= 1.23.0
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION ?= 1.26
# Scorecard ImagePullPolicy is hardcoded to IfNotPresent
# See: https://github.com/operator-framework/operator-sdk/pull/4762
#
# Suffix is the timestamp of the image build, compute with: date -u '+%Y%m%d%H%M%S'
CUSTOM_SCORECARD_VERSION ?= 2.4.0-$(shell date -u '+%Y%m%d%H%M%S')
export CUSTOM_SCORECARD_IMG ?= $(IMAGE_TAG_BASE)-scorecard:$(CUSTOM_SCORECARD_VERSION)
DEPLOY_NAMESPACE ?= cryostat-operator-system
TARGET_NAMESPACES ?= $(DEPLOY_NAMESPACE)
SCORECARD_NAMESPACE ?= cryostat-operator-scorecard
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif
# Check whether this is a development or release version
ifneq (,$(shell echo $(IMAGE_VERSION) | grep -iE '(:latest|SNAPSHOT|dev|BETA[[:digit:]]+)$$'))
PULL_POLICY ?= Always
else
PULL_POLICY ?= IfNotPresent
endif
export PULL_POLICY
# Run tests with Ginkgo CLI if available
GINKGO ?= $(shell go env GOPATH)/bin/ginkgo
GO_TEST ?= go test
ifneq ("$(wildcard $(GINKGO))","")
GO_TEST="$(GINKGO)" -cover -output-dir=.
endif
.PHONY: all
all: manager
# Run tests
.PHONY: test
test: test-envtest test-scorecard
.PHONY: test-envtest
test-envtest: generate manifests fmt vet setup-envtest
ifneq ($(SKIP_TESTS), true)
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" $(GO_TEST) -v -coverprofile cover.out ./...
endif
.PHONY: test-scorecard
test-scorecard: check_cert_manager kustomize
ifneq ($(SKIP_TESTS), true)
$(call scorecard-setup)
$(call scorecard-cleanup); \
trap cleanup EXIT; \
operator-sdk scorecard -n $(SCORECARD_NAMESPACE) -s cryostat-scorecard -w 20m $(BUNDLE_IMG) --pod-security=restricted
endif
.PHONY: clean-scorecard
clean-scorecard:
- $(call scorecard-cleanup); cleanup
ifneq ($(and $(SCORECARD_REGISTRY_SERVER),$(SCORECARD_REGISTRY_USERNAME),$(SCORECARD_REGISTRY_PASSWORD)),)
SCORECARD_ARGS := --pull-secret-name registry-key --service-account cryostat-scorecard
endif
define scorecard-setup
@$(CLUSTER_CLIENT) get namespace $(SCORECARD_NAMESPACE) >/dev/null 2>&1 &&\
echo "$(SCORECARD_NAMESPACE) namespace already exists, please remove it with \"make clean-scorecard\"" >&2 && exit 1 || true
$(CLUSTER_CLIENT) create namespace $(SCORECARD_NAMESPACE)
cd internal/images/custom-scorecard-tests/rbac/ && $(KUSTOMIZE) edit set namespace $(SCORECARD_NAMESPACE)
$(KUSTOMIZE) build internal/images/custom-scorecard-tests/rbac/ | $(CLUSTER_CLIENT) apply -f -
@if [ -n "$(SCORECARD_ARGS)" ]; then \
$(CLUSTER_CLIENT) create -n $(SCORECARD_NAMESPACE) secret docker-registry registry-key --docker-server="$(SCORECARD_REGISTRY_SERVER)" \
--docker-username="$(SCORECARD_REGISTRY_USERNAME)" --docker-password="$(SCORECARD_REGISTRY_PASSWORD)"; \
$(CLUSTER_CLIENT) patch sa cryostat-scorecard -n $(SCORECARD_NAMESPACE) -p '{"imagePullSecrets": [{"name": "registry-key"}]}'; \
fi
operator-sdk run bundle -n $(SCORECARD_NAMESPACE) --timeout 20m $(BUNDLE_IMG) $(SCORECARD_ARGS)
endef
define scorecard-cleanup
function cleanup { \
(\
set +e; \
operator-sdk cleanup -n $(SCORECARD_NAMESPACE) $(OPERATOR_NAME); \
$(KUSTOMIZE) build internal/images/custom-scorecard-tests/rbac/ | $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f -; \
$(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -n $(SCORECARD_NAMESPACE) secret registry-key; \
$(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) namespace $(SCORECARD_NAMESPACE); \
)\
}
endef
# Build manager binary
.PHONY: manager
manager: manifests generate fmt vet
go build -o bin/manager internal/main.go
# Run against the configured Kubernetes cluster in ~/.kube/config
.PHONY: run
run: manifests generate fmt vet
go run ./internal/main.go
ifndef ignore-not-found
ignore-not-found = false
endif
# Install CRDs into a cluster
.PHONY: install
install: manifests kustomize
$(KUSTOMIZE) build config/crd | $(CLUSTER_CLIENT) apply -f -
# Uninstall CRDs from a cluster
.PHONY: uninstall
uninstall: manifests kustomize
- $(KUSTOMIZE) build config/crd | $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f -
.PHONY: predeploy
predeploy:
cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMG)
cd config/default && $(KUSTOMIZE) edit set namespace $(DEPLOY_NAMESPACE)
.PHONY: print_deploy_config
print_deploy_config: predeploy
$(KUSTOMIZE) build config/default
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
.PHONY: deploy
deploy: check_cert_manager manifests kustomize predeploy
$(KUSTOMIZE) build config/default | $(CLUSTER_CLIENT) apply -f -
ifeq ($(DISABLE_SERVICE_TLS), true)
@echo "Disabling TLS for in-cluster communication between Services"
@$(CLUSTER_CLIENT) -n $(DEPLOY_NAMESPACE) set env deployment/cryostat-operator-controller-manager DISABLE_SERVICE_TLS=true
endif
# Undeploy controller from the configured Kubernetes cluster in ~/.kube/config
.PHONY: undeploy
undeploy:
- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_cryostat.yaml
- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_clustercryostat.yaml
- $(KUSTOMIZE) build config/default | $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f -
# Generate manifests e.g. CRD, RBAC etc.
.PHONY: manifests
manifests: controller-gen
$(CONTROLLER_GEN) rbac:roleName=role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
envsubst < hack/image_tag_patch.yaml.in > config/default/image_tag_patch.yaml
envsubst < hack/image_pull_patch.yaml.in > config/default/image_pull_patch.yaml
# Run go fmt against code
.PHONY: fmt
fmt: add-license
go fmt ./...
# Run go vet against code
.PHONY: vet
vet:
go vet ./...
# Generate code
.PHONY: generate
generate: controller-gen
go generate ./...
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
# Check and add (if missing) license header
LICENSE_FILE = $(shell pwd)/LICENSE
GO_PACKAGES := $(shell go list -test -f '{{.Dir}}' ./... | sed -e "s|^$$(pwd)||" | cut -d/ -f2 | sort -u)
.PHONY: check-license
check-license: golicense
@echo "Checking license..."
$(GOLICENSE) --config=go-license.yml --verify $(shell find ${GO_PACKAGES} -name "*.go")
.PHONY: add-license
add-license: golicense
@echo "Adding license..."
$(GOLICENSE) --config=go-license.yml $(shell find ${GO_PACKAGES} -name "*.go")
.PHONY: remove-license
remove-license: golicense
@echo "Removing license..."
$(GOLICENSE) --config=go-license.yml --remove $(shell find ${GO_PACKAGES} -name "*.go")
# Build the OCI image
.PHONY: oci-build
oci-build: manifests generate fmt vet test-envtest
BUILDAH_FORMAT=docker $(IMAGE_BUILDER) build --build-arg TARGETOS=$(OS) --build-arg TARGETARCH=$(ARCH) -t $(OPERATOR_IMG) .
# You need to be able to push the image for your registry (i.e. if you do not inform a valid value via OPERATOR_IMG=<myregistry/image:<tag>> than the export will fail)
# If IMAGE_BUILDER is docker, you need to:
# - able to use docker buildx. More info: https://docs.docker.com/build/buildx/
# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
# To properly provided solutions that supports more than one platform you should use this option.
.PHONY: oci-buildx
oci-buildx: manifests generate fmt vet test-envtest ## Build OCI image for the manager for cross-platform support
# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
ifeq ($(IMAGE_BUILDER), docker)
- $(IMAGE_BUILDER) buildx create --name project-v3-builder
$(IMAGE_BUILDER) buildx use project-v3-builder
- $(IMAGE_BUILDER) buildx build --push --platform=$(PLATFORMS) --tag $(OPERATOR_IMG) -f Dockerfile.cross .
- $(IMAGE_BUILDER) buildx rm project-v3-builder
else ifeq ($(IMAGE_BUILDER), podman)
BUILDAH_FORMAT=docker $(IMAGE_BUILDER) build -f Dockerfile.cross --manifest $(OPERATOR_IMG) --platform $(PLATFORMS) . ; \
if [ "${MANIFEST_PUSH}" = "true" ] ; then \
$(IMAGE_BUILDER) manifest push $(OPERATOR_IMG) $(OPERATOR_IMG) ; \
fi
else
$(error unsupported IMAGE_BUILDER: $(IMAGE_BUILDER))
endif
rm Dockerfile.cross
.PHONY: cert_manager
cert_manager: remove_cert_manager
$(CLUSTER_CLIENT) create --validate=false -f $(CERT_MANAGER_MANIFEST)
.PHONY: remove_cert_manager
remove_cert_manager:
- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f $(CERT_MANAGER_MANIFEST)
.PHONY: check_cert_manager
check_cert_manager:
@api_versions=$$($(CLUSTER_CLIENT) api-versions) &&\
if [ $$(echo "$${api_versions}" | grep -c '^cert-manager.io/v1$$') -eq 0 ]; then if [ "$${DISABLE_SERVICE_TLS}" != "true" ]; then\
echo 'cert-manager is not installed, install using "make cert_manager" or disable TLS for services by setting DISABLE_SERVICE_TLS to true' >&2\
&& exit 1;\
fi;\
fi
# Location to install dependencies
LOCALBIN ?= $(shell pwd)/bin
PHONY: local-bin
local-bin:
mkdir -p $(LOCALBIN)
# Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
CONTROLLER_GEN = $(LOCALBIN)/controller-gen
.PHONY: controller-gen
controller-gen: $(CONTROLLER_GEN)
$(CONTROLLER_GEN): local-bin
test -s $(CONTROLLER_GEN) && $(CONTROLLER_GEN) --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@v$(CONTROLLER_TOOLS_VERSION)
# Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
KUSTOMIZE = $(LOCALBIN)/kustomize
.PHONY: kustomize
kustomize: $(KUSTOMIZE)
$(KUSTOMIZE): local-bin
@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \
echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
rm -rf $(LOCALBIN)/kustomize; \
fi
test -s $(KUSTOMIZE) || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
# Download go-license locally if necessary
GOLICENSE = $(LOCALBIN)/go-license
.PHONY: golicense
golicense: $(GOLICENSE)
$(GOLICENSE): local-bin
test -s $(GOLICENSE) || GOBIN=$(LOCALBIN) go install github.com/palantir/go-license@v$(GOLICENSE_VERSION)
# Download setup-envtest locally if necessary
ENVTEST = $(LOCALBIN)/setup-envtest
.PHONY: setup-envtest
setup-envtest: $(ENVTEST)
$(ENVTEST): local-bin
test -s $(ENVTEST) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
# Download opm locally if necessary
OPM = $(LOCALBIN)/opm
.PHONY: opm
opm: $(OPM)
$(OPM): local-bin
test -s $(OPM) || \
{ \
set -e ;\
curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v$(OPM_VERSION)/$(OS)-$(ARCH)-opm ;\
chmod +x $(OPM) ;\
}
.PHONY: catalog-build
catalog-build: opm
$(OPM) index add --container-tool $(IMAGE_BUILDER) --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
# Generate bundle manifests and metadata, then validate generated files.
.PHONY: bundle
bundle: manifests kustomize
operator-sdk generate kustomize manifests -q
cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMG)
$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS)
operator-sdk bundle validate ./bundle
# Build the bundle image.
.PHONY: bundle-build
bundle-build:
$(IMAGE_BUILDER) build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
.PHONY: deploy_bundle
deploy_bundle: check_cert_manager undeploy_bundle
operator-sdk run bundle --install-mode $(BUNDLE_INSTALL_MODE) $(BUNDLE_IMG)
ifeq ($(DISABLE_SERVICE_TLS), true)
@echo "Disabling TLS for in-cluster communication between Services"
@current_ns=`$(CLUSTER_CLIENT) config view --minify -o 'jsonpath={.contexts[0].context.namespace}'` && \
if [ -z "$${current_ns}" ]; then \
echo "Failed to determine Namespace in current context" >&2; \
exit 1; \
fi; \
set -f -- `$(CLUSTER_CLIENT) get sub -l "operators.coreos.com/$(OPERATOR_NAME).$${current_ns}" -o name` && \
if [ "$${#}" -ne 1 ]; then \
echo -e "Expected 1 Subscription, found $${#}:\n$${@}" >&2; \
exit 1; \
fi; \
$(CLUSTER_CLIENT) patch --type=merge -p '{"spec":{"config":{"env":[{"name":"DISABLE_SERVICE_TLS","value":"true"}]}}}' "$${1}"
endif
.PHONY: undeploy_bundle
undeploy_bundle:
- operator-sdk cleanup $(OPERATOR_NAME)
# Deploy a Cryostat instance
.PHONY: create_cryostat_cr
create_cryostat_cr: destroy_cryostat_cr
$(CLUSTER_CLIENT) create -f config/samples/operator_v1beta1_cryostat.yaml
.PHONY: create_clustercryostat_cr
create_clustercryostat_cr: destroy_clustercryostat_cr
target_ns_json=$$(jq -nc '$$ARGS.positional' --args -- $(TARGET_NAMESPACES)) && \
$(CLUSTER_CLIENT) patch -f config/samples/operator_v1beta1_clustercryostat.yaml --local=true --type=merge \
-p "{\"spec\": {\"installNamespace\": \"$(DEPLOY_NAMESPACE)\", \"targetNamespaces\": $$target_ns_json}}" -o yaml | \
oc apply -f -
# Undeploy a Cryostat instance
.PHONY: destroy_cryostat_cr
destroy_cryostat_cr:
- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_cryostat.yaml
.PHONY: destroy_clustercryostat_cr
destroy_clustercryostat_cr:
- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_clustercryostat.yaml
# Build custom scorecard tests
.PHONY: custom-scorecard-tests
custom-scorecard-tests: fmt vet
cd internal/images/custom-scorecard-tests/ && \
go build -o bin/cryostat-scorecard-tests main.go
# Build the custom scorecard OCI image
.PHONY: scorecard-build
scorecard-build: custom-scorecard-tests
printf '# Code generated by hack/custom.config.yaml.in. DO NOT EDIT.\n' > config/scorecard/patches/custom.config.yaml
envsubst < hack/custom.config.yaml.in >> config/scorecard/patches/custom.config.yaml
# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' internal/images/custom-scorecard-tests/Dockerfile > internal/images/custom-scorecard-tests/Dockerfile.cross
ifeq ($(IMAGE_BUILDER), docker)
- $(IMAGE_BUILDER) buildx create --name project-v3-builder
$(IMAGE_BUILDER) buildx use project-v3-builder
- $(IMAGE_BUILDER) buildx build --push --platform=$(PLATFORMS) --tag $(CUSTOM_SCORECARD_IMG) -f internal/images/custom-scorecard-tests/Dockerfile.cross .
- $(IMAGE_BUILDER) buildx rm project-v3-builder
else ifeq ($(IMAGE_BUILDER), podman)
BUILDAH_FORMAT=docker $(IMAGE_BUILDER) build -f internal/images/custom-scorecard-tests/Dockerfile.cross --manifest $(CUSTOM_SCORECARD_IMG) --platform $(PLATFORMS) . ; \
if [ "${MANIFEST_PUSH}" = "true" ] ; then \
$(IMAGE_BUILDER) manifest push $(CUSTOM_SCORECARD_IMG) $(CUSTOM_SCORECARD_IMG) ; \
fi
else
$(error unsupported IMAGE_BUILDER: $(IMAGE_BUILDER))
endif
rm internal/images/custom-scorecard-tests/Dockerfile.cross
# Local development/testing helpers
ifneq ($(origin SAMPLE_APP_NAMESPACE), undefined)
SAMPLE_APP_FLAGS += -n $(SAMPLE_APP_NAMESPACE)
endif
.PHONY: sample_app
sample_app:
$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app.yaml
.PHONY: undeploy_sample_app
undeploy_sample_app:
$(CLUSTER_CLIENT) delete $(SAMPLE_APP_FLAGS) --ignore-not-found=$(ignore-not-found) -f config/samples/sample-app.yaml
.PHONY: sample_app_agent
sample_app_agent: undeploy_sample_app_agent
@if [ -z "${AUTH_TOKEN}" ]; then \
if [ "${CLUSTER_CLIENT}" = "oc" ]; then\
AUTH_TOKEN=`oc whoami -t | base64`; \
else \
echo "'AUTH_TOKEN' must be specified."; \
exit 1; \
fi; \
fi; \
$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app-agent.yaml; \
$(CLUSTER_CLIENT) set env $(SAMPLE_APP_FLAGS) deployment/quarkus-test-agent CRYOSTAT_AGENT_AUTHORIZATION="Bearer $(AUTH_TOKEN)"
.PHONY: undeploy_sample_app_agent
undeploy_sample_app_agent:
- $(CLUSTER_CLIENT) delete $(SAMPLE_APP_FLAGS) --ignore-not-found=$(ignore-not-found) -f config/samples/sample-app-agent.yaml