-
Notifications
You must be signed in to change notification settings - Fork 5
/
Makefile
165 lines (135 loc) · 4.94 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# go options
GO111MODULE := on
export GO111MODULE
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell git))
BUILD_VERSION=$(git describe --tags --always --dirty="-dev")
else
BUILD_VERSION='unknown'
endif
BUILD_DATE ?= $(shell date -u '+%Y-%m-%d-%H:%M UTC')
VERSION_FLAGS := -ldflags='-X "main.buildVersion=$(BUILD_VERSION)" -X "main.buildTime=$(BUILD_DATE)"'
# Deployment options
K8SFS_PATH ?= ${HOME}/.k8sfs
KUBE_PATH ?= ${K8SFS_PATH}/kubernetes
EXTERNAL_DNS ?= 8.8.8.8
define WEBHOOK_CONFIGURATION
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook
webhooks:
- name: "pod-mutator.hpk.dev"
rules:
- apiGroups: [""]
apiVersions: ["v1"]
operations: ["CREATE"]
resources: ["pods"]
scope: "Namespaced"
clientConfig:
url: "https://${HOST_ADDRESS}:10250/mutates/pod"
caBundle: ${CA_BUNDLE}
failurePolicy: Fail
admissionReviewVersions: ["v1"]
timeoutSeconds: 5
sideEffects: None
- name: "pvc-mutator.hpk.dev"
rules:
- apiGroups: [""]
apiVersions: ["v1"]
operations: ["CREATE"]
resources: ["persistentvolumeclaims"]
scope: "Namespaced"
clientConfig:
url: "https://${HOST_ADDRESS}:10250/mutates/pvc"
caBundle: ${CA_BUNDLE}
failurePolicy: Fail
admissionReviewVersions: ["v1"]
timeoutSeconds: 5
sideEffects: None
endef
export WEBHOOK_CONFIGURATION
define CERTIFICATE_CONFIGURATION
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
IP.2 = ${HOST_ADDRESS}
endef
export CERTIFICATE_CONFIGURATION
##@ General
.DEFAULT_GOAL := help
help: ## Display this help
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Build
build: hpk-kubelet hpk-pause ## Build HPK binary
build-race: ## Build HPK binary with race condition detector
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build $(VERSION_FLAGS) -race -o bin/hpk-kubelet ./cmd/hpk
hpk-kubelet:
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build $(VERSION_FLAGS) -ldflags '-extldflags "-static"' -o bin/hpk-kubelet ./cmd/hpk
hpk-pause:
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build $(VERSION_FLAGS) -ldflags '-extldflags "-static"' -o bin/hpk-pause ./cmd/pause
docker-pause:
DOCKER_BUILDKIT=1 docker build . -t malvag/pause:1.1.9 -f deploy/images/pause-apptainer-agent/pause.apptainer.Dockerfile
sudo docker push malvag/pause:1.1.9
##@ Deployment
run-kubemaster: ## Run the Kubernetes Master
mkdir -p ${K8SFS_PATH}/log
apptainer run --net --dns ${EXTERNAL_DNS} --fakeroot \
--cleanenv --pid --containall \
--no-init --no-umask --no-eval \
--no-mount tmp,home --unsquash --writable \
--env K8SFS_MOCK_KUBELET=0 \
--bind ${K8SFS_PATH}:/usr/local/etc \
--bind ${K8SFS_PATH}/log:/var/log \
docker://chazapis/kubernetes-from-scratch:20230425
run-kubelet: CA_BUNDLE = $(shell cat ${KUBE_PATH}/pki/ca.crt | base64 | tr -d '\n')
run-kubelet: HOST_ADDRESS = $(shell ip route get 1 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
run-kubelet: ## Run the HPK Virtual Kubelet
@echo "===> Generate HPK Certificates <==="
mkdir -p ./bin
if [ ! -f bin/kubelet.key ]; then openssl genrsa -out bin/kubelet.key 2048; fi
echo "$$CERTIFICATE_CONFIGURATION" > bin/kubelet.cnf
openssl req -new -key bin/kubelet.key -subj "/CN=hpk-kubelet" \
-out bin/kubelet.csr -config bin/kubelet.cnf
openssl x509 -req -days 365 -set_serial 01 \
-CA ${KUBE_PATH}/pki/ca.crt -CAkey ${KUBE_PATH}/pki/ca.key \
-in bin/kubelet.csr -out bin/kubelet.crt \
-extfile bin/kubelet.cnf -extensions v3_req
@echo "===> Register Webhook <==="
export KUBECONFIG=${KUBE_PATH}/admin.conf; \
echo "$$WEBHOOK_CONFIGURATION" | kubectl apply -f -
@echo "===> Run HPK <==="
KUBECONFIG=${KUBE_PATH}/admin.conf \
APISERVER_KEY_LOCATION=bin/kubelet.key \
APISERVER_CERT_LOCATION=bin/kubelet.crt \
VKUBELET_ADDRESS=${HOST_ADDRESS} \
./bin/hpk-kubelet
##@ Test
.PHONY: test
test: ## Run all tests
if [ ! -d test/helper ]; then \
mkdir test/helper; \
git clone https://github.com/bats-core/bats-core.git test/helper/bats; \
git clone https://github.com/bats-core/bats-support.git test/helper/bats-support; \
git clone https://github.com/bats-core/bats-assert.git test/helper/bats-assert; \
git clone https://github.com/bats-core/bats-detik.git test/helper/bats-detik; \
fi
export KUBECONFIG=${KUBE_PATH}/admin.conf; \
./test/helper/bats/bin/bats test/test.bats
#.PHONY: build
#build: clean bin/hpk-kubelet
#.PHONY: clean
#clean: files := bin/hpk-kubelet
#clean:
# @${RM} $(files) &>/dev/null || exit 0
#.PHONY: mod
#mod:
# @go mod tidy