open-cluster-management.io/governance-policy-propagator@v0.13.0/Makefile (about) 1 # Copyright 2019 The Kubernetes Authors. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 # Copyright Contributors to the Open Cluster Management project 15 16 PWD := $(shell pwd) 17 LOCAL_BIN ?= $(PWD)/bin 18 19 export PATH := $(LOCAL_BIN):$(PATH) 20 GOARCH = $(shell go env GOARCH) 21 GOOS = $(shell go env GOOS) 22 TESTARGS_DEFAULT := "-v" 23 export TESTARGS ?= $(TESTARGS_DEFAULT) 24 VERSION ?= $(shell cat COMPONENT_VERSION 2> /dev/null) 25 IMAGE_NAME_AND_VERSION ?= $(REGISTRY)/$(IMG) 26 CONTROLLER_NAME = $(shell cat COMPONENT_NAME 2> /dev/null) 27 CONTROLLER_NAMESPACE ?= open-cluster-management 28 # Handle KinD configuration 29 CLUSTER_NAME ?= hub 30 KIND_NAMESPACE ?= $(CONTROLLER_NAMESPACE) 31 POSTGRES_HOST ?= localhost 32 33 # Test coverage threshold 34 export COVERAGE_MIN ?= 75 35 36 # Image URL to use all building/pushing image targets; 37 # Use your own docker registry and image name for dev/test by overridding the IMG and REGISTRY environment variable. 38 IMG ?= $(shell cat COMPONENT_NAME 2> /dev/null) 39 REGISTRY ?= quay.io/open-cluster-management 40 TAG ?= latest 41 42 include build/common/Makefile.common.mk 43 44 ############################################################ 45 # work section 46 ############################################################ 47 $(GOBIN): 48 @echo "create gobin" 49 @mkdir -p $(GOBIN) 50 51 ############################################################ 52 # clean section 53 ############################################################ 54 55 .PHONY: clean 56 clean: 57 -rm bin/* 58 -rm build/_output/bin/* 59 -rm coverage*.out 60 -rm report*.json 61 -rm kubeconfig_* 62 -rm -r vendor/ 63 64 ############################################################ 65 # lint section 66 ############################################################ 67 68 .PHONY: fmt 69 fmt: 70 71 .PHONY: lint 72 lint: 73 74 ############################################################ 75 # test section 76 ############################################################ 77 KBVERSION = 3.12.0 78 ENVTEST_K8S_VERSION = 1.26.x 79 80 .PHONY: test 81 test: test-dependencies 82 KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test $(TESTARGS) `go list ./... | grep -v test/e2e` 83 84 .PHONY: test-coverage 85 test-coverage: TESTARGS = -json -cover -covermode=atomic -coverprofile=coverage_unit.out 86 test-coverage: test 87 88 .PHONY: test-dependencies 89 test-dependencies: envtest kubebuilder 90 91 .PHONY: gosec-scan 92 gosec-scan: GOSEC_ARGS=-exclude G201 93 94 ############################################################ 95 # build section 96 ############################################################ 97 98 .PHONY: build 99 build: 100 CGO_ENABLED=1 go build -o build/_output/bin/$(IMG) main.go 101 102 ############################################################ 103 # images section 104 ############################################################ 105 106 .PHONY: build-images 107 build-images: 108 @docker build -t ${IMAGE_NAME_AND_VERSION} -f build/Dockerfile . 109 @docker tag ${IMAGE_NAME_AND_VERSION} $(REGISTRY)/$(IMG):$(TAG) 110 111 .PHONY: run 112 run: 113 WATCH_NAMESPACE="$(WATCH_NAMESPACE)" go run main.go --leader-elect=false --enable-webhooks=false --log-level=2 114 115 ############################################################ 116 # Generate manifests 117 ############################################################ 118 119 .PHONY: manifests 120 manifests: kustomize controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. 121 $(CONTROLLER_GEN) crd rbac:roleName=governance-policy-propagator paths="./..." output:crd:artifacts:config=deploy/crds output:rbac:artifacts:config=deploy/rbac 122 mv deploy/crds/policy.open-cluster-management.io_policies.yaml deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml 123 @printf -- "---\n" > deploy/crds/policy.open-cluster-management.io_policies.yaml 124 $(KUSTOMIZE) build deploy/crds/kustomize >> deploy/crds/policy.open-cluster-management.io_policies.yaml 125 126 .PHONY: generate 127 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. 128 $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." 129 130 .PHONY: generate-operator-yaml 131 generate-operator-yaml: kustomize manifests 132 $(KUSTOMIZE) build deploy/manager > deploy/operator.yaml 133 134 ############################################################ 135 # e2e test section 136 ############################################################ 137 138 .PHONY: kind-bootstrap-cluster 139 kind-bootstrap-cluster: POSTGRES_HOST=postgres 140 kind-bootstrap-cluster: kind-bootstrap-cluster-dev webhook kind-deploy-controller install-resources 141 142 .PHONY: kind-bootstrap-cluster-dev 143 kind-bootstrap-cluster-dev: kind-create-cluster install-crds kind-controller-kubeconfig postgres 144 145 cert-manager: 146 @echo Installing cert-manager 147 kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml 148 @echo "Waiting until the pods are up" 149 kubectl wait deployment -n cert-manager cert-manager --for condition=Available=True --timeout=180s 150 kubectl wait --for=condition=Ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=180s 151 152 postgres: cert-manager 153 @echo "Installing Postgres" 154 -kubectl create ns $(KIND_NAMESPACE) 155 sed 's/open-cluster-management/$(KIND_NAMESPACE)/g' build/kind/postgres.yaml | kubectl apply --timeout=180s -f- 156 157 @echo "Waiting until the pods are up" 158 @sleep 3 159 kubectl -n $(KIND_NAMESPACE) wait --for=condition=Ready pod -l app=postgres 160 161 @echo "Creating the governance-policy-database secret" 162 @kubectl -n $(KIND_NAMESPACE) get secret governance-policy-database || \ 163 kubectl -n $(KIND_NAMESPACE) create secret generic governance-policy-database \ 164 --from-literal="user=grc" \ 165 --from-literal="password=grc" \ 166 --from-literal="host=$(POSTGRES_HOST)" \ 167 --from-literal="dbname=ocm-compliance-history" \ 168 --from-literal="ca=$$(kubectl -n $(KIND_NAMESPACE) get secret postgres-cert -o json | jq -r '.data["ca.crt"]' | base64 -d)" 169 170 @echo "Copying the compliance API certificates locally" 171 kubectl -n $(KIND_NAMESPACE) get secret compliance-api-cert -o json | jq -r '.data["tls.crt"]' | base64 -d > dev-tls.crt 172 kubectl -n $(KIND_NAMESPACE) get secret compliance-api-cert -o json | jq -r '.data["ca.crt"]' | base64 -d >> dev-ca.crt 173 kubectl -n $(KIND_NAMESPACE) get secret compliance-api-cert -o json | jq -r '.data["tls.key"]' | base64 -d > dev-tls.key 174 175 webhook: cert-manager 176 -kubectl create ns $(KIND_NAMESPACE) 177 sed 's/namespace: open-cluster-management/namespace: $(KIND_NAMESPACE)/g' deploy/webhook.yaml | kubectl apply -f- 178 179 HUB_ONLY ?= none 180 181 .PHONY: kind-deploy-controller 182 kind-deploy-controller: manifests 183 if [ "$(HUB_ONLY)" = "true" ]; then\ 184 $(MAKE) webhook;\ 185 kubectl delete deployment governance-policy-propagator -n $(KIND_NAMESPACE) ;\ 186 kubectl wait --for=delete pod -l name=governance-policy-propagator --timeout=60s -n $(KIND_NAMESPACE);\ 187 fi 188 @echo installing $(IMG) 189 -kubectl create ns $(KIND_NAMESPACE) 190 kubectl apply -f deploy/operator.yaml -n $(KIND_NAMESPACE) 191 192 .PHONY: kind-deploy-controller-dev 193 kind-deploy-controller-dev: kind-deploy-controller 194 @echo "Patch deployment image" 195 kubectl patch deployment $(IMG) -n $(KIND_NAMESPACE) -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$(IMG)\",\"imagePullPolicy\":\"Never\"}]}}}}" 196 kubectl patch deployment $(IMG) -n $(KIND_NAMESPACE) -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$(IMG)\",\"image\":\"$(REGISTRY)/$(IMG):$(TAG)\"}]}}}}" 197 198 @echo Pushing image to KinD cluster 199 kind load docker-image $(REGISTRY)/$(IMG):$(TAG) --name $(KIND_NAME) 200 kubectl rollout restart deployment/$(IMG) -n $(KIND_NAMESPACE) 201 kubectl rollout status -n $(KIND_NAMESPACE) deployment $(IMG) --timeout=180s 202 203 # Specify KIND_VERSION to indicate the version tag of the KinD image 204 .PHONY: kind-create-cluster 205 kind-create-cluster: KIND_ARGS += --config build/kind/kind-config.yaml 206 207 .PHONY: kind-delete-cluster 208 kind-delete-cluster: 209 kind delete cluster --name $(KIND_NAME) 210 211 .PHONY: install-crds 212 install-crds: manifests 213 @echo installing crds 214 kubectl apply -f deploy/crds/policy.open-cluster-management.io_placementbindings.yaml 215 kubectl apply -f deploy/crds/policy.open-cluster-management.io_policies.yaml 216 kubectl apply -f deploy/crds/policy.open-cluster-management.io_policyautomations.yaml 217 kubectl apply -f deploy/crds/policy.open-cluster-management.io_policysets.yaml 218 kubectl apply -f https://raw.githubusercontent.com/open-cluster-management-io/multicloud-operators-subscription/main/deploy/hub-common/apps.open-cluster-management.io_placementrules_crd.yaml 219 kubectl apply -f https://raw.githubusercontent.com/open-cluster-management-io/api/main/cluster/v1/0000_00_clusters.open-cluster-management.io_managedclusters.crd.yaml 220 kubectl apply -f https://raw.githubusercontent.com/open-cluster-management-io/api/main/cluster/v1beta1/0000_02_clusters.open-cluster-management.io_placements.crd.yaml --validate=false 221 kubectl apply -f https://raw.githubusercontent.com/open-cluster-management-io/api/main/cluster/v1beta1/0000_03_clusters.open-cluster-management.io_placementdecisions.crd.yaml --validate=false 222 kubectl apply -f deploy/crds/external/tower.ansible.com_joblaunch_crd.yaml 223 kubectl apply -f test/resources/case5_policy_automation/dns-crd.yaml 224 225 .PHONY: install-resources 226 install-resources: 227 @echo creating namespaces 228 kubectl create ns policy-propagator-test 229 kubectl create ns $(KIND_NAMESPACE) 230 kubectl create ns local-cluster 231 kubectl create ns managed1 232 kubectl create ns managed2 233 kubectl create ns managed3 234 kubectl create ns managed4 235 kubectl create ns managed5 236 kubectl create ns managed6 237 @echo deploying roles and service account 238 kubectl apply -k deploy/rbac -n $(KIND_NAMESPACE) 239 kubectl apply -f deploy/manager/service-account.yaml -n $(KIND_NAMESPACE) 240 @echo creating cluster resources 241 kubectl apply -f test/resources/local-cluster.yaml 242 kubectl apply -f test/resources/managed1-cluster.yaml 243 kubectl apply -f test/resources/managed2-cluster.yaml 244 kubectl apply -f test/resources/managed3-cluster.yaml 245 kubectl apply -f test/resources/managed4-cluster.yaml 246 kubectl apply -f test/resources/managed5-cluster.yaml 247 kubectl apply -f test/resources/managed6-cluster.yaml 248 @echo setting a Hub cluster DNS name 249 kubectl apply -f test/resources/case5_policy_automation/cluster-dns.yaml 250 251 E2E_LABEL_FILTER = --label-filter="!webhook && !compliance-events-api && !policyautomation" 252 .PHONY: e2e-test 253 e2e-test: e2e-dependencies 254 $(GINKGO) -v --fail-fast $(E2E_TEST_ARGS) $(E2E_LABEL_FILTER) test/e2e -- $(E2E_TEST_CODE_ARGS) 255 256 .PHONY: e2e-test-webhook 257 e2e-test-webhook: E2E_LABEL_FILTER = --label-filter="webhook" 258 e2e-test-webhook: e2e-test 259 260 .PHONY: e2e-test-compliance-events-api 261 e2e-test-compliance-events-api: E2E_LABEL_FILTER = --label-filter="compliance-events-api" 262 e2e-test-compliance-events-api: e2e-test 263 264 .PHONY: e2e-test-coverage-compliance-events-api 265 e2e-test-coverage-compliance-events-api: E2E_TEST_ARGS = --json-report=report_e2e_compliance_events_api.json --covermode=atomic --coverpkg=open-cluster-management.io/governance-policy-propagator/controllers/complianceeventsapi --coverprofile=coverage_e2e_compliance_events_api.out --output-dir=. 266 e2e-test-coverage-compliance-events-api: e2e-test-compliance-events-api 267 268 .PHONY: e2e-test-policyautomation 269 e2e-test-policyautomation: E2E_LABEL_FILTER = --label-filter="policyautomation" 270 e2e-test-policyautomation: e2e-test 271 272 .PHONY: e2e-build-instrumented 273 e2e-build-instrumented: 274 go test -covermode=atomic -coverpkg=$(shell cat go.mod | head -1 | cut -d ' ' -f 2)/... -c -tags e2e ./ -o build/_output/bin/$(IMG)-instrumented 275 276 TEST_COVERAGE_OUT = coverage_e2e.out 277 .PHONY: e2e-run-instrumented 278 e2e-run-instrumented: e2e-build-instrumented 279 WATCH_NAMESPACE="$(WATCH_NAMESPACE)" ./build/_output/bin/$(IMG)-instrumented -test.run "^TestRunMain$$" -test.coverprofile=$(TEST_COVERAGE_OUT) 2>&1 | tee ./build/_output/controller.log & 280 281 .PHONY: e2e-stop-instrumented 282 e2e-stop-instrumented: 283 ps -ef | grep '$(IMG)' | grep -v grep | awk '{print $$2}' | xargs kill 284 285 .PHONY: e2e-test-coverage 286 e2e-test-coverage: E2E_TEST_ARGS = --json-report=report_e2e.json --output-dir=. 287 e2e-test-coverage: E2E_TEST_CODE_ARGS = --compliance-api-port=8385 288 e2e-test-coverage: e2e-run-instrumented e2e-test e2e-stop-instrumented 289 290 .PHONY: e2e-test-coverage-policyautomation 291 e2e-test-coverage-policyautomation: E2E_TEST_ARGS = --json-report=report_e2e_policyautomation.json --output-dir=. 292 e2e-test-coverage-policyautomation: E2E_LABEL_FILTER = --label-filter="policyautomation" 293 e2e-test-coverage-policyautomation: TEST_COVERAGE_OUT = coverage_e2e_policyautomation.out 294 e2e-test-coverage-policyautomation: e2e-test-coverage 295 296 .PHONY: e2e-debug 297 e2e-debug: 298 @echo local controller log: 299 -cat build/_output/controller.log 300 @echo remote controller log: 301 -kubectl logs $$(kubectl get pods -n $(KIND_NAMESPACE) -o name | grep $(IMG)) -n $(KIND_NAMESPACE) -c governance-policy-propagator 302 303 ############################################################ 304 # test coverage 305 ############################################################ 306 COVERAGE_FILE = coverage.out 307 308 .PHONY: coverage-merge 309 coverage-merge: coverage-dependencies 310 @echo Merging the coverage reports into $(COVERAGE_FILE) 311 $(GOCOVMERGE) $(PWD)/coverage_* > $(COVERAGE_FILE) 312 313 .PHONY: coverage-verify 314 coverage-verify: 315 ./build/common/scripts/coverage_calc.sh