1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
kyverno/Makefile

417 lines
16 KiB
Makefile
Raw Normal View History

.DEFAULT_GOAL: build
2019-05-29 21:44:21 +00:00
##################################
# DEFAULTS
##################################
GIT_VERSION := $(shell git describe --match "v[0-9]*" --tags $(git rev-list --tags --max-count=1))
GIT_VERSION_DEV := $(shell git describe --match "[0-9].[0-9]-dev*")
2020-01-11 02:52:11 +00:00
GIT_BRANCH := $(shell git branch | grep \* | cut -d ' ' -f2)
GIT_HASH := $(GIT_BRANCH)/$(shell git log -1 --pretty=format:"%H")
TIMESTAMP := $(shell date '+%Y-%m-%d_%I:%M:%S%p')
VERSION ?= $(shell git describe --match "v[0-9]*")
2020-01-11 02:52:11 +00:00
REGISTRY?=ghcr.io
REPO=$(REGISTRY)/kyverno
IMAGE_TAG_LATEST_DEV=$(shell git describe --match "[0-9].[0-9]-dev*" | cut -d '-' -f-2)
IMAGE_TAG_DEV=$(GIT_VERSION_DEV)
2020-05-15 20:11:28 +00:00
IMAGE_TAG?=$(GIT_VERSION)
GOARCH ?= $(shell go env GOARCH)
GOOS ?= $(shell go env GOOS)
ifeq ($(GOOS), darwin)
SED=gsed
else
SED=sed
endif
2020-10-07 22:09:52 +00:00
PACKAGE ?=github.com/kyverno/kyverno
export LD_FLAGS = -s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)
export LD_FLAGS_DEV = -s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION_DEV) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)
K8S_VERSION ?= $(shell kubectl version --short | grep -i server | cut -d" " -f3 | cut -c2-)
export K8S_VERSION
TEST_GIT_BRANCH ?= main
KIND_IMAGE?=kindest/node:v1.24.0
#########
# TOOLS #
#########
TOOLS_DIR := $(PWD)/.tools
KIND := $(TOOLS_DIR)/kind
KIND_VERSION := v0.14.0
CONTROLLER_GEN := $(TOOLS_DIR)/controller-gen
CONTROLLER_GEN_VERSION := v0.9.1-0.20220629131006-1878064c4cdf
GEN_CRD_API_REFERENCE_DOCS := $(TOOLS_DIR)/gen-crd-api-reference-docs
GEN_CRD_API_REFERENCE_DOCS_VERSION := latest
GO_ACC := $(TOOLS_DIR)/go-acc
GO_ACC_VERSION := latest
KUSTOMIZE := $(TOOLS_DIR)/kustomize
KUSTOMIZE_VERSION := latest
GOIMPORTS := $(TOOLS_DIR)/goimports
GOIMPORTS_VERSION := latest
HELM_DOCS := $(TOOLS_DIR)/helm-docs
HELM_DOCS_VERSION := v1.6.0
KO := $(TOOLS_DIR)/ko
KO_VERSION := v0.12.0
TOOLS := $(KIND) $(CONTROLLER_GEN) $(GEN_CRD_API_REFERENCE_DOCS) $(GO_ACC) $(KUSTOMIZE) $(GOIMPORTS) $(HELM_DOCS) $(KO)
$(KIND):
@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kind@$(KIND_VERSION)
$(CONTROLLER_GEN):
@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_GEN_VERSION)
$(GEN_CRD_API_REFERENCE_DOCS):
@GOBIN=$(TOOLS_DIR) go install github.com/ahmetb/gen-crd-api-reference-docs@$(GEN_CRD_API_REFERENCE_DOCS_VERSION)
$(GO_ACC):
@GOBIN=$(TOOLS_DIR) go install github.com/ory/go-acc@$(GO_ACC_VERSION)
$(KUSTOMIZE):
@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kustomize/kustomize/v4@$(KUSTOMIZE_VERSION)
$(GOIMPORTS):
@GOBIN=$(TOOLS_DIR) go install golang.org/x/tools/cmd/goimports@$(GOIMPORTS_VERSION)
$(HELM_DOCS):
@GOBIN=$(TOOLS_DIR) go install github.com/norwoodj/helm-docs/cmd/helm-docs@$(HELM_DOCS_VERSION)
$(KO):
@GOBIN=$(TOOLS_DIR) go install github.com/google/ko@$(KO_VERSION)
.PHONY: install-tools
install-tools: $(TOOLS) ## Install tools
.PHONY: clean-tools
clean-tools: ## Remove tools
@rm -rf $(TOOLS_DIR)
##################################
# KYVERNO
##################################
2019-05-29 21:44:21 +00:00
.PHONY: unused-package-check
unused-package-check:
@echo "------------------"
@echo "--> Check unused packages for the all kyverno components"
@echo "------------------"
@tidy=$$(go mod tidy); \
if [ -n "$${tidy}" ]; then \
echo "go mod tidy checking failed!"; echo "$${tidy}"; echo; \
fi
KYVERNO_PATH:= cmd/kyverno
build: kyverno
PWD := $(CURDIR)
##################################
# INIT CONTAINER
##################################
INITC_PATH := cmd/initContainer
INITC_IMAGE := kyvernopre
initContainer: fmt vet
GOOS=$(GOOS) go build -o $(PWD)/$(INITC_PATH)/kyvernopre -ldflags="$(LD_FLAGS)" $(PWD)/$(INITC_PATH)
.PHONY: ko-build-initContainer
2019-05-29 21:44:21 +00:00
ko-build-initContainer: KO_DOCKER_REPO=$(REPO)/$(INITC_IMAGE)
ko-build-initContainer:
@ko build ./$(INITC_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64,linux/arm64,linux/s390x
2019-05-29 21:44:21 +00:00
ko-build-initContainer-amd64: KO_DOCKER_REPO=$(REPO)/$(INITC_IMAGE)
ko-build-initContainer-amd64:
@ko build ./$(INITC_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
ko-build-initContainer-local: KO_DOCKER_REPO=kind.local
ko-build-initContainer-local: kind-e2e-cluster
@ko build ./$(INITC_PATH) --platform=linux/$(GOARCH) --tags=latest,$(IMAGE_TAG_DEV) --preserve-import-paths
INITC_KIND_IMAGE = kind.local/github.com/kyverno/kyverno/cmd/initcontainer
# TODO(jason): LD_FLAGS_DEV
ko-build-initContainer-dev: KO_DOCKER_REPO=$(REPO)/$(INITC_IMAGE)
ko-build-initContainer-dev:
@ko build ./$(INITC_PATH) --bare --platform=linux/amd64,linux/arm64,linux/s390x --tags=latest,$(IMAGE_TAG_DEV),$(IMAGE_TAG_LATEST_DEV)
##################################
# KYVERNO CONTAINER
##################################
.PHONY: ko-build-kyverno
KYVERNO_PATH := cmd/kyverno
KYVERNO_IMAGE := kyverno
2020-05-17 16:51:46 +00:00
kyverno: fmt vet
GOOS=$(GOOS) go build -o $(PWD)/$(KYVERNO_PATH)/kyverno -ldflags"$(LD_FLAGS)" $(PWD)/$(KYVERNO_PATH)
ko-build-kyverno: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_IMAGE)
ko-build-kyverno:
@ko build ./$(KYVERNO_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64,linux/arm64,linux/s390x
ko-build-kyverno-amd64: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_IMAGE)
ko-build-kyverno-amd64:
@ko build ./$(KYVERNO_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
ko-build-kyverno-local: KO_DOCKER_REPO=kind.local
ko-build-kyverno-local: kind-e2e-cluster
@ko build ./$(KYVERNO_PATH) --platform=linux/$(GOARCH) --tags=latest,$(IMAGE_TAG_DEV) --preserve-import-paths
KYVERNO_KIND_IMAGE = kind.local/github.com/kyverno/kyverno/cmd/kyverno
# TODO(jason): LD_FLAGS_DEV
ko-build-kyverno-dev: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_IMAGE)
ko-build-kyverno-dev:
@ko build ./$(KYVERNO_PATH) --bare --platform=linux/amd64,linux/arm64,linux/s390x --tags=latest,$(IMAGE_TAG_DEV),$(IMAGE_TAG_LATEST_DEV)
##################################
2020-07-20 14:35:06 +00:00
# Generate Docs for types.go
##################################
.PHONY: generate-api-docs
generate-api-docs: $(GEN_CRD_API_REFERENCE_DOCS) ## Generate api reference docs
rm -rf docs/crd
mkdir docs/crd
$(GEN_CRD_API_REFERENCE_DOCS) -v 6 -api-dir ./api/kyverno/v1alpha2 -config docs/config.json -template-dir docs/template -out-file docs/crd/v1alpha2/index.html
$(GEN_CRD_API_REFERENCE_DOCS) -v 6 -api-dir ./api/kyverno/v1beta1 -config docs/config.json -template-dir docs/template -out-file docs/crd/v1beta1/index.html
$(GEN_CRD_API_REFERENCE_DOCS) -v 6 -api-dir ./api/kyverno/v1 -config docs/config.json -template-dir docs/template -out-file docs/crd/v1/index.html
.PHONY: verify-api-docs
verify-api-docs: generate-api-docs ## Check api reference docs are up to date
git --no-pager diff docs
@echo 'If this test fails, it is because the git diff is non-empty after running "make generate-api-docs".'
@echo 'To correct this, locally run "make generate-api-docs", commit the changes, and re-run tests.'
git diff --quiet --exit-code docs
##################################
# CLI
##################################
.PHONY: ko-build-cli
2020-02-20 03:13:05 +00:00
CLI_PATH := cmd/cli/kubectl-kyverno
KYVERNO_CLI_IMAGE := kyverno-cli
cli:
GOOS=$(GOOS) go build -o $(PWD)/$(CLI_PATH)/kyverno -ldflags="$(LD_FLAGS)" $(PWD)/$(CLI_PATH)
ko-build-cli: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_CLI_IMAGE)
ko-build-cli:
@ko build ./$(CLI_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64,linux/arm64,linux/s390x
ko-build-cli-amd64: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_CLI_IMAGE)
ko-build-cli-amd64:
@ko build ./$(CLI_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
ko-build-cli-local: KO_DOCKER_REPO=ko.local
ko-build-cli-local:
@ko build ./$(CLI_PATH) --platform=linux/$(GOARCH) --tags=latest,$(IMAGE_TAG_DEV)
# TODO(jason): LD_FLAGS_DEV
ko-build-cli-dev: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_CLI_IMAGE)
ko-build-cli-dev:
@ko build ./$(CLI_PATH) --bare --platform=linux/amd64,linux/arm64,linux/s390x --tags=latest,$(IMAGE_TAG_DEV),$(IMAGE_TAG_LATEST_DEV)
##################################
ko-build-all: ko-build-initContainer ko-build-kyverno ko-build-cli
ko-build-all-amd64: ko-build-initContainer-amd64 ko-build-kyverno-amd64 ko-build-cli-amd64
Add Policy Report (#1229) * add report in cli * policy report crd added * policy report added * configmap added * added jobs * added jobs * bug fixed * added logic for cli * common function added * sub command added for policy report * subcommand added for report * common package changed * configmap added * added logic for kyverno cli * added logic for jobs * added logic for jobs * added logic for jobs * added logic for cli * buf fix * cli changes * count bug fix * docs added for command * go fmt * refactor codebase * remove policy controller for policyreport * policy report removed * bug fixes * bug fixes * added job trigger if needed * job deletation logic added * build failed fix * fixed e2e test * remove hard coded variables * packages adde * improvment added in jobs sheduler * policy report yaml added * cronjob added * small fixes * remove background sync * documentation added for report command * remove extra log * small improvement * tested policy report * revert hardcoded changes * changes for demo * demo changes * resource aggrigation added * More changes * More changes * - resolve PR comments; - refactor jobs controller * set rbac for jobs * add clean up in job controller * add short names * remove application scope for policyreport * move job controller to policyreport * add report logic in command apply * - update policy report types; - upgrade k8s library; - update code gen * temporarily comment out code to pass CI build * generate / update policyreport to cluster * add unit test for CLI report * add test for apply - generate policy report * fix unit test * - remove job controller; - remove in-memory configmap; - clean up kustomize manifest * remove dependency * add reportRequest / clusterReportRequest * clean up policy report * generate report request * update crd clusterReportRequest * - update json tag of report summary; - update definition manifests; - fix dclient creation * aggregate reportRequest into policy report * fix unit tests * - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report * remove * generate reportRequest in kyverno namespace * update resource filter in helm chart * - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest * generate policy report in background scan * skip generating report change request if there's entry results * fix results entry removal when policy / rule gets deleted * rename apiversion from policy.kubernetes.io to policy.k8s.io * update summary.* to lower case * move reportChangeRequest to kyverno.io/v1alpha1 * remove policy report flag * fix report update * clean up policy violation CRD * remove violation CRD from manifest * clean up policy violation code - remove pvGenerator * change severity fields to lower case * update import library * set report category Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com> Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-11-09 19:26:12 +00:00
##################################
# Create e2e Infrastructure
##################################
.PHONY: kind-e2e-cluster
kind-e2e-cluster: $(KIND) ## Create kind cluster for e2e tests
$(KIND) create cluster --image=$(KIND_IMAGE)
.PHONY: e2e-kustomize
e2e-kustomize: $(KUSTOMIZE) ## Build kustomize manifests for e2e tests
cd config && \
kustomize edit set image $(INITC_KIND_IMAGE):$(IMAGE_TAG_DEV) && \
kustomize edit set image $(KYVERNO_KIND_IMAGE):$(IMAGE_TAG_DEV)
kustomize build config/ -o config/install.yaml
.PHONY: create-e2e-infrastructure
create-e2e-infrastructure: ko-build-initContainer-local ko-build-kyverno-local e2e-kustomize ## Setup infrastructure for e2e tests
##################################
# Testing & Code-Coverage
##################################
CODE_COVERAGE_FILE:= coverage
CODE_COVERAGE_FILE_TXT := $(CODE_COVERAGE_FILE).txt
CODE_COVERAGE_FILE_HTML := $(CODE_COVERAGE_FILE).html
test: test-clean test-unit test-e2e ## Clean tests cache then run unit and e2e tests
test-clean: ## Clean tests cache
@echo " cleaning test cache"
go clean -testcache ./...
Feature/cosign (#2078) * add image verification * inline policy list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cosign version and dependencies updates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add registry initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate deep copy and other fixtures Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix deep copy issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * mutate images to add digest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add certificates to Kyverno container for HTTPS lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align flag syntax Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * patch image with digest and fix checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * hardcode image for demos Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add default registry (docker.io) before calling reference.Parse Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix definition Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase webhook timeout Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix args Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run gofmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename for clarity Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix HasImageVerify check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle API conflict and retry Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reviewdog issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix make for unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve error message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix durations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle errors in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * print policy name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add retries and duration to error log Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix time check in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * round creation times in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix retry loop Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove timing check for policy creation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix e2e error - policy not found Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update string comparison method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix test Generate_Namespace_Label_Actions Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add debug info for e2e tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generate bug Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for update operations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase time for deleteing a resource Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Shuting Zhao <shutting06@gmail.com>
2021-07-10 01:01:46 +00:00
.PHONY: test-cli
test-cli: test-cli-policies test-cli-local test-cli-local-mutate test-cli-local-generate test-cli-test-case-selector-flag test-cli-registry
.PHONY: test-cli-policies
test-cli-policies: cli
cmd/cli/kubectl-kyverno/kyverno test https://github.com/kyverno/policies/$(TEST_GIT_BRANCH)
.PHONY: test-cli-local
test-cli-local: cli
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test
.PHONY: test-cli-local-mutate
test-cli-local-mutate: cli
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test-mutate
.PHONY: test-cli-local-generate
test-cli-local-generate: cli
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test-generate
.PHONY: test-cli-test-case-selector-flag
test-cli-test-case-selector-flag: cli
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test --test-case-selector "policy=disallow-latest-tag, rule=require-image-tag, resource=test-require-image-tag-pass"
Feature/cosign (#2078) * add image verification * inline policy list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cosign version and dependencies updates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add registry initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate deep copy and other fixtures Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix deep copy issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * mutate images to add digest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add certificates to Kyverno container for HTTPS lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align flag syntax Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * patch image with digest and fix checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * hardcode image for demos Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add default registry (docker.io) before calling reference.Parse Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix definition Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase webhook timeout Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix args Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run gofmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename for clarity Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix HasImageVerify check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle API conflict and retry Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reviewdog issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix make for unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve error message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix durations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle errors in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * print policy name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add retries and duration to error log Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix time check in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * round creation times in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix retry loop Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove timing check for policy creation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix e2e error - policy not found Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update string comparison method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix test Generate_Namespace_Label_Actions Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add debug info for e2e tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generate bug Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for update operations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase time for deleteing a resource Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Shuting Zhao <shutting06@gmail.com>
2021-07-10 01:01:46 +00:00
.PHONY: test-cli-registry
test-cli-registry: cli
2022-05-01 21:20:22 +00:00
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/registry --registry
test-unit: $(GO_ACC) ## Run unit tests
@echo " running unit tests"
$(GO_ACC) ./... -o $(CODE_COVERAGE_FILE_TXT)
code-cov-report: ## Generate code coverage report
@echo " generating code coverage report"
GO111MODULE=on go test -v -coverprofile=coverage.out ./...
go tool cover -func=coverage.out -o $(CODE_COVERAGE_FILE_TXT)
go tool cover -html=coverage.out -o $(CODE_COVERAGE_FILE_HTML)
# Test E2E
test-e2e:
$(eval export E2E="ok")
2022-05-01 21:20:22 +00:00
go test ./test/e2e/verifyimages -v
go test ./test/e2e/metrics -v
go test ./test/e2e/mutate -v
go test ./test/e2e/generate -v
$(eval export E2E="")
test-e2e-local:
$(eval export E2E="ok")
kubectl apply -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/github/rbac.yaml
kubectl port-forward -n kyverno service/kyverno-svc-metrics 8000:8000 &
2022-05-01 21:20:22 +00:00
go test ./test/e2e/verifyimages -v
go test ./test/e2e/metrics -v
go test ./test/e2e/mutate -v
go test ./test/e2e/generate -v
kill $!
$(eval export E2E="")
Update kyverno-policies chart with latest pod-security policies (#3126) * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
2022-02-04 06:47:36 +00:00
helm-test-values:
sed -i -e "s|nameOverride:.*|nameOverride: kyverno|g" charts/kyverno/values.yaml
sed -i -e "s|fullnameOverride:.*|fullnameOverride: kyverno|g" charts/kyverno/values.yaml
sed -i -e "s|namespace:.*|namespace: kyverno|g" charts/kyverno/values.yaml
sed -i -e "s|tag: # replaced in e2e tests.*|tag: $(IMAGE_TAG_DEV)|" charts/kyverno/values.yaml
sed -i -e "s|repository: ghcr.io/kyverno/kyvernopre # init: replaced in e2e tests|repository: $(INITC_KIND_IMAGE)|" charts/kyverno/values.yaml
sed -i -e "s|repository: ghcr.io/kyverno/kyverno # kyverno: replaced in e2e tests|repository: $(KYVERNO_KIND_IMAGE)|" charts/kyverno/values.yaml
Update kyverno-policies chart with latest pod-security policies (#3126) * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
2022-02-04 06:47:36 +00:00
2020-06-05 20:42:53 +00:00
# godownloader create downloading script for kyverno-cli
godownloader:
2020-10-08 20:10:52 +00:00
godownloader .goreleaser.yml --repo kyverno/kyverno -o ./scripts/install-cli.sh --source="raw"
2020-06-05 20:42:53 +00:00
.PHONY: kustomize-crd
kustomize-crd: $(KUSTOMIZE) ## Create install.yaml
# Create CRD for helm deployment Helm
$(KUSTOMIZE) build ./config/release | kustomize cfg grep kind=CustomResourceDefinition | $(SED) -e "1i{{- if .Values.installCRDs }}" -e '$$a{{- end }}' > ./charts/kyverno/templates/crds.yaml
2020-06-05 20:44:47 +00:00
# Generate install.yaml that have all resources for kyverno
$(KUSTOMIZE) build ./config > ./config/install.yaml
2020-06-05 20:44:47 +00:00
# Generate install_debug.yaml that for developer testing
$(KUSTOMIZE) build ./config/debug > ./config/install_debug.yaml
# guidance https://github.com/kyverno/kyverno/wiki/Generate-a-Release
2020-11-29 08:37:36 +00:00
release:
$(KUSTOMIZE) build ./config > ./config/install.yaml
$(KUSTOMIZE) build ./config/release > ./config/release/install.yaml
release-notes:
@bash -c 'while IFS= read -r line ; do if [[ "$$line" == "## "* && "$$line" != "## $(VERSION)" ]]; then break ; fi; echo "$$line"; done < "CHANGELOG.md"' \
true
##################################
# CODEGEN
##################################
.PHONY: kyverno-crd
kyverno-crd: $(CONTROLLER_GEN) ## Generate Kyverno CRDs
$(CONTROLLER_GEN) crd paths=./api/kyverno/... crd:crdVersions=v1 output:dir=./config/crds
2020-11-13 03:48:39 +00:00
.PHONY: report-crd
report-crd: $(CONTROLLER_GEN) ## Generate policy reports CRDs
$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=./config/crds
Add Policy Report (#1229) * add report in cli * policy report crd added * policy report added * configmap added * added jobs * added jobs * bug fixed * added logic for cli * common function added * sub command added for policy report * subcommand added for report * common package changed * configmap added * added logic for kyverno cli * added logic for jobs * added logic for jobs * added logic for jobs * added logic for cli * buf fix * cli changes * count bug fix * docs added for command * go fmt * refactor codebase * remove policy controller for policyreport * policy report removed * bug fixes * bug fixes * added job trigger if needed * job deletation logic added * build failed fix * fixed e2e test * remove hard coded variables * packages adde * improvment added in jobs sheduler * policy report yaml added * cronjob added * small fixes * remove background sync * documentation added for report command * remove extra log * small improvement * tested policy report * revert hardcoded changes * changes for demo * demo changes * resource aggrigation added * More changes * More changes * - resolve PR comments; - refactor jobs controller * set rbac for jobs * add clean up in job controller * add short names * remove application scope for policyreport * move job controller to policyreport * add report logic in command apply * - update policy report types; - upgrade k8s library; - update code gen * temporarily comment out code to pass CI build * generate / update policyreport to cluster * add unit test for CLI report * add test for apply - generate policy report * fix unit test * - remove job controller; - remove in-memory configmap; - clean up kustomize manifest * remove dependency * add reportRequest / clusterReportRequest * clean up policy report * generate report request * update crd clusterReportRequest * - update json tag of report summary; - update definition manifests; - fix dclient creation * aggregate reportRequest into policy report * fix unit tests * - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report * remove * generate reportRequest in kyverno namespace * update resource filter in helm chart * - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest * generate policy report in background scan * skip generating report change request if there's entry results * fix results entry removal when policy / rule gets deleted * rename apiversion from policy.kubernetes.io to policy.k8s.io * update summary.* to lower case * move reportChangeRequest to kyverno.io/v1alpha1 * remove policy report flag * fix report update * clean up policy violation CRD * remove violation CRD from manifest * clean up policy violation code - remove pvGenerator * change severity fields to lower case * update import library * set report category Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com> Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-11-09 19:26:12 +00:00
.PHONY: deepcopy-autogen
deepcopy-autogen: $(CONTROLLER_GEN) $(GOIMPORTS) ## Generate deep copy code
$(CONTROLLER_GEN) object:headerFile="scripts/boilerplate.go.txt" paths="./..." && $(GOIMPORTS) -w ./api/
.PHONY: codegen
codegen: kyverno-crd report-crd deepcopy-autogen generate-api-docs gen-helm ## Update all generated code and docs
.PHONY: verify-api
verify-api: kyverno-crd report-crd deepcopy-autogen ## Check api is up to date
git --no-pager diff api
@echo 'If this test fails, it is because the git diff is non-empty after running "make codegen".'
@echo 'To correct this, locally run "make codegen", commit the changes, and re-run tests.'
git diff --quiet --exit-code api
.PHONY: verify-config
verify-config: kyverno-crd report-crd ## Check config is up to date
git --no-pager diff config
@echo 'If this test fails, it is because the git diff is non-empty after running "make codegen".'
@echo 'To correct this, locally run "make codegen", commit the changes, and re-run tests.'
git diff --quiet --exit-code config
.PHONY: verify-codegen
verify-codegen: verify-api verify-config verify-api-docs verify-helm ## Verify all generated code and docs are up to date
.PHONY: fmt
fmt: $(GOIMPORTS) ## Run go fmt
go fmt ./... && $(GOIMPORTS) -w ./
.PHONY: vet
vet: ## Run go vet
go vet ./...
##################################
# HELM
##################################
.PHONY: gen-helm-docs
gen-helm-docs: $(HELM_DOCS) ## Generate Helm docs
# @$(HELM_DOCS) -s file
@docker run -v ${PWD}:/work -w /work jnorwood/helm-docs:v1.6.0 -s file
.PHONY: gen-helm
gen-helm: gen-helm-docs kustomize-crd ## Generate Helm charts stuff
.PHONY: verify-helm
verify-helm: gen-helm ## Check Helm charts are up to date
git --no-pager diff charts
@echo 'If this test fails, it is because the git diff is non-empty after running "make gen-helm".'
@echo 'To correct this, locally run "make gen-helm", commit the changes, and re-run tests.'
git diff --quiet --exit-code charts
##################################
# HELP
##################################
.PHONY: help
help: ## Shows the available commands
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
.PHONY: kind-deploy
kind-deploy: ko-build-initContainer-local ko-build-kyverno-local
helm upgrade --install kyverno --namespace kyverno --wait --create-namespace ./charts/kyverno \
--set image.repository=$(KYVERNO_KIND_IMAGE) \
--set image.tag=$(IMAGE_TAG_DEV) \
--set initImage.repository=$(INITC_KIND_IMAGE) \
--set initImage.tag=$(IMAGE_TAG_DEV) \
--set extraArgs={--autogenInternals=true}
helm upgrade --install kyverno-policies --namespace kyverno --create-namespace ./charts/kyverno-policies