mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

refactor: makefile build targets (#4418)

Browse source 
* refactor: makefile

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: makefile build targets

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-08-26 09:23:04 +02:00 committed by GitHub
parent 95f3c0ea48
commit 9e49b25484
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 329 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/e2e-autogen-internals.yaml vendored
View file

@ -54,9 +54,6 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Install ko
uses: imjasonh/setup-ko@78eea08f10db87a7a23a666a4a6fe2734f2eeb8d #v0.5
- name: Create dev images, kind cluster and setup kustomize - name: Create dev images, kind cluster and setup kustomize
run: | run: |
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version }} export KIND_IMAGE=kindest/node:${{ matrix.k8s-version }}

3
.github/workflows/e2e.yaml vendored
View file

@ -52,9 +52,6 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Install ko
uses: imjasonh/setup-ko@78eea08f10db87a7a23a666a4a6fe2734f2eeb8d #v0.5
- name : Create dev images, kind cluster and setup kustomize - name : Create dev images, kind cluster and setup kustomize
run: | run: |
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version }} export KIND_IMAGE=kindest/node:${{ matrix.k8s-version }}

9
.github/workflows/image-build.yaml vendored
View file

@ -83,9 +83,6 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Install ko
uses: imjasonh/setup-ko@78eea08f10db87a7a23a666a4a6fe2734f2eeb8d #v0.5
- name: ko build - name: ko build
run: REGISTRY=ghcr.io/${{github.repository}} make ko-build-initContainer run: REGISTRY=ghcr.io/${{github.repository}} make ko-build-initContainer
@ -112,9 +109,6 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Install ko
uses: imjasonh/setup-ko@78eea08f10db87a7a23a666a4a6fe2734f2eeb8d #v0.5
- name: ko build - name: ko build
run: REGISTRY=ghcr.io/${{github.repository}} make ko-build-kyverno run: REGISTRY=ghcr.io/${{github.repository}} make ko-build-kyverno
@ -150,8 +144,5 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Install ko
uses: imjasonh/setup-ko@78eea08f10db87a7a23a666a4a6fe2734f2eeb8d #v0.5
- name: ko build - name: ko build
run: REGISTRY=ghcr.io/${{github.repository}} make ko-build-cli run: REGISTRY=ghcr.io/${{github.repository}} make ko-build-cli

3
.github/workflows/reuse.yaml vendored
View file

@ -55,9 +55,6 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Install ko
uses: imjasonh/setup-ko@78eea08f10db87a7a23a666a4a6fe2734f2eeb8d #v0.5
- name: Run Trivy vulnerability scanner in repo mode - name: Run Trivy vulnerability scanner in repo mode
if: ${{inputs.tag == 'release'}} if: ${{inputs.tag == 'release'}}
uses: aquasecurity/trivy-action@40c4ca9e7421287d0c5576712fdff370978f9c3c uses: aquasecurity/trivy-action@40c4ca9e7421287d0c5576712fdff370978f9c3c

300
Makefile
View file

@ -16,16 +16,11 @@ REPO=$(REGISTRY)/kyverno
IMAGE_TAG_LATEST_DEV=$(shell git describe --match "[0-9].[0-9]-dev*" | cut -d '-' -f-2) IMAGE_TAG_LATEST_DEV=$(shell git describe --match "[0-9].[0-9]-dev*" | cut -d '-' -f-2)
IMAGE_TAG_DEV=$(GIT_VERSION_DEV) IMAGE_TAG_DEV=$(GIT_VERSION_DEV)
IMAGE_TAG?=$(GIT_VERSION) IMAGE_TAG?=$(GIT_VERSION)
GOARCH ?= $(shell go env GOARCH)
GOOS ?= $(shell go env GOOS)
ifeq ($(GOOS), darwin) ifeq ($(GOOS), darwin)
SED=gsed SED=gsed
else else
SED=sed SED=sed
endif endif
PACKAGE ?=github.com/kyverno/kyverno
export LD_FLAGS = -s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)
export LD_FLAGS_DEV = -s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION_DEV) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)
K8S_VERSION ?= $(shell kubectl version --short | grep -i server | cut -d" " -f3 | cut -c2-) K8S_VERSION ?= $(shell kubectl version --short | grep -i server | cut -d" " -f3 | cut -c2-)
export K8S_VERSION export K8S_VERSION
TEST_GIT_BRANCH ?= main TEST_GIT_BRANCH ?= main
@ -86,6 +81,123 @@ install-tools: $(TOOLS) ## Install tools
clean-tools: ## Remove tools clean-tools: ## Remove tools
@rm -rf $(TOOLS_DIR) @rm -rf $(TOOLS_DIR)
#################
# BUILD (LOCAL) #
#################
CMD_DIR := ./cmd
KYVERNO_DIR := $(CMD_DIR)/kyverno
KYVERNOPRE_DIR := $(CMD_DIR)/initContainer
CLI_DIR := $(CMD_DIR)/cli/kubectl-kyverno
KYVERNO := $(KYVERNO_DIR)/kyverno
KYVERNOPRE := $(KYVERNOPRE_DIR)/kyvernopre
CLI := $(CLI_DIR)/kubectl-kyverno
PACKAGE ?= github.com/kyverno/kyverno
GOOS ?= $(shell go env GOOS)
GOARCH ?= $(shell go env GOARCH)
CGO_ENABLED ?= 0
LD_FLAGS = "-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)"
LD_FLAGS_DEV = "-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION_DEV) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)"
.PHONY: fmt
fmt: ## Run go fmt
go fmt ./...
.PHONY: vet
vet: ## Run go vet
go vet ./...
$(KYVERNO):
CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(KYVERNO) -ldflags=$(LD_FLAGS) $(KYVERNO_DIR)
$(KYVERNOPRE): fmt vet
CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(KYVERNOPRE) -ldflags=$(LD_FLAGS) $(KYVERNOPRE_DIR)
$(CLI): fmt vet
CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(CLI) -ldflags=$(LD_FLAGS) $(CLI_DIR)
.PHONY: build-kyverno
build-kyverno: fmt vet | $(KYVERNO) ## Build kyverno
.PHONY: build-kyvernopre
build-kyvernopre: $(KYVERNOPRE) ## Build kyvernopre
.PHONY: build-cli
build-cli: $(CLI) ## Build CLI
build-all: build-kyverno build-kyvernopre build-cli ## Build all
##############
# BUILD (KO) #
##############
INITC_KIND_IMAGE := kind.local/github.com/kyverno/kyverno/cmd/initcontainer
KYVERNO_KIND_IMAGE := kind.local/github.com/kyverno/kyverno/cmd/kyverno
INITC_IMAGE := kyvernopre
KO_PLATFORM := linux/amd64,linux/arm64,linux/s390x
REPO_KYVERNO := $(REPO)/kyverno
REPO_KYVERNOPRE := $(REPO)/kyvernopre
REPO_CLI := $(REPO)/kyverno-cli
.PHONY: ko-build-initContainer
ko-build-initContainer: $(KO)
@LD_FLAGS=$(LD_FLAGS) KO_DOCKER_REPO=$(REPO_KYVERNOPRE) $(KO) build $(KYVERNOPRE_DIR) --bare --tags=latest,$(IMAGE_TAG) --platform=$(KO_PLATFORM)
.PHONY: ko-build-kyverno
ko-build-kyverno: $(KO)
@LD_FLAGS=$(LD_FLAGS) KO_DOCKER_REPO=$(REPO_KYVERNO) $(KO) build $(KYVERNO_DIR) --bare --tags=latest,$(IMAGE_TAG) --platform=$(KO_PLATFORM)
.PHONY: ko-build-cli
ko-build-cli: $(KO)
@LD_FLAGS=$(LD_FLAGS) KO_DOCKER_REPO=$(REPO_CLI) $(KO) build $(CLI_DIR) --bare --tags=latest,$(IMAGE_TAG) --platform=$(KO_PLATFORM)
.PHONY: ko-build-initContainer-dev
ko-build-initContainer-dev: $(KO)
@LD_FLAGS=$(LD_FLAGS_DEV) KO_DOCKER_REPO=$(REPO_KYVERNOPRE) $(KO) build $(KYVERNOPRE_DIR) --bare --tags=latest,$(IMAGE_TAG_DEV) --platform=$(KO_PLATFORM)
.PHONY: ko-build-kyverno-dev
ko-build-kyverno-dev: $(KO)
@LD_FLAGS=$(LD_FLAGS_DEV) KO_DOCKER_REPO=$(REPO_KYVERNO) $(KO) build $(KYVERNO_DIR) --bare --tags=latest,$(IMAGE_TAG_DEV) --platform=$(KO_PLATFORM)
.PHONY: ko-build-cli-dev
ko-build-cli-dev: $(KO)
@LD_FLAGS=$(LD_FLAGS_DEV) KO_DOCKER_REPO=$(REPO_CLI) $(KO) build $(CLI_DIR) --bare --tags=latest,$(IMAGE_TAG_DEV) --platform=$(KO_PLATFORM)
.PHONY: ko-build-initContainer-local
ko-build-initContainer-local: $(KO)
@LD_FLAGS=$(LD_FLAGS_DEV) KO_DOCKER_REPO=kind.local $(KO) build $(KYVERNOPRE_DIR) --preserve-import-paths --tags=latest,$(IMAGE_TAG_DEV) --platform=linux/$(GOARCH)
.PHONY: ko-build-kyverno-local
ko-build-kyverno-local: $(KO)
@LD_FLAGS=$(LD_FLAGS_DEV) KO_DOCKER_REPO=kind.local $(KO) build $(KYVERNO_DIR) --preserve-import-paths --tags=latest,$(IMAGE_TAG_DEV) --platform=linux/$(GOARCH)
.PHONY: ko-build-cli-local
ko-build-cli-local: $(KO)
@LD_FLAGS=$(LD_FLAGS_DEV) KO_DOCKER_REPO=kind.local $(KO) build $(CLI_DIR) --preserve-import-paths --tags=latest,$(IMAGE_TAG_DEV) --platform=linux/$(GOARCH)
.PHONY: ko-build-all
ko-build-all: ko-build-initContainer ko-build-kyverno ko-build-cli
.PHONY: ko-build-all-dev
ko-build-all-dev: ko-build-initContainer-dev ko-build-kyverno-dev ko-build-cli-dev
.PHONY: ko-build-all-local
ko-build-all-local: ko-build-initContainer-local ko-build-kyverno-local ko-build-cli-local
# ko-build-initContainer-amd64: KO_DOCKER_REPO=$(REPO)/$(INITC_IMAGE)
# ko-build-initContainer-amd64: $(KO)
# @$(KO) build ./$(INITC_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
# ko-build-kyverno-amd64: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_IMAGE)
# ko-build-kyverno-amd64: $(KO)
# @$(KO) build ./$(KYVERNO_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
# ko-build-cli-amd64: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_CLI_IMAGE)
# ko-build-cli-amd64: $(KO)
# @$(KO) build ./$(CLI_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
# ko-build-all-amd64: ko-build-initContainer-amd64 ko-build-kyverno-amd64 ko-build-cli-amd64
################################## ##################################
# KYVERNO # KYVERNO
################################## ##################################
@ -104,64 +216,93 @@ KYVERNO_PATH:= cmd/kyverno
build: kyverno build: kyverno
PWD := $(CURDIR) PWD := $(CURDIR)
docker-buildx-builder:
if ! docker buildx ls | grep -q kyverno; then\
docker buildx create --name kyverno --use;\
fi
################################## ##################################
# INIT CONTAINER # INIT CONTAINER
################################## ##################################
INITC_PATH := cmd/initContainer INITC_PATH := cmd/initContainer
INITC_IMAGE := kyvernopre INITC_IMAGE := kyvernopre
initContainer: fmt vet
GOOS=$(GOOS) go build -o $(PWD)/$(INITC_PATH)/kyvernopre -ldflags="$(LD_FLAGS)" $(PWD)/$(INITC_PATH)
.PHONY: ko-build-initContainer .PHONY: docker-build-initContainer docker-push-initContainer
ko-build-initContainer: KO_DOCKER_REPO=$(REPO)/$(INITC_IMAGE) docker-build-initContainer: docker-buildx-builder
ko-build-initContainer: @docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
@ko build ./$(INITC_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64,linux/arm64,linux/s390x
ko-build-initContainer-amd64: KO_DOCKER_REPO=$(REPO)/$(INITC_IMAGE) docker-push-initContainer: docker-buildx-builder
ko-build-initContainer-amd64: @docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
@ko build ./$(INITC_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
ko-build-initContainer-local: KO_DOCKER_REPO=kind.local docker-get-initContainer-digest:
ko-build-initContainer-local: kind-e2e-cluster @docker buildx imagetools inspect --raw $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
@ko build ./$(INITC_PATH) --platform=linux/$(GOARCH) --tags=latest,$(IMAGE_TAG_DEV) --preserve-import-paths
INITC_KIND_IMAGE = kind.local/github.com/kyverno/kyverno/cmd/initcontainer
# TODO(jason): LD_FLAGS_DEV docker-build-initContainer-amd64:
ko-build-initContainer-dev: KO_DOCKER_REPO=$(REPO)/$(INITC_IMAGE) @docker build -f $(PWD)/$(INITC_PATH)/Dockerfile -t $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS) --build-arg TARGETPLATFORM="linux/amd64"
ko-build-initContainer-dev: @docker tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV) $(REPO)/$(INITC_IMAGE):latest
@ko build ./$(INITC_PATH) --bare --platform=linux/amd64,linux/arm64,linux/s390x --tags=latest,$(IMAGE_TAG_DEV),$(IMAGE_TAG_LATEST_DEV)
docker-build-initContainer-local:
CGO_ENABLED=0 GOOS=linux go build -o $(PWD)/$(INITC_PATH)/kyvernopre -ldflags=$(LD_FLAGS_DEV) $(PWD)/$(INITC_PATH)
@docker build -f $(PWD)/$(INITC_PATH)/localDockerfile -t $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV) $(PWD)/$(INITC_PATH)
@docker tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV) $(REPO)/$(INITC_IMAGE):latest
docker-publish-initContainer-dev: docker-buildx-builder docker-push-initContainer-dev
docker-build-initContainer-dev: docker-buildx-builder
@docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
@docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_LATEST_DEV)-latest . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
@docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):latest . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
docker-push-initContainer-dev: docker-buildx-builder
@docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
@docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_LATEST_DEV)-latest . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
@docker buildx build --file $(PWD)/$(INITC_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(INITC_IMAGE):latest . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
docker-get-initContainer-digest-dev:
@docker buildx imagetools inspect --raw $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
################################## ##################################
# KYVERNO CONTAINER # KYVERNO CONTAINER
################################## ##################################
.PHONY: ko-build-kyverno
KYVERNO_PATH := cmd/kyverno KYVERNO_PATH := cmd/kyverno
KYVERNO_IMAGE := kyverno KYVERNO_IMAGE := kyverno
kyverno: fmt vet local:
GOOS=$(GOOS) go build -o $(PWD)/$(KYVERNO_PATH)/kyverno -ldflags"$(LD_FLAGS)" $(PWD)/$(KYVERNO_PATH) go build -ldflags=$(LD_FLAGS) $(PWD)/$(KYVERNO_PATH)
go build -ldflags=$(LD_FLAGS) $(PWD)/$(CLI_PATH)
ko-build-kyverno: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_IMAGE) docker-publish-kyverno: docker-buildx-builder docker-build-kyverno docker-push-kyverno
ko-build-kyverno:
@ko build ./$(KYVERNO_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64,linux/arm64,linux/s390x
ko-build-kyverno-amd64: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_IMAGE) docker-build-kyverno: docker-buildx-builder
ko-build-kyverno-amd64: @docker buildx build --file $(PWD)/$(KYVERNO_PATH)/Dockerfile --progress plane --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
@ko build ./$(KYVERNO_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64
ko-build-kyverno-local: KO_DOCKER_REPO=kind.local docker-build-kyverno-local:
ko-build-kyverno-local: kind-e2e-cluster CGO_ENABLED=0 GOOS=linux go build -o $(PWD)/$(KYVERNO_PATH)/kyverno -ldflags=$(LD_FLAGS_DEV) $(PWD)/$(KYVERNO_PATH)
@ko build ./$(KYVERNO_PATH) --platform=linux/$(GOARCH) --tags=latest,$(IMAGE_TAG_DEV) --preserve-import-paths @docker build -f $(PWD)/$(KYVERNO_PATH)/localDockerfile -t $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) -t $(REPO)/$(KYVERNO_IMAGE):latest $(PWD)/$(KYVERNO_PATH)
@docker tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_LATEST_DEV)-latest
KYVERNO_KIND_IMAGE = kind.local/github.com/kyverno/kyverno/cmd/kyverno docker-build-kyverno-amd64:
@docker build -f $(PWD)/$(KYVERNO_PATH)/Dockerfile -t $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS) --build-arg TARGETPLATFORM="linux/amd64"
@docker tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) $(REPO)/$(KYVERNO_IMAGE):latest
# TODO(jason): LD_FLAGS_DEV docker-push-kyverno: docker-buildx-builder
ko-build-kyverno-dev: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_IMAGE) @docker buildx build --file $(PWD)/$(KYVERNO_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
ko-build-kyverno-dev:
@ko build ./$(KYVERNO_PATH) --bare --platform=linux/amd64,linux/arm64,linux/s390x --tags=latest,$(IMAGE_TAG_DEV),$(IMAGE_TAG_LATEST_DEV) docker-get-kyverno-digest:
@docker buildx imagetools inspect --raw $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
docker-publish-kyverno-dev: docker-buildx-builder docker-push-kyverno-dev
docker-push-kyverno-dev: docker-buildx-builder
@docker buildx build --file $(PWD)/$(KYVERNO_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
@docker buildx build --file $(PWD)/$(KYVERNO_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_LATEST_DEV)-latest . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
@docker buildx build --file $(PWD)/$(KYVERNO_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(KYVERNO_IMAGE):latest . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
docker-get-kyverno-digest-dev:
@docker buildx imagetools inspect --raw $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
################################## ##################################
# Generate Docs for types.go # Generate Docs for types.go
@ -185,34 +326,21 @@ verify-api-docs: generate-api-docs ## Check api reference docs are up to date
################################## ##################################
# CLI # CLI
################################## ##################################
.PHONY: ko-build-cli
CLI_PATH := cmd/cli/kubectl-kyverno CLI_PATH := cmd/cli/kubectl-kyverno
KYVERNO_CLI_IMAGE := kyverno-cli KYVERNO_CLI_IMAGE := kyverno-cli
cli: docker-publish-cli: docker-buildx-builder docker-build-cli docker-push-cli
GOOS=$(GOOS) go build -o $(PWD)/$(CLI_PATH)/kyverno -ldflags="$(LD_FLAGS)" $(PWD)/$(CLI_PATH)
ko-build-cli: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_CLI_IMAGE) docker-build-cli: docker-buildx-builder
ko-build-cli: @docker buildx build --file $(PWD)/$(CLI_PATH)/Dockerfile --progress plane --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(KYVERNO_CLI_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
@ko build ./$(CLI_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64,linux/arm64,linux/s390x
ko-build-cli-amd64: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_CLI_IMAGE) docker-build-cli-amd64:
ko-build-cli-amd64: @docker build -f $(PWD)/$(CLI_PATH)/Dockerfile -t $(REPO)/$(KYVERNO_CLI_IMAGE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS) --build-arg TARGETPLATFORM="linux/amd64"
@ko build ./$(CLI_PATH) --bare --tags=latest,$(IMAGE_TAG) --platform=linux/amd64 @docker tag $(REPO)/$(KYVERNO_CLI_IMAGE):$(IMAGE_TAG_DEV) $(REPO)/$(KYVERNO_CLI_IMAGE):latest
ko-build-cli-local: KO_DOCKER_REPO=ko.local docker-push-cli: docker-buildx-builder
ko-build-cli-local: @docker buildx build --file $(PWD)/$(CLI_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64,linux/s390x --tag $(REPO)/$(KYVERNO_CLI_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
@ko build ./$(CLI_PATH) --platform=linux/$(GOARCH) --tags=latest,$(IMAGE_TAG_DEV)
# TODO(jason): LD_FLAGS_DEV
ko-build-cli-dev: KO_DOCKER_REPO=$(REPO)/$(KYVERNO_CLI_IMAGE)
ko-build-cli-dev:
@ko build ./$(CLI_PATH) --bare --platform=linux/amd64,linux/arm64,linux/s390x --tags=latest,$(IMAGE_TAG_DEV),$(IMAGE_TAG_LATEST_DEV)
##################################
ko-build-all: ko-build-initContainer ko-build-kyverno ko-build-cli
ko-build-all-amd64: ko-build-initContainer-amd64 ko-build-kyverno-amd64 ko-build-cli-amd64
################################## ##################################
# Create e2e Infrastructure # Create e2e Infrastructure
@ -222,15 +350,24 @@ ko-build-all-amd64: ko-build-initContainer-amd64 ko-build-kyverno-amd64 ko-build
kind-e2e-cluster: $(KIND) ## Create kind cluster for e2e tests kind-e2e-cluster: $(KIND) ## Create kind cluster for e2e tests
$(KIND) create cluster --image=$(KIND_IMAGE) $(KIND) create cluster --image=$(KIND_IMAGE)
# TODO(eddycharly): $(REPO) is wrong, it is always ghcr.io/kyverno in the source
.PHONY: e2e-kustomize .PHONY: e2e-kustomize
e2e-kustomize: $(KUSTOMIZE) ## Build kustomize manifests for e2e tests e2e-kustomize: $(KUSTOMIZE) ## Build kustomize manifests for e2e tests
cd config && \ cd config && \
kustomize edit set image $(INITC_KIND_IMAGE):$(IMAGE_TAG_DEV) && \ $(KUSTOMIZE) edit set image $(REPO)/$(INITC_IMAGE)=$(INITC_KIND_IMAGE):$(IMAGE_TAG_DEV) && \
kustomize edit set image $(KYVERNO_KIND_IMAGE):$(IMAGE_TAG_DEV) $(KUSTOMIZE) edit set image $(REPO)/$(KYVERNO_IMAGE)=$(KYVERNO_KIND_IMAGE):$(IMAGE_TAG_DEV)
kustomize build config/ -o config/install.yaml $(KUSTOMIZE) build config/ -o config/install.yaml
# TODO(eddycharly): this is not going to work with docker
.PHONY: e2e-init-container
e2e-init-container: kind-e2e-cluster | ko-build-initContainer-local
# TODO(eddycharly): this is not going to work with docker
.PHONY: e2e-kyverno-container
e2e-kyverno-container: kind-e2e-cluster | ko-build-kyverno-local
.PHONY: create-e2e-infrastructure .PHONY: create-e2e-infrastructure
create-e2e-infrastructure: ko-build-initContainer-local ko-build-kyverno-local e2e-kustomize ## Setup infrastructure for e2e tests create-e2e-infrastructure: e2e-init-container e2e-kyverno-container e2e-kustomize | ## Setup infrastructure for e2e tests
################################## ##################################
# Testing & Code-Coverage # Testing & Code-Coverage
@ -250,28 +387,28 @@ test-clean: ## Clean tests cache
test-cli: test-cli-policies test-cli-local test-cli-local-mutate test-cli-local-generate test-cli-test-case-selector-flag test-cli-registry test-cli: test-cli-policies test-cli-local test-cli-local-mutate test-cli-local-generate test-cli-test-case-selector-flag test-cli-registry
.PHONY: test-cli-policies .PHONY: test-cli-policies
test-cli-policies: cli test-cli-policies: $(CLI)
cmd/cli/kubectl-kyverno/kyverno test https://github.com/kyverno/policies/$(TEST_GIT_BRANCH) @$(CLI) test https://github.com/kyverno/policies/$(TEST_GIT_BRANCH)
.PHONY: test-cli-local .PHONY: test-cli-local
test-cli-local: cli test-cli-local: $(CLI)
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test @$(CLI) test ./test/cli/test
.PHONY: test-cli-local-mutate .PHONY: test-cli-local-mutate
test-cli-local-mutate: cli test-cli-local-mutate: $(CLI)
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test-mutate @$(CLI) test ./test/cli/test-mutate
.PHONY: test-cli-local-generate .PHONY: test-cli-local-generate
test-cli-local-generate: cli test-cli-local-generate: $(CLI)
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test-generate @$(CLI) test ./test/cli/test-generate
.PHONY: test-cli-test-case-selector-flag .PHONY: test-cli-test-case-selector-flag
test-cli-test-case-selector-flag: cli test-cli-test-case-selector-flag: $(CLI)
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/test --test-case-selector "policy=disallow-latest-tag, rule=require-image-tag, resource=test-require-image-tag-pass" @$(CLI) test ./test/cli/test --test-case-selector "policy=disallow-latest-tag, rule=require-image-tag, resource=test-require-image-tag-pass"
.PHONY: test-cli-registry .PHONY: test-cli-registry
test-cli-registry: cli test-cli-registry: $(CLI)
cmd/cli/kubectl-kyverno/kyverno test ./test/cli/registry --registry @$(CLI) test ./test/cli/registry --registry
test-unit: $(GO_ACC) ## Run unit tests test-unit: $(GO_ACC) ## Run unit tests
@echo " running unit tests" @echo " running unit tests"
@ -369,14 +506,6 @@ verify-config: kyverno-crd report-crd ## Check config is up to date
.PHONY: verify-codegen .PHONY: verify-codegen
verify-codegen: verify-api verify-config verify-api-docs verify-helm ## Verify all generated code and docs are up to date verify-codegen: verify-api verify-config verify-api-docs verify-helm ## Verify all generated code and docs are up to date
.PHONY: fmt
fmt: $(GOIMPORTS) ## Run go fmt
go fmt ./... && $(GOIMPORTS) -w ./
.PHONY: vet
vet: ## Run go vet
go vet ./...
################################## ##################################
# HELM # HELM
################################## ##################################
@ -413,4 +542,3 @@ kind-deploy: ko-build-initContainer-local ko-build-kyverno-local
--set initImage.tag=$(IMAGE_TAG_DEV) \ --set initImage.tag=$(IMAGE_TAG_DEV) \
--set extraArgs={--autogenInternals=true} --set extraArgs={--autogenInternals=true}
helm upgrade --install kyverno-policies --namespace kyverno --create-namespace ./charts/kyverno-policies helm upgrade --install kyverno-policies --namespace kyverno --create-namespace ./charts/kyverno-policies

34
cmd/cli/kubectl-kyverno/Dockerfile Normal file
View file

@ -0,0 +1,34 @@
# Multi-stage docker build
# Build stage
FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base
WORKDIR /src
LABEL maintainer="Kyverno"
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx
FROM base AS builder
# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS
ARG TARGETPLATFORM
COPY --from=xx / /
RUN --mount=type=bind,target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/cli/kubectl-kyverno/
# Packaging stage
FROM ghcr.io/distroless/static:latest
LABEL maintainer="Kyverno"
COPY --from=builder /output/kyverno /
ENTRYPOINT ["/kyverno"]

35
cmd/initContainer/Dockerfile Normal file
View file

@ -0,0 +1,35 @@
# Multi-stage docker build
# Build stage
FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base
WORKDIR /src
LABEL maintainer="Kyverno"
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx
FROM base AS builder
# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS
ARG TARGETPLATFORM
COPY --from=xx / /
RUN --mount=type=bind,target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 xx-go build -o /output/kyvernopre -ldflags="${LD_FLAGS}" -v ./cmd/initContainer/
# Packaging stage
FROM ghcr.io/distroless/static:latest
LABEL maintainer="Kyverno"
COPY --from=builder /output/kyvernopre /
ENTRYPOINT ["/kyvernopre"]

4
cmd/initContainer/localDockerfile Normal file
View file

@ -0,0 +1,4 @@
FROM scratch
ADD kyvernopre /kyvernopre
USER 10001
ENTRYPOINT ["/kyvernopre"]

37
cmd/kyverno/Dockerfile Normal file
View file

@ -0,0 +1,37 @@
FROM --platform=${BUILDPLATFORM} golang:alpine AS certs
LABEL maintainer="Kyverno"
RUN apk add --no-cache ca-certificates
FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base
WORKDIR /src
LABEL maintainer="Kyverno"
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx
FROM base AS builder
# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS
ARG TARGETPLATFORM
COPY --from=xx / /
RUN --mount=type=bind,target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/kyverno/
# Packaging stage
FROM ghcr.io/distroless/static:latest
LABEL maintainer="Kyverno"
COPY --from=builder /output/kyverno /
ENTRYPOINT ["/kyverno"]

5
cmd/kyverno/localDockerfile Normal file
View file

@ -0,0 +1,5 @@
FROM golang:alpine
ADD kyverno /kyverno
RUN apk add --no-cache ca-certificates
USER 10001
ENTRYPOINT ["/kyverno"]