-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathMakefile
108 lines (90 loc) · 3.54 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
export GOROOT=$(shell go env GOROOT)
export GOFLAGS=
export GO111MODULE=on
ARTIFACT_DIR?=./tmp
CURPATH=$(PWD)
GOFLAGS?=
BIN_NAME=elasticsearch-proxy
IMAGE_REPOSITORY_NAME=quay.io/openshift/origin-${BIN_NAME}:latest
LOCAL_IMAGE_TAG=openshift/origin-${BIN_NAME}
MAIN_PKG=cmd/proxy/main.go
TARGET_DIR=$(CURPATH)/_output
TARGET=$(CURPATH)/bin/$(BIN_NAME)
BUILD_GOPATH=$(TARGET_DIR)
#inputs to 'run' which may need to change
TLS_CERTS_BASEDIR=_output
NAMESPACE ?= "openshift-logging"
ES_CERTS_DIR ?= ""
CACHE_EXPIRY ?= "5s"
PKGS=$(shell go list ./...)
TEST_OPTIONS?=
ELASTICSEARCH_NAME ?=elasticsearch
KUBERNETES_SERVICE_HOST ?= $(shell oc get svc kubernetes -n default -o jsonpath='{.spec.clusterIP}')
KUBERNETES_SERVICE_PORT ?= $(shell oc get svc kubernetes -n default -o jsonpath='{.spec.ports[?(@.name == "https")].port}')
all: build
artifactdir:
@mkdir -p $(ARTIFACT_DIR)
fmt:
@gofmt -l -w cmd && \
gofmt -l -w pkg
.PHONY: fmt
build: fmt
@mkdir -p $(TARGET_DIR)/src/$(APP_REPO)
go build $(LDFLAGS) -o $(TARGET) $(MAIN_PKG)
.PHONY: build
image:
podman build -f Dockerfile -t $(LOCAL_IMAGE_TAG) .
.PHONY: image
deploy-image: image
IMAGE_TAG=$(LOCAL_IMAGE_TAG) hack/deploy-image.sh
.PHONY: deploy-image
clean:
rm -rf $(TARGET_DIR)
rm -rf $(TLS_CERTS_BASEDIR)
.PHONY: clean
COVERAGE_DIR=$(ARTIFACT_DIR)/coverage
test: artifactdir
@mkdir -p $(COVERAGE_DIR)
@go test -race -coverprofile=$(COVERAGE_DIR)/test-unit.cov ./pkg/...
@go tool cover -html=$(COVERAGE_DIR)/test-unit.cov -o $(COVERAGE_DIR)/test-unit-coverage.html
@go tool cover -func=$(COVERAGE_DIR)/test-unit.cov | tail -n 1
.PHONY: test
copy-k8s-sa:
mkdir -p ${TLS_CERTS_BASEDIR} || true
oc -n ${NAMESPACE} get pod -l component=elasticsearch -o jsonpath={.items[0].metadata.name} > _output/espod && \
oc -n ${NAMESPACE} exec -c elasticsearch $$(cat _output/espod) -- cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt > _output/ca.crt && \
oc -n ${NAMESPACE} serviceaccounts get-token elasticsearch > _output/sa-token && \
echo ${NAMESPACE} > _output/namespace && \
sudo mkdir -p /var/run/secrets/kubernetes.io/serviceaccount/||: && \
sudo ln -sf $${PWD}/_output/ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt && \
sudo ln -sf $${PWD}/_output/sa-token /var/run/secrets/kubernetes.io/serviceaccount/token
.PHONY: copy-k8s-sa
copy-es-certs:
mkdir -p ${TLS_CERTS_BASEDIR} ||:
ifneq ($(ES_CERTS_DIR), "")
cp ${ES_CERTS_DIR}/kirk.pem ${TLS_CERTS_BASEDIR}/admin-cert
cp ${ES_CERTS_DIR}/kirk-key.pem ${TLS_CERTS_BASEDIR}/admin-key
cp ${ES_CERTS_DIR}/root-ca.pem ${TLS_CERTS_BASEDIR}/admin-ca
else
for n in ca cert key ; do \
oc -n ${NAMESPACE} extract secret/${ELASTICSEARCH_NAME} --keys=admin-$$n --to=${TLS_CERTS_BASEDIR} --confirm ; \
done
endif
.PHONY: copy-es-certs
run: copy-es-certs
KUBERNETES_SERVICE_HOST="${KUBERNETES_SERVICE_HOST}" \
KUBERNETES_SERVICE_PORT="${KUBERNETES_SERVICE_PORT}" \
LOG_LEVEL=trace go run ${MAIN_PKG} --listening-address=':60000' \
--tls-cert=$(TLS_CERTS_BASEDIR)/admin-cert \
--tls-key=$(TLS_CERTS_BASEDIR)/admin-key \
--upstream-ca=$(TLS_CERTS_BASEDIR)/admin-ca \
--cache-expiry=$(CACHE_EXPIRY) \
--auth-backend-role=sg_role_admin='{"namespace": "default", "verb": "view", "resource": "pods/metrics"}' \
--auth-backend-role=prometheus='{"verb": "get", "resource": "/metrics"}' \
--auth-backend-role=jaeger='{"verb": "get", "resource": "/jaeger", "resourceAPIGroup": "elasticsearch.jaegertracing.io"}' \
--cl-infra-role-name=sg_role_admin \
--ssl-insecure-skip-verify
.PHONY: run
lint:
@echo "No linting here anymore"
.PHONY: lint